SIMPLE NETWORK MANAGEMENT PROTOCOLE

SNMP is a widely used product I networking and supported by a large number of network devices

In this lesson we will talk about SNMP , component of a SNMP system and SNMP work

SNMP
SNMP is a standard protocol for managing devices on the network.It allows network administration to
master and control devices remotely such as switches, routers and servers and to manage network
performance and security

SNMP system components

1. SNMP manager else known as network management station (NMS): sends and receives SNMP
messages to manage andn monitor devices on an ip network
- SNMP database and application used for network configuration, security, performance and
troubleshooting
- SNMP management devices : workstation, IP phones , printers , router , switches
- SNMP Agent: software that runs on the device and listens for SNMP message
- MIB(MANAGEMENT INFORMATION BASE) device internal management database

HOW DOES SNMP WORK

- The SNMP manager sends SNMP messages the agent

- The SNMP agent receives messages and processes it
if the message is a request for information the agent retrieves the requested data from MIB
If the message is a command , the agent executes the command on the device

SNMP OPERATION

There are 03 main operation used in SNMP

1. Manage Devices can simplify NMS

 2. THE NMS can ask the manager devices for information about their current status

C
3. The NMS can tell the manager devices to change aspects of their configuration
Windows server pass : Gokugoku2024
CHAPTER 2: NETWORK MANAGEMNT TOOLS

1. WIRESHARK
a. Definition: Wireshark is a free and open-source network protocol analyzer .
i. Its used to capture and analyze the data travelling back and forth on a network
ii. Wireshark provides a detailed view of a network traffic, making it an essential
tool for network administrator and security professionals
b. Packet Sniffing Structure - diagram
c. The packet analyser displays the contents of all fileds within a protected message in
order to do so, the packet analyser must understand the structure of all messages by
protocols
i. Why use wireshark ?
1. To trouble shoot network issues identify packets or unusual behavior
on your network
2. Security: used to detect and respond to network threats , including
intrusion and malwares
ii. Network optimization: Analyse network performance and optimize for better
speed and reliability
iii. Compliance: ensures your network address to security and regulatory standarda
d. Features of wireshark
i. Packet capture and analyses
ii. Protocol support : wireshark supports hundreds of protocols from ethernet to
http and
iii. Live capture or read from a saved capture file
iv. Power full display filter
v. Extensive packet detail . inspects each packet content
vi. Export data : save captures in various format
vii. Plugin support : extend wiresharks functionality
CHAPTER3: Network Performance Monitoring

1 Network Performance Metric(Latency, throughput. Packet loss)

i. Latency: The time taken for a data packet to travel from the source to the destination and
back and has unit is Measures in milliseconds
- Impact :
- Factor affecting latency:
o Physical distance between devices
o Network congestion and routing efficiency
o Quality and type of transmission medium (fibre optic Vs copper cable)
- Measurement Tools.
o Ping
o Traceroute
ii. Throughput: The actual range at which data is successfully transferred from one point to
another in an network over a specific period and has as unit bit per-second
a. Impact:
b. Factor affecting through put
i. Network bandwidth
ii. Network congestion and bottlenecks
iii. Packet less and retransmission
iv. Measurement Tools:
o. iperf used to measure the bandwidth

o. speed test measures upload and download throughput

ii. Packet Loss: The percentage of data packets thatare sent but never reach their
destination and is measured in percentage (%)

- impact:
o factors affecting packet loss:
 congestion in network
 faulty hardware and software
 data corruption
 Interference in wireless network
 Measurement Tools:
o Ping: Identifies dropped packet
o Network monitoring tools: wireshark, solarwinds, they provide detailed packet
analysis
- Interrelationship between Metrics(how one can affect the other)
o Latency and throughput : High latency can reduce throughput due to slower
acknowledgement
o Packet loss and throughput:
o Latency and packet loss
2. Network Performance Monitoring tools (MRTG, PRTG)
a. MRTG (MULTI ROUTER TRAFFIC GRAPTER)
i. Def: its an open source network monitoring tool that collects traffic data and
displays as a graphs in a web browser. It primarily use SNMP to gather the data
from network devices like renders and switches
ii. Features :
1. Track inbound and outbound traffic on network interface
2. Displays real-time and historical traffic data
iii. Customizable graph: Generates visual graph for traffic trreds over daily, weekly,
monthly and yearly intervals
iv. Lightweight: suitable for simple architecture , for smaller network or specific
device monitoring
b. PRTG (possible route traffic grapher)
i. PRTG is a comprehensive , all in one network monitoring solution designed for
real-time monitoring of devices , services and traffic. IT supports various
protocols, including SNMP, netflow , WMI and packet sniffing
ii. Features:
1. Realtime monitoring : monitor bandwidth device health and uptime
across your network
2. Advance sensor support: comes with predefined sensors for different
devices and applications(e.g HTTP, FTP, SQL)
3. Customized Dashboard: interdived dashboards with detailed charts and
reports
4. Alerting Sytem: sends alerts vial email , SMS or push notifications when
predefined tresholds are crossed
5. Distributed monitoring : scales across large , geographically distributed
network
iii. Comparison of MRTG and PRTG
tsble
iv.
CHAP4: Network security management

i. Definition: Network security management refers to the process and procedures used to protect a
computer network from unauthorized access, user, disclosure ,….., …… or distribution

ii. Network security threats

a. Internal Threats: insider threats , employer errors and physical breaches

b. External threats: Hacker attacks, malware, viruses and denial-of-servicw(DOS)
c. Environmental threats: naural disasters, power outage, and equipment failure
iii. Network security controls

They are measures implemented to protect, detect and respond to security threats

a. Firewalls network device that control incoming and outgoing network traffic
b. Intrusion detection system (IDS) it’s a system that monitors network traffic for signs of
unauthorized access
c. Encryption techniques used to protect data confidenciality and integrity
d. Access control list (ACL) it’s a list that defines permissions for network resources
e. Virtual Private Network (VPN) Network that uses encryption and other security
measures to protect data transmitted over the internet
iv. Network security management processes

Effective network security management

i. Risk assessment : Identifying potential security threats and vulnerabilities

ii. Security policy development : creating policies and procedures for network
security management
iii. Implementation and configuration : implementing and configuring security
controls and systems
iv. Monitoring and incident response : continuously monitoring the network for
security incidents and
v. Training and awareness : Educating users about network security

PRACTICAL
CHAP: NETWORK TROUBLESHOOTING
Effective network troubleshooting involves understanding networking methodologies, leveraging and applying
problem-solving techniques to identify and resolve issues

1 Network Troubleshooting methodology :

a. TCP/IP Model:
Troubleshooting steps:
- Application layer: verify if the application or service is running properly
- Transport Layer: Check TCP/UDP ports using tools like telnet or netstate
- *(diff between TCP and UDP)
- Internet layer: ensure ip addressing , subnet mask and routing are correct
- Network Access layer: validate physical connectivity and link layer protocol like ethernet
b. OSI MODEL:
Troubleshooting approach: start from bottom(physical layer) and work upward or vice versa
- Physical Layer: check cables, port , and hardware connectivity
- Data link layer : Inspect switching MAC ADDRESSES and VLANS
- Network Layer: Verify routing , ip addressing and subnet configurations
- Transport layer: Test TCP/UDP connection
- Session layer:/ Presentation / application: analyze protocols encryption and software configuration

NETWORK TROUBLESHOOTING TOOLS

a. Ping: Used to test connectivity between two devices it sends ICMP echo request and listens for
echo replies
b. Traceroute (or tracer on windows) : used to Identify the path packet take to reach its destination
c. It sends packets with varying TTL (Time To Live) to map each hop (traceroute www.google.com)
d. Nslookup : use to diagnose DNS-related issues by querying DNS server, it resolves domain name
to IP address or vice versa (nslookup www.google.com)
e. Other Tools:
- Netstat: displays network connection and listening port
- Wireshark: captures and analysis network packets
- Ipconfig / Ifconfig: : view and configure ip settings
- NMAP: scans for open ports and network devices

III. Network problem-solving Technologies

a. Identify the and define the problem

b. Isolate the problem
c. Test hypothesis
d. Implement solution
e. Document and present

CHAP: configuration Management

Network configuration management (NCM) involves the process of monitoring , organizing and updating
the configuration of network devices to ensure consistent performance and security
 a. Network Configuration Management Models
- Centralize communication management (CCM):
o A single centralized system manages and applies configuration to all network devices
o Advantages
 Simplifies management by centralizing control
 Ensure consistency across devices
 Speed up deployment and update
o Disadvantages
 Single point of failure
 Require robust security to prevent unauthorized changes
- Distributed Configuration Management(DCM)
o Configurations are distributed and managed at a device or local level
o Advantages:
 Reduces reliance on a central system
 Offers localized central for specific devices or segments
o Disadvantages:
 Mere complex to maintain consistency across the network
 Increases administrative over head of large-scale network

II- NETWORK CONFIGURATION MANAGEMENT TOOLS

a. Ansible: powerful open source configuration tool used for configuration management
provisioning and orchosition
- Features
o Uses ssh for communication with devices
o Scales easily across devices and platform

Example: Automating vlan configuration on switches

b. Puppet: A configuration management tool designed for infrastructure automation

Example: Managing firewall rules across devices

c. Other Tools:
- Chef : Ruby-bases automation tool for infrastructure management
d. Terraform:
- Focused on infrastructure as code (IAC) and provisioning
e. Solarwinds NCM : A commercial tool tailored for network configuration

III NETWORK CHANGE MANAGEMENT AND VERSION CONTROL

a. Network Change Management

i. Definition: A structured process to ensure changes to network configuration are
planned , tested and approved before implementation
ii. Steps:
1. Request: Submit a change request (CR) with details about the proposal
modification
2. Access : Evaluate the impact , risks and benefits of the change
 3. Approve : Obtain approval from relevant stakeholders
4. Implement: Execute the change in controlled environment
5. Review: validate the success of the change and document lessons
learned
b. Version control
i. Definition: Maintaining a history of configuration changes to track revision and
allow rollback if needed
ii. Tools: - Git, -RANCID(Really Awesome New Cisco configuration Differ)
iii. Best practices for version control
1. Commit changes frequently with description messages
2. Test changes in a lab or staging environment before applying them in
production
3. Use automated backup to prevent less of configuration data