Most wireless devices support a monitoring system called SNMP.This protocol provides a standard mechanism for querying a device for many standard parameters such as the system name and manu- facturer. However, fortunately for our needs, they also report the network interfaces and various statis- tics about the interfaces such as the number of bytes transmitted and received. Plus, in more advanced usage, you can also use SNMP to configure devices, though few consumer devices support that and we won’t be delving that far into SNMP here.

Preparing for the Hack

In preparing for the hack, you’ll first need to determine if your network devices support SNMP monitoring (most current consumer wireless equipment supports basic SNMP monitoring). SNMP has evolved since it was created and exists in versions 1 through version 3. All you need for basic monitoring is version 1. Linux-based systems, such as Pebble described in Chapter 6, may require the installation of appropriate SNMP tools, such as NetSNMP. Newer versions provide greater support for secure access, which is important if you’re using SNMP to modify settings on your device, but less important for gathering basic statistics via a read-only connection, as described in this chapter.

Performing the Hack

To use the tools described in the rest of this chapter, you must first enable SNMP on the device you wish to monitor. Figure 7.1 shows the SNMP setup screen for the m0n0wall firewall software described in Chapter 6. Figure 7.2 shows the SNMP configuration for a typical consumer Access Point.

Figure 7.1 Enabling SNMP in m0n0wall

The three items usually needed for SNMP configuration on the device are described in Table 7.1.

Table 7.1 Common SNMP Device Settings Setting Name Explanation

Community The “login” name to be used by SNMP tools to query this device. The commonest name is public.

System Location A short description of where this device is located—e.g., first floor wiring cabinet.

System Contact Name of person to contact.

The most critical setting is the Community name, which is considered the “login name” for the device.This is usually set to ^public, but if you wish to hide access more effectively, you could choose a different name. However, in its simplest form, SNMP V1.0, there is no security for this login name, so anyone with simple network monitoring tools will be able to see the Community name whenever you monitor it. Later versions of SNMP provide an encrypted login that is more secure from eaves- dropping.

The two System Location and System Contact settings are less critical for a small network.

Chances are you’re the only one monitoring the system so you know whom to contact. Similarly, the number of devices is likely to be so small that you know the location.These are provided for larger networks where there may be hundreds of devices that are automatically monitored by sophisticated network management tools.

Figure 7.2 Enabling SNMP in D-Link AP

W

ARNING

: S

ECURITY

C

ONCERN

When you enable SNMP monitoring for your network device, you are also enabling SNMP access for anyone on your network. Although this information is typically read-only and they cannot cause mischief by modifying your settings, some devices provide a lot of statistical and network specific information via SNMP that could be used to quickly gain detailed infor- mation about your network inappropriately. How much you worry about this will depend on how you’re using your network.

Once you’ve enabled SNMP, you’re all set to go with the tools described in this chapter.The first, Getif, is a good tool for confirming basic device functionality and configuration.

Under the Hood: How the Hack Works

When you enable SNMP on your device, you are telling it to listen on port 161 for requests from an SNMP query tool.These requests consist of the login information and an OID (object identifier), which specifies exactly what piece of information is needed.These OIDs are in turn listed together in groups called MIBs, or Management Information Bases.There are standard MIBs that contain OIDs for common requests such as interface numbers or packets sent or received, and there are various extension MIBs for specific areas like wireless.These allow you to query specific items like the cur- rent SSID setting, or the number of computers currently associated with an AP. Often, a manufac- turer-specific MIB, such as Cisco’s wireless extensions, is adopted by other vendors and it becomes a pseudo-standard.

Fortunately, the values that provide the most useful monitoring information are well standardized, so most devices will respond to the standard OIDs we’ll be using later in this chapter.

Table 7.2 lists some resources on the Web to help you further explore the vast world of SNMP- based network monitoring tools.

Table 7.2 SNMP Resources

URL Description

www.snmplink.org Has links and information about SNMP and MIBs; also has a good Tools section with links to useful programs.

www.snmp4tpc.com Acronym stands for SNMP For The Public Community. More PC- focused than most SNMP information. A good source of tools and information.

www.mibdepot.com Has a very large collection of MIBs; a good place to find support for your specific device.