Overview
SNMP managers and agents can communicate because they share a common understanding of the data being exchanged (MIBs) and use the same mechanism to exchange that data (SNMP protocol). Hence, to ensure interoperability, an agent must be tested to check if its data matches the MIB definition, and if it adheres to the data exchange mechanisms (Get/GetNext/Set/GetBulk operations) specified in the SNMP protocol.
SimpleTesterPro adds basic vulnerability testing to check against DenialOfService (DoS) attacks to the SimpleTester product, which has become the standard for SNMP testing over the last 10 years. The capabilities of SimpleSoft’s SimpleSleuth agent test modules are integrated within SimpleTester to create a single test solution.
As the number of MIBs, MIB variables and instances supported by an SNMP agent grows, it can take weeks or even months to manually test each variable using tools like a typical MIB Browser. This is where the SimpleTesterPro is most useful. The SimpleTesterPro is an “SNMP Expert” program that will intelligently interpret MIB files, SNMP protocol specifications, and all the MIB objects supported by the agent. Using this knowledge, it automates the testing process to complete weeks worth of manual testing – in just minutes.
The SimpleTesterPro contains syntax tests, semantic tests, performance tests, vulnerability checking, and other utilities, such as a Trap Receiver, which validates traps against the MIB, individual script runner, and a script generator.
The predefined syntax tests check for MIB and SNMP protocol compliance for any MIB by sending hundreds of different Get/GetNext/Set/GetBulk requests and analyzing the response for each and every MIB object supported by the agent. With each test result, reference is given to the RFC which specifies the behavior being tested.
The semantic tests include over 1100 tests to validate the semantics of popular MIBs like MIB-II, RMON, SNMPv3, and the NTCIP Global Objects MIB. These tests further ensure that the agent has implemented the behavior of each MIB object properly. For example, in MIB-II if 2000 octets are sent to the agent, its ifInOctets for the corresponding interface should at least increment by that amount. The tests can be easily customized by making changes to configuration files. In addition, the source code of all the 1100+ tcl scripts is available. They can be used as templates for writing your own tests or for customization. The framework is also fully documented to allow users to easily add their own test suites.
The performance tests measure the agent’s ability to handle a stream of requests, one after another, and its ability to handle a set of requests all at once. With these tests the SimpleTesterPro is measuring response times and creates a report which indicates the shortest, the longest, and the average response time given the number of messages sent and received.
The vulnerability tests sends thousands of invalid SNMP requests to the agent under test to check if it is able to process them without failure. Since the SNMP protocol uses the ASN.1 BER to encode SNMP packets, the invalid SNMP request packets are typically of two types: badly encoded requests, and bad valued requests which are correctly encoded. This helps SimpleTesterPro detect vulnerabilities in agents to Denial of Service Attacks that send bad request packets to well defined ports (like 161).
The test suite structure support is fully extensible. Users can develop and add their own semantic test suites using the test suite builder which has an intuitive graphical user interface.
The built-in Tcl interpretor has support for SNMP, Telnet, and Serial I/O, as well as the Simple Transportation Management Protocol (STMP), to allow users to define their own scripts that test other aspects of the device including its Command Line Interface (CLI).
The SimpleTesterPro includes a MIB Browser that graphically displays the object registration tree and allows the retrieval and setting of manageable objects.
In addition to the user interface, the SimpleTesterPro can also be run in an unattended mode by specifying the tests to be conducted in a command file.
SimpleTesterPro also includes support for Diffie-Hellman Key Change and Key Ignition. Ability to create random numbers and their corresponding keys is also available. This functionality is particularly useful within the Cable Modem industry implementing the DOCSIS 1.1 specifications.
Operation
Only a few simple steps are required to test an Agent. They are:
- Use the built-in MIB compiler to load the MIBs supported by the Agent.
- Use the built-in MIB walker to specify the variables to be tested.
- Run any or all of the predefined tests to check for conformance with the MIB definitions and SNMP specifications. The detailed reports pinpoint problem areas.
- Use the built-in Script Generator and RowStatus Tester to automatically create test scripts and the built-in Script Runner to run these scripts for load and regression testing.
- Optionally use the built-in Semantics checker to check the implementation of popular MIBs.
Benefits
- Increased customer satisfaction.
- Reduced development, testing and support costs.
- Improved quality and interoperability.
- Implementation errors detected before deployment.
Features
- Supports IPv4 and IPv6.
- Communicates through both UDP datagrams and TCP connections over the standard network interface.
- Checks MIBs (v1 and v2 SMI) for Syntax Errors.
- Checks agent responses (and traps) for conformance with the associated MIBs.
- Checks agent for compliance with the SNMP protocol specification (SNMPv1, v2C and v3)
- Automatically tests each MIB variable for get, getnext, getbulk and set operations.
- Supports the Posix test results as defined in IEEE std 2003-1997.
- Includes over 1100 semantic tests for popular MIBs like MIB-II, RMON and SNMPv3 with source code.
- Creates script files to be used for regression, load and “RowStatus” related testing.
- Provides detailed reports that pinpoint problems.
- Includes Tcl interpreter and SNMP, Telnet, Serial I/O, STMP Tcl commands for custom script development.
- Contains a simple MIB Browser that graphically displays the MIB structure.
- Supports MD5, SHA, DES, for standard SNMPv3 authentication and privacy.
- Support for 3DES, as well as AES with 128, 192, and 256 key lengths, only available with AES version.
- Support for SHA2 with key lengths of 128 (uses SHA-224), 192 (uses SHA-256), 256 (uses SHA-384), and 384 (uses SHA-512), only available with AES version.
- Includes support for Diffie-Hellman Key Change and Key Ignition.
- Supports functionality to include user defined test suites.
- Includes a test suite builder to ease the burden of creating and organizing user defined test suites.(Windows version)
- Supports both hardware andsoftware based licensing schemes.
- Simple, intuitive, easy to use interface that runs on a PC.
- Includes the ASN.1 version of the NTCIP MIBs and also precompiled files of all those MIBs so that all that will need to be done is to add a device’s manufacturer specific MIBs to the compile file.
- Test Suites Included
- Complete Syntax Test Suites for Any MIB:
- Standard IETF MIBs, Experimental MIBs, or Proprietary MIBs.
- MIB-II Semantic Test Suite
- RMON Semantic Test Suite
- SNMPv3 Semantic Test Suite
- Diffie-Hellman Semantic Test Suite
Test Suites Included
- Complete Syntax Test Suites for Any MIB:
- Standard IETF MIBs, Experimental MIBs, or Proprietary MIBs.
- MIB-II Semantic Test Suite
- RMON Semantic Test Suite
- SNMPv3 Semantic Test Suite
- Diffie-Hellman Semantic Test Suite
- NTCIP Global Objects MIB (1201) Semantic Test Suite
- Performance Test Suite
Additional Test Suites Available
- SAN Test Suite
- DOCSIS 1.1 Test Suites for CM and CMTS
- DOCSIS 2.0 Test Suites for CM and CMTS
Supported IETF RFC’s
SNMPv1
- RFC 1157 - Simple Network Management Protocol
- RFC 1155 - Structure of Management Information
- RFC 1212 - Concise MIB Definitions
SNMPv2
- RFC 1901 - Community-based SNMPv2
- RFC 3416 - Protocol Operations for SNMPv2
- RFC 3417 - Transport Mappings for SNMP
- RFC 1908 - SNMPv1 and SNMPv2 Coexistence
SNMPv2 Data Definition
- RFC 2578 - Structure of Management Information
- RFC 2579 - Textual Conventions
- RFC 2580 - Conformance Statements
SNMPv3
- RFC 3411 - Architecture for SNMP Frameworks
- RFC 3412 - Message Processing and Dispatching
- RFC 3413 - SNMPv3 Applications
- RFC 3414 - User-based Security Model
- RFC 3415 - View-based Access Control Model
MIBs
- RFC 1213 - Management Information Base II
- RFC 1757 - Remote Network Monitoring MIB
- RFC 3418 - MIB for SNMP
- RFC 1573 - Evolution of the Interfaces Group of MIB-II
- RFC 2011 - Internet Protocol MIB
- RFC 2012 - Transmission Control Protocol MIB
- RFC 2013 - User Datagram Protocol MIB
Authentication/Privacy
- RFC 1321 - MD5 Message-Digest Algorithm
- RFC 2104 - HMAC: Keyed-Hashing for Message Authentication
- RFC 2786 - Diffie-Helman USM Key
Hardware and Software Requirements
The SimpleTesterPro is supported on the following:
- Microsoft Windows 7/8/10/2008/2012
- RedHat Enterprise Linux (5.x, 6.x, 7.x)
SimpleTesterPro license is node-locked. For sharing the license among members of a test department, a floating license using a license server is also available for additional cost.
Differences between the various products in the SimpleTester family are described in this Features table
SimpleSoft Agent Tester Overview
This short tutorial will give you an overview of SimpleSoft’s Automated SNMP Agent Tester which can complete weeks worth of manual testing in minutes.
SimpleSoft - an Industry Leader
Resources
- Video
- Product Updates
- Blogs
- White Paper