SimpleTesterPro®

The Standard SNMP Tester with Vulnerability tests

Overview

SNMP managers and agents can communicate because they share a common understanding of the data being exchanged (MIBs) and use the same mechanism to exchange that data (SNMP protocol). Hence, to ensure interoperability, an agent must be tested to check if its data matches the MIB definition, and if it adheres to the data exchange mechanisms (Get/GetNext/Set/GetBulk operations) specified in the SNMP protocol.

SimpleTesterPro adds basic vulnerability testing to check against DenialOfService (DoS) attacks to the SimpleTester product, which has become the standard for SNMP testing over the last 10 years. The capabilities of SimpleSoft’s SimpleSleuth agent test modules are integrated within SimpleTester to create a single test solution.

As the number of MIBs, MIB variables and instances supported by an SNMP agent grows, it can take weeks or even months to manually test each variable using tools like a typical MIB Browser. This is where the SimpleTesterPro is most useful. The SimpleTesterPro is an “SNMP Expert” program that will intelligently interpret MIB files, SNMP protocol specifications, and all the MIB objects supported by the agent. Using this knowledge, it automates the testing process to complete weeks worth of manual testing – in just minutes.

The SimpleTesterPro contains syntax tests, semantic tests, performance tests, vulnerability checking, and other utilities, such as a Trap Receiver, which validates traps against the MIB, individual script runner, and a script generator.

The predefined syntax tests check for MIB and SNMP protocol compliance for any MIB by sending hundreds of different Get/GetNext/Set/GetBulk requests and analyzing the response for each and every MIB object supported by the agent. With each test result, reference is given to the RFC which specifies the behavior being tested.

The semantic tests include over 1100 tests to validate the semantics of popular MIBs like MIB-II, RMON, SNMPv3, and the NTCIP Global Objects MIB. These tests further ensure that the agent has implemented the behavior of each MIB object properly. For example, in MIB-II if 2000 octets are sent to the agent, its ifInOctets for the corresponding interface should at least increment by that amount. The tests can be easily customized by making changes to configuration files. In addition, the source code of all the 1100+ tcl scripts is available. They can be used as templates for writing your own tests or for customization. The framework is also fully documented to allow users to easily add their own test suites.

The performance tests measure the agent’s ability to handle a stream of requests, one after another, and its ability to handle a set of requests all at once. With these tests the SimpleTesterPro is measuring response times and creates a report which indicates the shortest, the longest, and the average response time given the number of messages sent and received.

The vulnerability tests sends thousands of invalid SNMP requests to the agent under test to check if it is able to process them without failure. Since the SNMP protocol uses the ASN.1 BER to encode SNMP packets, the invalid SNMP request packets are typically of two types: badly encoded requests, and bad valued requests which are correctly encoded. This helps SimpleTesterPro detect vulnerabilities in agents to Denial of Service Attacks that send bad request packets to well defined ports (like 161).

The test suite structure support is fully extensible. Users can develop and add their own semantic test suites using the test suite builder which has an intuitive graphical user interface.

The built-in Tcl interpretor has support for SNMP, Telnet, and Serial I/O, as well as the Simple Transportation Management Protocol (STMP), to allow users to define their own scripts that test other aspects of the device including its Command Line Interface (CLI).

The SimpleTesterPro includes a MIB Browser that graphically displays the object registration tree and allows the retrieval and setting of manageable objects.

In addition to the user interface, the SimpleTesterPro can also be run in an unattended mode by specifying the tests to be conducted in a command file.

SimpleTesterPro also includes support for Diffie-Hellman Key Change and Key Ignition. Ability to create random numbers and their corresponding keys is also available. This functionality is particularly useful within the Cable Modem industry implementing the DOCSIS 1.1 specifications.

Operation

Only a few simple steps are required to test an Agent. They are:

Benefits

Features

Test Suites Included

Additional Test Suites Available

Supported IETF RFC’s

SNMPv1

SNMPv2

SNMPv2 Data Definition

SNMPv3

MIBs

Authentication/Privacy

Hardware and Software Requirements

The SimpleTesterPro is supported on the following:

SimpleTesterPro license is node-locked. For sharing the license among members of a test department, a floating license using a license server is also available for additional cost. 

Differences between the various products in the SimpleTester family are described in this Features table

SimpleSoft Agent Tester Overview

This short tutorial will give you an overview of SimpleSoft’s Automated SNMP Agent Tester which can complete weeks worth of manual testing in minutes.

SimpleSoft - an Industry Leader

Over the last 30+ years, 1000+ companies in 35 countries, have come to depend on SimpleSoft to simplify their development, testing, demonstration and management of networks and systems.

Resources

Explore our blogs, whitepapers, videos and product updates

SimpleSoft Network Simulator Overview

SimpleSoft Agent Tester Overview

SimpleSoft SimpleIoTSimulator Overview