What is SNMP Enumeration? | Working of SNMP | Tools — Exploitbyte

SNMP(Simple Network Management Protocol) Enumeration id process of enumerating user accounts and devices on a target system using SNMP

This section describes SNMP enumeration, information extracted via SNMP enumeration, and various SNMP enumeration tools used to enumerate user accounts and devices on a target system. SNMP is an application layer protocol that runs on UDP and maintains and manages routers, hubs, and switches on an IP network. SNMP agents run on windows and Unix networks on networking devices.

SNMP Enumeration is the process of creating a list of the user’s accounts and devices on a target computer using SNMP. SNMP employs two types of software components for communication. They are the SNMP agent and SNMP management station. The SNMP agent is located on the networking device, and the SNMP management station communicates with the agent.

Almost all the network infrastructure devices such as routers, etc. contain an SNMP agent for managing the system or devices. The SNMP management station sends request to the agent; after recieving the request, the agent replies. Both requests and replies are the configuration variables accessible by the agent software. SNMP Management stations send requests to set values to some variables. Traps let the management station know if anything has happened at the agent’s side, such as a reboot, interface failure, or any other abnormal event.

SNMP contains two passwords that for configuring and accessing the SNMP agent from the management station. The two SNMP passwords are:

• Read Community String :- Configuring of the device or system can be viewed with help of this password. These strings are public.
• Read/Write Community String :- Configuration on the device can be changed or edited using this password. These strings are private.

When administrators leave the community strings at the default setting, attacker can use these default community strings (passwords) for changing or viewing the configuration of the device or system. Attackers enumerate SNMP to extract information about network resources such as hosts, routers, devices, shares, etc, and network information such as ARP tables, routing tables, device specific, and traffic stastitics.

Commonly used SNMP Enumeration tools include SNMPUTIL ( http://www.wtcs.org) and IP Network Browser ( https://solarwinds.com)

Working Of SNMP

SNMP uses a disturbed architechture comprising SNMP managers, SNMP agents, and Several related components. Commands associated with SNMP include:

• GetRequest :- Used by the SNMP manager to request information from the SNMP Agent.
• GetNextRequest :- Used by the SNMP manager continuosly to retrieve all the data stored in the array or table.
• GetResponse :- Used by the SNMP agent to satisfy a request made by the SNMP manager.
• SetRequest :- used by the SNMP manager to motify the value of a parameter within the SNMP agent’s Management Information Base (MIB).
• Trap :- Used by the SNMP agent to inform the pre-configured SNMP manager of a certain event.

Given Below is the Communication Process between the SNMP Manager and the SNMP agnet :

• The SNMP manager (HOSTx, 10.10.2.1) uses the GetRequest command to send a request for the number of active sessions to the SNMP agent (HOSTy,10.10.2.15). To perform this step, the SNMP manager uses the SNMP service libraries such as Microsoft SNMP Management API Library (Mgmtapi.dil) or Microsoft WinSNMP API library (Wsnmp32.dil).
• The SNMP agent (HOST Y) recieves the message and verifies if the community string is present on its MIB, checks the request against its list of process permissions for that community, and verifies the source IP address.
• If the SNMP agent does not find the community string or access permission in the Host Y’s MIB database and the SNMP service is set to send an authentication trap, it sends an authentication failure trap to the specified trap destination, Host Z.
• The master agent component of the SNMP agent calls the appropriate extension agent to retrieve the requested session information from the MIB.
• Using the session information that it retrieved from the extension agent, the SNMP service forms a return SNMP message that contains the number of acitve sessions and the destination IP Address (10.10.2.1) of the SNMP Manager, Host X.
• Host Y sends the response to Host X.

MIB (Management Information Base)

MIB is a virtual database containing formal description of all the network objects that can be managed using SNMP.

The MIB database is hierarchical and each managed object in a MIB is Addressed through Object Identifiers (OIDs)

Two types of managed objects exist:

• Scalar Objects that define a single object instance.
• Tabular Objects that define a multiple related object instances are grouped in MIB tables.

OID includes the type of MIB object such as counter, string, or address; access level such as not-accessible, accessible-for-notify, read only, or read-write; size restrictions; and range information.

SNMP uses the MIB’s hierarchical namespace contaning Object Identifiers (OIDs) to translate the OID numbers into a human-readable display.

SNMP Enumeration Tools

SNMP Enumeration tools are used to scan a single IP address or a range of IP addresses of SNMP enabled network devices in order to monitor, diagnose, and troubleshoot security threats.

OpUtils

Source : https://www.manageengine.com

OpUtils is switch port and IP address management software. It contains a collection of tools that network engineers can use to monitor, diagnose, and troubleshoot networking issues. Using OpUtils one can manage IP address, map switch ports, detect rogue devices, monitor bandwidth usage, monitor DHCP server, backup Cisco confi files, view SNMP traps sent from network devices, get MAC IP list, troubleshoot the network, etc.

Features:

• IP Address Management — Scan IPv4 & IPv6 subnets in the network to identify the available and used IP addresses.
• Switch Port Management — Scan all the switches in your network and map the switch ports to devices down to its physical location.
• Detect Rogue Devices — Identify the rogue device intrusions and block their access.
• Network Tools — Monitor the critical servers in the network for availability and alert for immediate attention.

I hope you get useful information there if you think anything to improve in this article you can comment below or if you need any help we will help you soon. If you are interested to learn hacking you can check here.

Originally published at https://exploitbyte.com on April 21, 2020.