4. TraceRoute
Next tool we have in our toolbox is the trace route command. How traceroute is working is actually simple that we know the destination. And this testing is based on the destination. So what we are doing that we are sending the UDP packet with invalid port to the destination. But I don’t know that how many hops my destination is away. So for that reason when I send my first packet then I’ll make TTL as one. Obviously TTL one means at the moment it will go and hit the first router. The TTL will expire and then I will get message called ICMP exceed time message. That is Tim time exceed message. So what does it mean? It means that your first three packets actually we are sending three packets.
So your first three packets by default they reached your first hop. Your TTL got expired and then you are ready to send the next packet. Next three packets for next hop. So next time we are adding TTL plus one. So the TTL become two. And then we are sending the packet. Now suppose at this point of time in our lab also that I am four hop away. So again I will go and send the packets. Because I am four hop away. Correct. So again I will increase the TTL. Again I will get the message called ICMP time exceed. Next time I’ll make my TTL as four. So this time I have the destination with me. That means my UDP packet will go and reach to the destination. And how could I know that I have reached to the destination is with different type of code. Because we are sending the packet to invalid port. So that means we’ll get the message ICMP port unreachable.
Correct. So two type of messages we have. First of all ICMP time to exceed. Because I want to bypass that router. I want to add some more detail and I want to proceed. Correct. And at the moment I will go and reach to ICMP port unreachable. That means I reach my destination. And that’s the way. Actually that’s very much heat and trial type of method. But that’s the way we are reaching to the destination. Hop by hop. Now there are some terms or there are some symbols that you will get. Say for example a star or Asterisk. That is the probe timeout. A stands for administratively prohibited. If you have any ACL or other blocking. If you have Q stand for Source quench.
Destination is busy. I stand for user interrupted test. Then you both unreachable edge host unreachability and network unreachable. P protocol unreachable timeout and unknown packet type. Okay. So let’s test this like we have done the pink test. Let me go and log into the lab and verify it. Although we have done the trace route here you can see that I can go to next stop. Next stop. Next stop. Here you can see that I am sending three and again you can see this packets are in millisecond. So 72 millisecond, 80 millisecond and 72 millisecond three packets. We are sending for first hop. Here you can see the hops, the first destination, second and third. At the moment you will go and reach to the destination, you’ll get some other code, ICMP code. So let me show you that packet and detail. And if I do the first route, so here you can see that what type of code messages we are getting because we have three, three, three. So totally you can see how many packets we have sent and that’s why you have these many messages that we are getting here. And still we are getting let me go up because we are running EIGRP. So some eagle debugs may be coming up. All right, let me do this thing and debug all and will not get the debug. Let me scroll up. So here we can see that you have source and destination. This is the source, this is the destination and you are sending the packet with the destination port that is invalid because once it will reach to that particular destination, it will get some invalid code message. So here you can see that type eleven code zero.
We can go back to our notes and we can check type eleven code zero in the ICMP list. So here you can see type eleven code zero time exceed correct. And then we should have the unreachable code as well. That is the invalid port. Let me circle that or let me spot like this. So that will be three and three, type three code three, that is port unleashable. So we are going to get from the destination 33, that’s the code and from the source. Obviously, whenever we are going to the next half, that should be 110 time exceed. So let’s go back to the lab that we have here and we can go and check that in the code. So here you can see that you’re sending the packet with the variable destination port.
It is going to add three, seven and then maybe 3839, et cetera. You can see 3839, you can see the ICMP code, then you have the source and destination and what code you are getting from the destination once you reach to the destination. So here we can see that we have this type three, quote three. And that’s true that’s the port invalid port unreachable. Now this is not the only way that in Cisco devices that we can go and do the test route, we have option that we can go and add the probe as well. So number of probes you want to add, then if you want to add the TTL means from where you want to start and where you want to stop. If you just want to make this little bit small. So you can do like this, even if you want, you can go and increase the pro. Here you can see pro ten. Then I just want to show you this. TTLs to two to two, for example.
So now here you can see if you want to check the latency, if you have to certain destinations, you can go and check this. This is actually the round trip delay that we have like that we can go and add now in trace out. Also we have the extended trace route. So likewise we have the extended IP. We can go and do that. So here you can see that you are getting the options in the same way that we have in the last or in the extended pin. But obviously because this is Chris route, so some of the options are different port number if you want to add, otherwise default will be okay. And if you want to record, you can go and record up to maximum. Nine, I don’t want nine. So for example, four only and you can go and do like this. It’s still this is not as much clean that we have with the extended ping, but yes, we have option to do the extended trace route, trace route filtering, all sort of option in the Cisco devices as well.
5. SNMP Simple Network Mgmt Protocol
We have the management protocol for the network. That’s the simple network management protocol SNMP. Let’s first of all understand the terminologies used in SNMP. Basically we have three main or major component. We have SNMP manager. You can think this as a collector where it is getting the information from the SNMP, the agents. So you have agents that’s the network devices and you have manager where all those information are getting collected with help of map. So third very important component we have the SNMP management information base. Now what is happening now these maps are nothing but the information that is stored inside the agents and managers. They are using get. That means to retrieve the information and suppose if they want to change certain parameters they can use Set. So managers, they are using Git and Set methodology to get the information or if they want to change anything, they can change.
Now again, the communication channel we have, we’ll see that we have versions of SNMP. So for example, community based version, SNMP version one, SNMP version two C and then we have something like authentication or user based SNMP method methodology as well. That is the SNMP version three. But yeah, we have different version as for different RFCs standard and these SNMP or the SNMP protocol in general, they are used to collect the information for the management purposes. So for example, what type of information say interface monitoring type of information or protocol monitoring type of information. Now one of the popular tool for SNMP at this point of time we have for example third party solar wind tool where we are going to do the testing as well in the upcoming lab session.
Most of the production network they are using solar wind or there are various tools as well. Just they are using SNMP methodology, same methodology that you have manager, you have agent and then MIB and then they are collecting information at a common place again for the analysis purpose. Now here you can see that the SNMP get method we have three type of get method means we are getting the information, we are getting the next variable information or we are getting the information in the bulk as well. So three get methods inside get method we have and finally we have SNMP notification as well. Now, what is SNMP notification? This is again a type of information and it is referred as an unsolicited asynchronous notification that can be generated as a trap or information.
So in the configuration I will show you that we can use the methods, the agents can use these methods to tell the manager about the various type of information. So in trap or maybe in inform you have various type of information that you want to tell to the manager and in the configuration I’ll show you that what exactly trap look like. Now we have trap and we have informed most popular in these two is trap that is less reliable as well. So what is happening? What’s the core difference? The basic difference between Trap and inform is that Trap is a message that the manager is getting that don’t have any Acknowledgment. On other hand, the inform they have the Acknowledgment as well. So that’s the reason that Trap is faster.
Trap methodology is faster than the inform method. But inform method is reliable because it has its Acknowledgment as well. So we know the basic terminology used in SNMP. Let’s stop here and next section will study. We are going to study about SNMP MIB and versions of SNMP.
6. Cisco MIB & Versions of SNMP
Let us understand Cisco MIB and versions of SNMP. Now this MIB is nothing but a database and this MIB is in form of three structure. Again, if you want to learn more about MIB, you can go and refer these RFC 1213 and for traps we have 1215. And even with respect to Cisco, if you want to again see the tree structure and the hierarchy, you can go and check Cisco MIB and you’ll get long list of MIB related to most of the things. So for example, the information is related to protocols, the information related to traps, the information related to flaps, information related to CPU interface monitoring, et cetera, et cetera. And again major vendors say for example who is working on SNMP, Solar, Wind and others, they are using this MIB and they have the SNMP manager where they can go and collect all this information that I’ll show you in the upcoming session.
That how we can retrieve these information, how we can query. So suppose if I have SNMP manager, I can send the query that’s nothing but the get method. I can send that get method and once I do this get method, the responder that is nothing but the agent, they will give me all the information that I query inside the string. Okay, now we have three version, we have version one, two C and version three one and two SNMP. Version one and two C, they are very much community based. So obviously they are doing the community based authentication.
The method of authentication is the community string. Again in the lab section we’ll see that we have the community string. Even we can put some sort of ACL acker as well for that. If you want to filter out the number of volume or number of requests we can put inside the SEO that we’ll see in the lab section, then we have version three, that’s the secure model we have. Version three is supporting say for example, message integrity, authentication and encryption. Now there is huge improvement with respect to version one versus two C. And you see that still most of the organizations they are using cognitive based version two C. Why?
Because they can do bulk retrial of data that’s obviously the tables and large quantity of information. Again, these are belonging to the tables. Whenever we are talking about tables, they are belonging to the database system. So maybe MySQL or any type of databases that these managers they are using behind the scene. So maybe they can use MySQL or any type of database depending upon those company and their partnership with the database companies. All right, so version two can get a large volume of data with less amount of expense. Expense here means the memory, the round trip delay, et cetera.
That’s the power we have with respect to two C versus SNMP version one. And when we are talking about version three, this is based on the security model for users or users belonging to Grip. Now what is the difference? I have the slide for that. Here you can see that we have model, we have labeled authentication encryption and what is going to happen now version one and two C, we know that they are community based. So that’s why we have the community string for obviously authentication but there no author proof, no authentication, no proof. Again, I told you that community is itself a type of string or you can think of password just to do the authentication, but it’s not exact authentication.
Like you have MD Five, Shah that we used to learn inside various other protocols like IPsec and others, but they still can think that community is a password or it’s an authentication way of protection to do the authentication between the agent and the manager. So inside v three again, v three is just not only supporting the authentication and the encryption, but they have no author proof method as well. So you can do username use as a username match for the authentication. Then you have Auth, no proof of means authentication, no privacy. At that time you have the MD Five, maybe Shaw at that time they will go and do the authentication and finally it has authentico where you are using both the MD Five and this 56 as a data encryption. So these are the versions we have related to SNMP.
