Question No 1 What updates have been brought by snmpv2 to SN

Question No. 1

What updates have been brought by snmpv2 to SNMPv1communication architecture?[2 marks]

Question No. 2

How SNMPv3 enhances security compared to SNMPv2?[2 marks]

Question No. 3

A) Define RMON [1 mark]

B) What are the benefits ofRMON ?[1 mark]

Question No. 4

As a network manager, you are responsible for the operation of a network. You notice heavy traffic in a host that is on a TCP/IP network and want to find out the details:

A) What basic network monitoring tool(s) would you use?[1 mark]

B) What would you look for in your results?[1 mark]

Question No. 5

What is the difference between nslookup& dig?[1 marks]

Question No. 6

Install wireshark and capture IP packets on your Ethernet interface.

a) Put a screenshot of IP packets captured on your device. [1 marks]

b) Analyze their headers and contents. [2 marks] (1 mark bonus for analysis)

Solution

Please follow the data and description :

1)

SNMPv2 over SMNPv1 :

It is a revised or an updated version of the Simple Network Management Protocol (SNMPv1). It contains the improvements in the performance wise, confidentiality, security issues, and even for the communications between the security managers. This is generally a party-based security system that is very complex to be used or impelemented, though.

It uses the standards of RFC-1441,1452 RFC-1909.1910 RFC- 1901 to 1908 whereas teh SNMPv1 uses the RFC-1155.1157.1212 standards.

There are New protocol operations GetBulk and Inform that has been introduced in the present version.

It also accepts for Seven messages instead of five (inform-request, get-bulk-request).

2)

SNMPv3 is an interoperable standards-based protocol defined in RFCs 2273 to 2275. SNMPv3 provides secure access to devices by a combination of authenticating and encrypting packets over the network. The security features provided in SNMPv3 are as follows:

Message integrity : Ensuring that a packet has not been tampered with in transit.
Authentication : Determining that the message is from a valid source.
Encryption : Scrambling the contents of a packet prevent it from being learned by an unauthorized source.

3)

a) RMON :

Remote Monitoring (RMON) is a standard specification that generally facilitates the monitoring of the network operational activities through the use of remote devices clearly known as the monitors or probes. RMON assists network administrators abbrevated as NA with efficient network infrastructure control and management.

b) Benefits of RMON :

1) Improved efficiency :

With the use of RMON probes this allows the user to remain constant at a one workstation and collect the relative information from a widely dispersed LAN. This clearly means that the time taken to reach a problem site, set up equipment, and begin collecting information is largely eliminated comparitively.

2) Reduction in the traffic load :

In general the traditional network and the management involves a peculiar and hte particular management for the workstation polling network devices at regular intervals to gather the data or the statistics and identify the problems of the network. As network sizes and traffic levels grow, this approach places a strain on the management workstation and also generates large amounts of traffic.

3) Proactive management :

RMON probes deliver the relative information before the problems occur. This means that the user can take the necessary and the related action before they cretae an impact on the network users. On the other hand, the probes record the behavior of the user network, so that one can analyze the causes of problems.

4)

a) The most useful tool is tcpdump, which can be used to analyze the packets across each interface.

b) In the results we generally look for the source and destination hosts, incoming or outgoing traffic, and the type of the protocols that are used. The data could be filtered to yield the information on the source and destination hosts and the protocols. Various expressions of filtering could be used to probe into as much detail as to identify the culprit or the source that is causing the traffic.

5)

As the basic difference the dig uses the OS resolver libraries and that the nslookup uses is own internal ones. The Dig command is a Linux utility, that needs to be compiled to run in windows system. This provides more details, and the more advanced domain information. Whereas the nslookup command is for the Windows and Unix based systems. This just provides the basic information for the name queries.

Hope this is helpful.