Network Management - devinziegler/Devin-Tech-Journal GitHub Wiki

Network Management Lab

This lab I used SNMP services on my firewall, webserver, and active directory server. I also configured a new system called nmon1 or network monitor. Starting with the firewall, in this case pfsense go through the web portal to enable SNMP Daemon and its controls. Because we want to manage traffic inside our network the LAN interface is selected. Another important thing is Community String. In this case we use the community string SYS265.

Installing SNMP

This will go over the installation process of SNMP on a centos7 machine. To install the package, run the following command:

yum install net-snmp-utils

Here is an example command that we used in the lab:

snmpwalk -Os -c SYS265 -v2c fw01-devin system

The -Os flag in this command shows the last symbolic element of an OID. The -c flag sets the community string. The -v flag sets the SNMP version that you want to use. Finally, hostname is added, in this case my web server. The system flag will retrieve all of the variables under system. When installing SNMP server, a second package is needed. This package is called net-snmp. The default path of the config is listed here:

/etc/snmp/snmpd.conf

Make sure to make backups of any configs that you want to change. This can be done by copying the config to a directory where you store backup files. In the lab we used this config on the SNMP server:

com2sec myNetwork 10.0.5.0/24 SYS265
group MyROGrounp v2c myNetwork
view all included .1 80
access myROGroup "" any noauth exact all none none

When installing SNMP on a windows system, the feature can be found in the add features section in the server manager. More information can be found here about SNMP service for windows. The SNMP service will be installed on ad01 but managed on mgmt01 so we will need to install the SNMP tools on the management system.

Allowing Remote Management:

When using a server manager, systems that are being managed need to be configured to do so. Run this command on the client system (this can be done through server manager selecting the server and opening a PS window):

Set-NetFirewallRule -DisplayGroup "Remote Event Log Management" -Enabled True

Working With TCP Dump

tcpdump is a packet capturing tool for the command line. In the example of our lab, we are capturing the packets sent from SNMP to the web server. This is the command we used:

tcpdump -i ens192 port 161 -c10 -AAA

Breaking down this command, the -i flag is setting the network interface, in this example ens192. The port is set to 161 because that is the port that SNMP uses. -c10 is used to define the amount of packets captured. Finally, we want to dump packets in ASCII format. This was a new cmd line application for me so I did some research on the basic functionality. The following command is used to print interfaces on your system:

tcpdump -d

To capture all packets on an interface, this command can be used:

tcpdump --interface any

Like used in the example command, the -c flag is used to limit the number of packets captured. This program will capture packets until it receives an interrupt signal. For later reference, here are two informative sources on tcpdump:

• Introduction to using tcpdump
• tcpdump man page