SYS‐265 Network Management Lab - aljimenez28/champlain GitHub Wiki

Overview

In this lab, I configured Simple Network Management Protocol (SNMP) across multiple systems in the environment to understand how network monitoring works in practice. The lab involved enabling SNMP on a firewall (fw01), a Linux web server (web01), and a Windows Active Directory server (ad01), then querying those systems from a centralized monitoring host (nmon01). I also captured SNMP traffic to demonstrate the security weaknesses of SNMPv2c.

Systems Involved

  • fw01 – pfSense firewall
  • web01 – Linux web server
  • ad01 – Windows Server Core (Active Directory)
  • nmon01 – Linux SNMP monitoring system
  • mgmt01 – Windows management workstation

Step 1: Configure SNMP on fw01 (pfSense)

SNMP was enabled through the pfSense web interface.

Key configuration points:

  • SNMP daemon enabled
  • Bound to the LAN interface only
  • Read only community string configured
  • System contact set to my name

SNMP was restarted by disabling and re enabling the SNMP service in the pfSense UI.

Step 2: Configure nmon01 (Monitoring Server)

The monitoring server required a static network configuration and DNS functionality.

Important commands used

ip a
ip route
nmcli device status
nmcli con mod ens18 ipv4.method manual ipv4.addresses 10.0.5.11/24 ipv4.gateway 10.0.5.1 ipv4.dns 10.0.5.5 ipv4.dns-search hermione.local
nmcli con down ens18
nmcli con up ens18

Additional setup:

  • Hostname configured with hostnamectl
  • Named sudo user created
  • Root SSH disabled
  • DNS tools installed with:
sudo yum install bind-utils

Step 3: Install and Test SNMP Client on nmon01

SNMP utilities were installed to allow querying other hosts

sudo yum install net-snmp-utils
snmpwalk -Os -c SYS265 -v2c fw01 system

This confirmed SNMP communication with the firewall

Step 4: Configure SNMP on web01

SNMP was installed and manually configured on the Linux web server.

Configuration steps

sudo yum install net-snmp net-snmp-utils
sudo cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak
sudo nano /etc/snmp/snmpd.conf

The configuration file was replaced with:

com2sec myNetwork 10.0.5.0/24 SYS265
group myROGroup v2c myNetwork
view all included .1 80
access myROGroup "" any noauth exact all none none

SNMP service and firewall:

sudo systemctl enable snmpd
sudo systemctl start snmpd
sudo firewall-cmd --add-service=snmp --permanent
sudo firewall-cmd --reload

Tested successfully from nmon01 using snmpwalk

Step 5: Install SNMP on AD01

Because ad01 is running Windows Server Core, SNMP was installed remotely from mgmt01 using Server Manager. *SNMP Service installed on AD01 *SNMP Tools installed on MGMT01 No GUI was available on ad01, which required remote management.

Step 6: Enable Remote Management on AD01

This was the most challenging part of the lab.

Problem Encountered

Initially, I attempted to fix the remote management issue by SSHing into ad01. This did not work because the issue was related to Windows remote management firewall rules, not shell access.

Solution

The correct approach was to use a remote PowerShell session from mgmt01.

Enter-PSSession AD01
Set-NetFirewallRule -DisplayGroup "Remote Event Log Management" -Enabled True
Exit-PSSession

Once this rule was enabled, Remote Computer Management and Event Viewer connections worked as expected.

Step 7: Query AD01 from nmon01

After SNMP was installed, ad01 was queried from the monitoring server.

snmpwalk -Os -c SYS265 -v2c ad01 system
snmpwalk -Os -c SYS265 -v2c ad01 | wc -l

Over 11,000 lines of SNMP data were returned, demonstrating how much system information is exposed through SNMP.

Step 8: Capture SNMP Traffic (Security Demonstration)

To demonstrate SNMP insecurity, packet capture was performed.

On web01

sudo tcpdump -i ens18 port 161 -c 10 -A

On nmon01

snmpwalk -Os -c SYS265 -v2c web01 system

The community string was visible in clear text within the packet capture.

Research Topics and Lessons Learned

1. SNMPv2c Security Weaknesses

I learned that SNMPv2c transmits community strings in clear text. Anyone with packet capture access can intercept credentials, making SNMPv2c unsuitable for untrusted networks.

2. Difference Between SSH and PowerShell Remoting

This lab highlighted the difference between logging into a system and enabling remote management. SSH does not configure Windows management access. PowerShell remoting is required for managing firewall rules and services remotely on Windows Server Core.

3. NetworkManager and DNS Persistence on Linux

Manually editing /etc/resolv.conf is not persistent when NetworkManager is running. Proper DNS configuration must be done through nmcli to survive reboots.