SNMP, another way to monitor a network, is commonly used for router monitoring and frequently for router confiuration changes as well. SNMP uses a workstation as the point of entry and control for the Network Manager. In the Cisco environment, the router has an SNMP agent and a management information block (MIB). The MIB is a simple, hierarchical tree structure containing device information. The basic commands are the GET that retrieves information from an MIB and the SET that places data into an MIB variable. With SNMP, you also can gather statistics or configure the router. Gather statistics with get-request and get-next-request messages, and con.gure routers with set-request messages. You will need some software to communicate with your router. SNMP messages have a community string that is a cleartext password sent in every packet between a management station and the router, which has an SNMP agent. The SNMP community string is used to authenticate messages sent between the manager and agent. Brie.y, a community string is a password that identi.es a speci.c level of access for a device (either read-only or read-write). Only when the manager sends a message with the correct community string will the agent
respond.
Version 1 of SNMP, which is the most widely used, uses a very weak authentication scheme based on only the community string, which amounts to a fixed password transmitted over the network unencrypted. SNMP version 1 is ill-suited for use across the public Internet for the following reasons:
-It uses cleartext authentication ASCII strings that anyone can capture on a network. Most SNMP implementations send the authentication strings as part of their periodic polling.
-It sends all data in cleartext.
-It uses UDP as a transport and is dif.cult to .lter due to its connectionless state.
-It is an easily spoofable, datagram-based transaction protocol.
respond.
Version 1 of SNMP, which is the most widely used, uses a very weak authentication scheme based on only the community string, which amounts to a fixed password transmitted over the network unencrypted. SNMP version 1 is ill-suited for use across the public Internet for the following reasons:
-It uses cleartext authentication ASCII strings that anyone can capture on a network. Most SNMP implementations send the authentication strings as part of their periodic polling.
-It sends all data in cleartext.
-It uses UDP as a transport and is dif.cult to .lter due to its connectionless state.
-It is an easily spoofable, datagram-based transaction protocol.