Previous Table of Contents Next


Trace 7.11c. RMON alarmTable initialization

  Sniffer Network Analyzer data from 21-Feb at 16:47:08, file TRAP.ENC,
   Page 1

  -------------------------- Frame 21 ----------------------------
  SNMP: ----- Simple Network Management Protocol (Version 1) -----
  SNMP:
  SNMP: Version = 0
  SNMP: Community = public
  SNMP: Command = Set request
  SNMP: Request ID = 918004693
  SNMP: Error status = 0 (No error)
  SNMP: Error index = 0
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.16.3.1.1.2.29148} (rmon.3.1.1.2.29148)
  SNMP: Value  = 5
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.16.3.1.1.3.29148} (rmon.3.1.1.3.29148)
  SNMP: Value  = {1.3.6.1.4.1.209.2.2.1.2.1}
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.16.3.1.1.4.29148} (rmon.3.1.1.4.29148)
  SNMP: Value  = 1
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.16.3.1.1.4.29148} (rmon.3.1.1.4.29148)
  SNMP: Value  = 1
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.16.3.1.1.7.29148} (rmon.3.1.1.7.29148)
  SNMP: Value  = 1
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.16.3.1.1.8.29148} (rmon.3.1.1.8.29148)
  SNMP: Value  = 1
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.16.3.1.1.10.29148} (rmon.3.1.1.10.29148)
  SNMP: Value  = 0
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.16.3.1.1.9.29148} (rmon.3.1.1.9.29148)
  SNMP: Value  = 31860
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.16.3.1.1.11.29148} (rmon.3.1.1.11.29148)
  SNMP: Value  = FM/X (XXX.YYY.135.195) : PID 3632 ID 0x008a0310
  SNMP:

In Frame 23, the Manager sets the alarmStatus object to a value of 1 (valid, per RFC 1757), which is confirmed in Frame 24.

The network does exceed the threshold of network utilization that was specified; as a result, the Probe issues a trap in Frame 33 (Trace 7.11d). Note that this is an enterprise-specific trap, and that the trap reports the values of some objects from the alarmTable {1.3.6.1.2.1.16.3.1}. These objects are:

Object OID Value

alarmIndex {rmon.3.1.1.1} 29148
alarmVariable {rmon.3.1.1.3} { 1.3.6.1.4.1.209.2.2.1.2.1 }
alarmSampleType {rmon.3.1.1.4} 1
alarmValue {rmon.3.1.1.5} 3
alarmRisingThreshold {rmon.3.1.1.7} 1

The alarmIndex object uniquely identifies an entry in the alarm table; its value is a random value that was originally determined by the Manager (review Frame 19). The alarmVariable object identifies the OID of the variable to be sampled. In this case, the variable is derived from a Private MIB (enterprise 209 is assigned to ProTools, now part of Network General Corp.). The alarmSampleType specifies the method of sampling the selected variable and calculating the value to be compared against the thresholds. The value of 1 specifies an absolute value, meaning that the value of the selected variable will be compared directly with the thresholds at the end of the sampling interval. The alarmValue object is the value of the statistic during the last sampling period. Finally, the alarmRisingThreshold is a threshold for the sampled statistic. According to RFC 1757, when the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single event will be generated.

Trace 7.11d. Trap sent in response to an excessive network condition.

  Sniffer Network Analyzer data from 21-Feb at 16:47:08, file TRAP.ENC,
   Page 1

  -------------------------- Frame 33 ---------------------------
  SNMP: ----- Simple Network Management Protocol (Version 1) ----
  SNMP:
  SNMP: Version = 0
  SNMP: Community = public
  SNMP: Command = Trap
  SNMP: Enterprise = {1.3.6.1.2.1.16}
  SNMP: Network address = [XXX.YYY.135.11], Probe
  SNMP: Generic trap = 6 (Enterprise specific)
  SNMP: Specific trap = 1
  SNMP: Time ticks = 69788
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.16.3.1.1.1.29148} (rmon.3.1.1.1.29148)
  SNMP: Value  = 29148
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.16.3.1.1.3.29148} (rmon.3.1.1.3.29148)
  SNMP: Value  = {1.3.6.1.4.1.209.2.2.1.2.1}
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.16.3.1.1.4.29148} (rmon.3.1.1.4.29148)
  SNMP: Value  = 1
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.16.3.1.1.5.29148} (rmon.3.1.1.5.29148)
  SNMP: Value  = 3
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.16.3.1.1.7.29148} (rmon.3.1.1.7.29148)
  SNMP: Value  = 1
  SNMP:

The next step is for the Manager to retrieve the values from the logTable (recall that the eventType object set in Frame 11 specified a “log-and-trap” event, event type = 4). Frames 35–36 read the values from this logTable, and Frames 37–38 (which are not shown in the trace) merely confirm that all entries in that table have been read (see Trace 7.11e). Frame 36 contains the entries of the logTable, indexed by the random number initially selected by the Manager (31860):

Object OID Value

logTime {rmon.9.2.1.3} 69788
logDescription {rmon.9.2.1.4} % Network usage 3.
Over threshold of (1)

Trace 7.11e. Reading the logTable

  Sniffer Network Analyzer data from 21-Feb at 16:47:08, file: TRAP.ENC,
   Page 1

  ------------------------- Frame 35 ----------------------------
 SNMP: ----- Simple Network Management Protocol (Version 1) -----
  SNMP:
  SNMP: Version = 0
  SNMP: Community = public
  SNMP: Command = Get next request
  SNMP: Request ID = 918004699
  SNMP: Error status = 0 (No error)
  SNMP: Error index = 0
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.16.9.2.1.3.31860} (rmon.9.2.1.3.31860)
  SNMP: Value  = NULL
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.16.9.2.1.4.31860} (rmon.9.2.1.4.31860)
  SNMP: Value  = NULL
  SNMP:
  -------------------------- Frame 36 ---------------------------
  SNMP: ----- Simple Network Management Protocol (Version 1)-----
  SNMP:
  SNMP: Version = 0
  SNMP: Community = public
  SNMP: Command = Get response
  SNMP: Request ID = 918004699
  SNMP: Error status = 0 (No error)
  SNMP: Error index = 0
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.16.9.2.1.3.31860.1} (rmon.9.2.1.3.31860.1)
  SNMP: Value  = 69788 (time ticks)
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.16.9.2.1.4.31860.1} (rmon.9.2.1.4.31860.1)
  SNMP: Value  = % Network usage   3. Over threshold of (1)
  SNMP:


Previous Table of Contents Next