| SNMPCfg Scanning |
|
|
|
| Written by Unknown | |
| Tuesday, 27 May 2008 | |
|
THIS TUTORIAL IS INTENDED FOR THEORETICAL USE ONLY, USE ON PRODUCTION SYSTEMS MAY VIOLATE YOUR ISP's TERMS OF SERVICE. THEORYSHARE TAKES NO RESPONSIBILITY FOR YOUR ACTIONS. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN
NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE. THIS SOFTWARE IS INTENDED FOR EDUCATIONAL USE ONLY AND MAY BE
ILLEGAL IF USED IMPROPORLY. USERS ASSUME FULL RESPONSIBILITY FOR THEIR
ACTIONS.
Ok first lets get started with identifying snmp admin's main functions.
Mass Get is the first button on the top left hand side of the application, and it is used to start the agent retrieving snmp data from the specified modems in your desired hfc ip range. This is the last step in using this program.
Export List is used to export the data you have retrieved. The information will be saved in html format and can later be manually opened and changed to a txt file.
Community Name is a security feature used by isps. It is a string that identifies modems in the isps snmp. While most of the strings are public some are also private and the absence of a string denotes disabling of snmp.
Object Identifier or its acronym OID is the value box where you can manually add identifiers that will pull unique information from your snmp scan. you may add as many as you like. Some oids wont work with certain modems and certain isps.
Add OID/Remove OID these are used to add and remove oid’s.
HFC IP Range is the address range of the scan you want to perform.
Add Range/Remove Range is the field where you can view the selected range, add more ranges, or remove ranges.
Port is the box value in which you will be sending requests. The default port is 161 and is the only port you should be using. (161 snmp agent/ 162 snmp traps)
Having covered a few basic options we can now start covering these options a little bit more in detail.
Now lets start by seeing if you have snmp access. You can do this many ways. One is to download you default config from your tftp server. The tutorial for this can be found here Configuration File Download Tutorial Once you have downloaded the config open it with DiFileCPE.exe.
This string would be your read community string:
This would be your write community string:
Also if you’re a Sigma user you can dump your modems table to find out your string:
Now that we know our community string lets go ahead and plug it in to snmp admin.
Ok community name plugged in now lets see if we can query some responses. First lets find out our hfc address. the best way to do this is download the application SBlog. Note this only works with surfboards. Goto the address’s tab and find your hfc ip. Now plug your hfc ip into the ip range in snmp admin. For example if 10.34.56.145 is your hfc then plug the address into the first field under ip range. Now, we are just running a test to see if we get responses so we are not going to do a full blown scan. Where just going to scan to one b address higher. Example: aaa.bbb.ccc.ddd 10.34.56.145> 10 is you’re a address, 34 is your b address, and etc. So we would want to plugin one b address higher than your hfc ip.
The highlighted would be the b address higher if you follow me. Now click Add Range. The default oids for down speed and config name should already be plugged in. If not: Config name=1.3.6.1.2.1.69.1.4.5.0 Max Downspeed=1.3.6.1.2.1.10.127.1.1.3.1.5.1 Now lets scan and see if we acquire any respones. Note: You can adjust the wait time to what ever you like the default is best. Your log box should begin filling up within a few minutes of your scan, but don’t fret if doesn’t, allow the program to finish scanning.
Now your screen may or may not look like this one due to the configuration files your isp uses. But the layout should remain similar depending on the order you added your oid’s. Now while we are talking about the order of adding oids, here is the quickest and easiest way to determine the fastest speeds on your network.
First find the oid list, add max down oid first. Then add max up oid. In snmp admin uncheck the limit ips box.
Now if your first attempt at scanning was successful, scan your whole hfc ip range which is 10.0.0.0-10.255.255.250. This may take a few days so be patient at the end of the programs scan you should have your whole networks configs categorized by their up and down speed. Now the reason why we only scanned for down and up and no filenames, mac addresses, and etc is because it takes longer to process that info, and while its running fast at first, the more information it compiles the slower it will become. plus this is a easy way to weed out files, especially on a dynamic config network. Now after you are done you can export the list. And grab the ips of the fastest configs and scan them individually. In order to do this you will need to enter the address in both address fields making it the only address scanned. You can now manually poll these address’s for more vital info such as mac address, serial number, tftp ip, config file, and just about any other info. Some oid require a short walk in order to determine a value, such as nic mac oid. It requires input from the modem in order to retrieve the value. It is 1.3.6.1.2.1.17.4.3.1.1.0. So you have to use the get next function which is not available in snmp admin. For more see the advanced tutorial. |
|
| Last Updated ( Wednesday, 18 June 2008 ) |
| < Prev | Next > |
|---|