Author: Vivek Rajagopalan

We recently updated the Cisco MIB package ZIP file for Unbrowse SNMP. You can download it for free here. (28.9 MB). The new MIB package contains all the latest MIBs released by Cisco on their public website.  This package contains 1024 MIB Modules, and over 68,000 unique objects.

In only two steps you can get Unbrowse SNMP completely up to speed on every Cisco model network equipment.

Step 1 : Download the MIB Package from here. It is a 28.9MB download and requires about 200MB of free hard drive space.

Step 2 : Select “Repository -> Import MIB Package” from the Unbrowse SNMP main menu. Choose the downloaded package file (named AllCisco.zip). Click OK. Wait for about 6-7 minutes for it to install.

Thats it! Now you dont have to worry about missing MIBs or OIDs for any Cisco equipment.

Why must I install these MIBs ?

If you are using Unbrowse SNMP without installing any MIBs, then you can still access all its functionality such as the trap receiver, MIB walker, etc. The only problem is you will see OIDs (numbers like .1.3.6.1.4 or enterprises.cisco.1.45) instead of names.

A SNMP tool is only as smart as the number of MIBs you install into and and how up-to-date they are.

 

Before adding MIBs

Lets see how the passive SNMP Trap Receiver behaves without adding in any extra MIBs other than those that ship with Unbrowse SNMP.

Click on the thumbnail for the screenshot.

Image : Trap Receiver without the required Cisco MIBs

You can see that the trap names are shown as “enterprises.9.9.43.2.0.1”. You can also see that the enumerations and other variables are also not interpreted.

After adding MIBs

If you add in the Cisco MIBs using the package or by compiling them individually, you will get an enhanced trap receiver functionality.

Click on the the thumbnail for the screenshot

Now, you can see that the traps are labelled accurately as “ciscoConfigManEvent” and the variables and enumerations are also described clearly as “(1) commandLine” etc.

PS: We also have MIB Packages for other popular vendors such as Juniper Networks, Motorola Canopy Wireless, and more. Please check our main MIB Packages page for more.

[tags] Cisco MIBs, SNMP MIB Packages, SNMP Trap Receiver, Unbrowse SNMP [/tags]

 

Thanks to Richard Bejtlich of Tao Security, I came across the LBL-ICSI Enterprise Tracing project.

 

One of its key features of the upcoming Unsniff 1.5 release is a real-time, completely customizable traffic dashboard. We will run the LBL traces past Unsniff and post the results on this blog shortly. The first one should appear soon.

Meanwhile, here is something I learned working with some live data at a clients site recently.

Top-Chatters or Top-Sulkers ?

The Unsniff beta build (1.5) we are using at the site has a Top-N feature for a whole set of statistics (IPs, MACs, Conversations, protocols, subnets, interfaces, etc). This is a fairly common feature in many tools. We ran Top-N for a while on one of their key entry points.  It was fine and produced great results from a traffic analysis point of view. Day in and day out, these Top-N feature the same hosts/subnets at the same time of day.

From a Network Security Monitoring (NSM) angle, this kind of data invariably features entities that already have a high trust level. Most Top-N analysis are soon taken over by the “usual guys” like Exchange, company video streaming, training, VoIP and so forth.

I really think we need a Bottom-N or a “Top-Sulkers” analysis to complement the Top-N approach. To repeat a cliche, it is always the quiet ones who do the damage. It takes a lot of effort to send just one packet. Snort may miss these because the packets themselves may not be suspicious.

Specifically, we want to focus on the following.

1. Mr Mix-A-Lot : Talks to a lot of hosts, but says very little to each host.

2. Mr Mono-Syllable : Displays normal behavior, but occasionally blurts out single words to complete strangers. (The single packet case – snort might catch it)

3. Mr Scratchy-Record : Normal on the outside, but speaks the same message at regular intervals. (Beacons, hearbeats, keepalives)

4. Ms Shy : Shows a lot of interest in talking, but stops when the other side shows interest. (Lot of connection attempt, but nothing is said)

5. Ms Language expert : Tries to talk a lot of languages, but rarely says much in any of them. (Tries lot of ports, but not much traffic)

Guess what, a pure Top-N approach is going to miss all of the above cases.

Expect a Top-Sulkers feature in Unsniff 1.5. If you would like to participate in a beta, please send email via the Contact page.

Last evening, a group of enthusiastic telecom professionals from Chennai gathered at the Park Sheraton Hotel for the inaugural meeting of the Chennai telecom interest group. We hope to convene once a month to share our knowledge or to just hang out with people from the telecom / networking industry. Gokul also has coverage on his blog.

After  a round of introductions, we had people share their knowledge about VoIP, SIP, IMS, WiMAX, Mobile application delivery platforms, the entrepreneurial climate in India, the VC scenario in India, social networking, the state of Indian mobile operators, the technical direction of various European mobile operators, and so forth.  We even had Chandra  share his experiences with mobile services in Ethiopia and Somalia. Chandra is also an active member of the SIP forum.

Things got even more interesting after the arrival of Subbu, who is a consultant with the ETSI. He talked about the latest standards activities in the Mobile/IMS space. I must admit most of it went over my head, but it was just great to have a person with such technical depth in this group.

Some pics :

 

L->R : Nitin, Gokul (yes the VoIP blogger),  Vasu, Subbu (standing)

 

L->R : Madhu, Aravind, Anbu

 

L->R: Vijay Anand (blogger, entrepreneur, and brains behind Proto.In), Jayadev, Ravi, empty chair where Chandra was sitting a few seconds back

Credit must go to Vijay for taking the lead with getting this group together. I think he is one of the very few individuals in India who is solidly tuned to both the entrepreneurial and investor channels. (excuse the bad mobile pun) 

If you are interested in the technology side of telecom, VoIP, IMS, wireless, networking, or security please contact any of us or just show up at the next meeting.

Apologies : I got some names wrong in the first pass of this post.

[tags] chennai telecom, entrepreneur, voip, ims [/tags]