SYS‐265 Network Management Lab - aljimenez28/champlain GitHub Wiki
Overview
In this lab, I configured Simple Network Management Protocol (SNMP) across multiple systems in the environment to understand how network monitoring works in practice. The lab involved enabling SNMP on a firewall (fw01), a Linux web server (web01), and a Windows Active Directory server (ad01), then querying those systems from a centralized monitoring host (nmon01). I also captured SNMP traffic to demonstrate the security weaknesses of SNMPv2c.
Systems Involved
- fw01 – pfSense firewall
- web01 – Linux web server
- ad01 – Windows Server Core (Active Directory)
- nmon01 – Linux SNMP monitoring system
- mgmt01 – Windows management workstation
Step 1: Configure SNMP on fw01 (pfSense)
SNMP was enabled through the pfSense web interface.
Key configuration points:
- SNMP daemon enabled
- Bound to the LAN interface only
- Read only community string configured
- System contact set to my name
SNMP was restarted by disabling and re enabling the SNMP service in the pfSense UI.
Step 2: Configure nmon01 (Monitoring Server)
The monitoring server required a static network configuration and DNS functionality.
Important commands used
ip a
ip route
nmcli device status
nmcli con mod ens18 ipv4.method manual ipv4.addresses 10.0.5.11/24 ipv4.gateway 10.0.5.1 ipv4.dns 10.0.5.5 ipv4.dns-search hermione.local
nmcli con down ens18
nmcli con up ens18
Additional setup:
- Hostname configured with
hostnamectl - Named sudo user created
- Root SSH disabled
- DNS tools installed with:
sudo yum install bind-utils
Step 3: Install and Test SNMP Client on nmon01
SNMP utilities were installed to allow querying other hosts
sudo yum install net-snmp-utils
snmpwalk -Os -c SYS265 -v2c fw01 system
This confirmed SNMP communication with the firewall
Step 4: Configure SNMP on web01
SNMP was installed and manually configured on the Linux web server.
Configuration steps
sudo yum install net-snmp net-snmp-utils
sudo cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak
sudo nano /etc/snmp/snmpd.conf
The configuration file was replaced with:
com2sec myNetwork 10.0.5.0/24 SYS265
group myROGroup v2c myNetwork
view all included .1 80
access myROGroup "" any noauth exact all none none
SNMP service and firewall:
sudo systemctl enable snmpd
sudo systemctl start snmpd
sudo firewall-cmd --add-service=snmp --permanent
sudo firewall-cmd --reload
Tested successfully from nmon01 using snmpwalk
Step 5: Install SNMP on AD01
Because ad01 is running Windows Server Core, SNMP was installed remotely from mgmt01 using Server Manager. *SNMP Service installed on AD01 *SNMP Tools installed on MGMT01 No GUI was available on ad01, which required remote management.
Step 6: Enable Remote Management on AD01
This was the most challenging part of the lab.
Problem Encountered
Initially, I attempted to fix the remote management issue by SSHing into ad01. This did not work because the issue was related to Windows remote management firewall rules, not shell access.
Solution
The correct approach was to use a remote PowerShell session from mgmt01.
Enter-PSSession AD01
Set-NetFirewallRule -DisplayGroup "Remote Event Log Management" -Enabled True
Exit-PSSession
Once this rule was enabled, Remote Computer Management and Event Viewer connections worked as expected.
Step 7: Query AD01 from nmon01
After SNMP was installed, ad01 was queried from the monitoring server.
snmpwalk -Os -c SYS265 -v2c ad01 system
snmpwalk -Os -c SYS265 -v2c ad01 | wc -l
Over 11,000 lines of SNMP data were returned, demonstrating how much system information is exposed through SNMP.
Step 8: Capture SNMP Traffic (Security Demonstration)
To demonstrate SNMP insecurity, packet capture was performed.
On web01
sudo tcpdump -i ens18 port 161 -c 10 -A
On nmon01
snmpwalk -Os -c SYS265 -v2c web01 system
The community string was visible in clear text within the packet capture.
Research Topics and Lessons Learned
1. SNMPv2c Security Weaknesses
I learned that SNMPv2c transmits community strings in clear text. Anyone with packet capture access can intercept credentials, making SNMPv2c unsuitable for untrusted networks.
2. Difference Between SSH and PowerShell Remoting
This lab highlighted the difference between logging into a system and enabling remote management. SSH does not configure Windows management access. PowerShell remoting is required for managing firewall rules and services remotely on Windows Server Core.
3. NetworkManager and DNS Persistence on Linux
Manually editing /etc/resolv.conf is not persistent when NetworkManager is running. Proper DNS configuration must be done through nmcli to survive reboots.