Dissertation: Evaluating a Simple Network Monitoring Protocol
This study is an evaluation of a Simple Network Monitoring Protocol (SNMP), a network monitoring protocol that is commonly used in the industry to monitor networks. SNMP is based on the first network monitoring protocol, which is the Simple Gateway Monitoring Protocol (SGMP). There are three versions of this protocol, these being the SNMPv1, SNMPv2c and SNMPv3 and all use the 161 predefined UDP port to send SNMP messages on it. In particular, this study seeks to determine the possible reason/s why Windows systems do not support the latest version of the protocol while a Linux system does.
All the SNMP versions use a database to manage entities and this is called the Management Information Base (MIB). For the testing scenario, multiple virtual network tools were used. To create the virtual machines that would host all the Windows operating systems, Linux operating system and one Kali Linux host, the Oracle Virtual Box was chosen. A network simulator was set up to interconnect these virtual machines. The GNS3 is a program that allows the integration of the virtual machines created using the Oracle Virtual Box directly and thereby allowing for a more realistic scenario. To monitor the SNMP host created on the GNS3, there was the need for a network monitoring tool that uses all the SNMP versions to monitor devices on a network. Cacti is one of the most commonly network monitoring tools used in the industry. Finally, to simulate a normal amount of network traffic between the devices on both Linux and Windows systems, each of the clients would have installed a program called NetflowGenerator, which, as its name implies, directs network traffic to a single target (Windows Server in the case of the Windows network and Linux Ubuntu Server for the Linux network).
After extensive testing on the scenario created by using GNS3 and the graphical tool on Cacti, the result demonstrated no significant difference between using SNMPv2c and SNMPv3, since when the devices that hosted the various types of protocols were under attack, they reacted almost the same. In testing the network, a DDOS attack was carried out using the afore-mentioned process. In conclusion, although there are small advantages when using SNMPv3 in terms of security, they are not enough to warrant the implementation of such protocol version.