Previous Table of Contents Next


4.4.4 SNMP Trap Example

The final example shows how a Trap PDU indicates an alarm condition to the network manager. In this case, the agent generating the trap is a Network General Sniffer protocol analyzer (see Figure 4-13).

One set of network statistics is network utilization. Network utilization is a ratio between the total number of bits transmitted in a period of time (in this case five seconds) divided by the total number of bits that could theoretically be transmitted during the same period. A typical network would have a network utilization in the 5 to 20 percent range. For this example, I set the threshold to the unrealistically low value of 1 percent over a five second period. When the network reaches that threshold, the Sniffer generates a Trap PDU and sends it to the SunNet Manager. Another Sniffer analyzer captured the results.

This transmission follows the Trap PDU structure shown in Figure 4-10. The SNMP authentication header contains the version number and community string, and the PDU Type specifies a Trap (PDU Type = 4). The Enterprise field gives the OID for the authority that defined the trap. The prefix {1.3.6.1.4.1} identifies the Private Enterprises subtree, and the 110 identifies Network General Corporation (see RFC 1700, or Appendix F). The Generic Trap field indicates an enterprise-specific trap (Trap = 6). This means that the value of the Enterprise field indicates the authority (Network General) that defined this trap.

The Specific Trap field has Type = 7, which Network General defined. The variable bindings also contain variables and values that Network General defined. The third object’s value (Abs usage exceeded 1 percent) indicates the threshold set in the protocol analyzer.

Trace 4.4.4. An enterprise-specific trap: Network utilization exceeded 1 percent during a five second period.

     Sniffer Network Analyzer data 11-Dec at 16:13:26 file SNIFTRAP.ENC
     Pg 1
     --------------------------------- Frame 1 -------------------------
     SNMP: ----- Simple Network Management Protocol -----
     SNMP:
     SNMP: Version = 0
     SNMP: Community = public
     SNMP: Command = Trap
     SNMP: Enterprise = {1.3.6.1.4.1.110.1.1.1.0}
     SNMP: Network address = [132.163.128.102]
     SNMP: Generic trap = 6 (Enterprise specific)
     SNMP: Specific trap = 7
     SNMP: Time ticks = 244894900
     SNMP:
     SNMP: Object = {1.3.6.1.4.1.110.1.1.1.1.1.1.1.1}
                    (Network General Corp.1.1.1.1.1.1.1.1)
     SNMP: Value  = 53 (counter)
     SNMP:
     SNMP: Object = {1.3.6.1.4.1.110.1.1.1.1.1.1.2.1}
                    (Network General Corp.1.1.1.1.1.1.2.1)
     SNMP: Value  = 1
     SNMP:
     SNMP: Object = {1.3.6.1.4.1.110.1.1.1.1.1.1.3.1}
                    (Network General Corp.1.1.1.1.1.1.3.1)
     SNMP: Value  = Abs usage exceeded 1%
     SNMP:
     SNMP: Object = {1.3.6.1.4.1.110.1.1.1.1.1.1.4.1
                    (Network General Corp.1.1.1.1.1.1.4.1)
     SNMP: Value  = 5
     SNMP:
     SNMP: Object = {1.3.6.1.4.1.110.1.1.1.1.1.1.5.1}
                    (Network General Corp.1.1.1.1.1.1.5.1)
     SNMP: Value  = 0
     SNMP:
     SNMP: Object = {1.3.6.1.4.1.110.1.1.1.1.1.1.6.1}
                    (Network General Corp.1.1.1.1.1.1.6.1)
     SNMP: Value  = 7
     SNMP:
     SNMP: Object = {1.3.6.1.4.1.110.1.1.1.1.1.1.7.1}
                    (Network General Corp.1.1.1.1.1.1.7.1)
     SNMP: Value  = 724119640 (counter)
     SNMP:
     SNMP: Object = {1.3.6.1.4.1.110.1.1.1.1.1.1.8.1}
                    (Network General Corp.1.1.1.1.1.1.8.1)
     SNMP: Value  = Global Network
     SNMP:

4.5 The ASN.1 SNMP Definition

To conclude the discussion of SNMP protocol operation, Definition 4-1 is the ASN.1 definition of SNMP (from RFC 1157). Of special interest are the constructs of the various SNMP PDUs. Those constructs summarize the variables used within the PDUs, plus the values that those variables may assume.


Previous Table of Contents Next