Windows XP Professional comes with agents for Simple Network Management Protocol (SNMP), an open standard protocol that can be used to monitor and manage the network devices in the operating system. For instance, you can collect network traffic information via SNMP and graph it to keep an eye on your monthly data allocation for your broadband Internet connection.
The SNMP agents are not installed by default in Windows XP; to add them, go to Control Panel-Add or Remove Programs-Add/Remove Windows Components and tick the Management and Monitoring Tools box in the dialogue that pops up. If you wish, you can click the Details button, to confirm that both SNMP and the WMI (Windows Management Instrumentation) SNMP Provider components are selected. You’ll be prompted for the Windows XP Professional installation CD-ROM, and a number of files will be copied over, including the agents and MIBs (Management Information Base, a database file with definitions and variables for the objects to be managed, organised in a hierarchical tree-like format). Next, use the Services Management Console (Start-Run-services.msc) to check that the SNMP and SNMP Trap services are running. If not, right-click on both, and select Start.
The SNMP agents are now ready to respond to requests from an SNMP management console, but do some configuration before you start using them. The following SNMP agent services can be selected, roughly corresponding to the seven-layer OSI network model:
Physical: for managing physical devices like repeaters and hard disk partitions.
Applications: for managing applications that use the TCP/IP network stack, such as ftp or http services.
Datalink and Subnet: for managing bridged networks, or TCP/IP subnets.
Internet: use this if the Windows XP Pro-fessional system acts as a gateway/router.
End-to-end: for Internet Protocol hosts.
You can select the agent services by selecting the SNMP Service entry in the Services Management Console, and choosing Properties. By default, Windows XP Professional enables the Applications, End-to-end and Internet agent services. The former two should always be enabled for SNMP to work properly.
As most SNMP management applications use them, add the name of the SNMP Administrator (or your name); also fill in the location of the computer while in the Properties page for the SNMP Service (see here for screenshot).
SNMP agents can send out short messages if certain, predestined events occur. These are called traps in SNMP parlance, and you can configure them under the eponymous tab in the SNMP Service Properties dialogue. Note that you’ll need to add a community name; this is the ‘password’ used to separate different groups of systems. If you want the SNMP information from your Windows XP system to be accessible by a number of SNMP management hosts, you have to make sure you use the same community name as they have, or authentication will fail.
The community name is case sensitive and not encrypted, so don’t rely on it for security.
Add “localhost” to the trap destinations list, and the name of any other host that will receive trap messages from your computer. Next, click on the Security tab, and add your community name to the Accepted Community Names list — leave the default “public” community name for now, as it’s universally accepted in all SNMP implementations, but be aware that it’s a slight security risk for that reason.
Finally, click on Accept SNMP Packets from these hosts and add the computers that you wish to allow SNMP traffic to and from; for the purposes of this column, “localhost” or “127.0.0.1” for the computer you’re at is sufficient.
This is enough to get started with SNMP. You can test your configuration with the character-mode SNMPUTIL.EXE from the Windows 2000/XP Resource Kit, but it’s awkward to use, because you have to type in the Object ID (OID) in numeric form. For instance, to browse the MIB tree, type snmputil walk localhost my_community [or public] .1.3. To look at which accounts are on your Windows XP system, type snmputil walk localhost my_community .188.8.131.52.184.108.40.206.2.25.
A GUI version is available in the RK, SNMPUTILG, which is much nicer to use.
A good, albeit a few years old, utility for browsing SNMP MIBs on Windows is GetIf (www.wtcs.org/snmp4tpc/getif.htm), a free utility written by Philippe Simonet. On top of browsing the various MIBs, GetIf allows you to graph the data that the SNMP agents transmit.
For more elaborate graphing and monitoring with SNMP, consider the Multi Router Traffic Grapher (MRTG — www.mrtg.org) and/or ntop (www.ntop.org). They are somewhat complex to configure, requiring additional components such as ActiveState Perl (MRTG) and libpcap packet capture library (ntop), but you can’t beat them for data visualisation.
Note that there is a security vulnerability in the SNMP service installed from the original Windows XP Professional disc (see www.microsoft.com/technet/security/bulletin/MS02-006.asp), so make sure you update your OS installation. Also remember that SNMP isn’t a secure protocol, so make sure to firewall off UDP ports 161 and 162 from the Internet, otherwise anyone can sniff the SNMP traffic to gain information about your network that you may not wish to share.