Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Re: Pinging network devices and setting SNMP traps

by Herkum (Parson)
on Jul 13, 2006 at 14:49 UTC ( [id://560970]=note: print w/replies, xml ) Need Help??


in reply to Pinging network devices and setting SNMP traps

There are two problems with ping,

  1. On some networks they are filtered; so you cannot get a response
  2. On a busy network it can dropped in favor of higher priority traffic, it is annoying because it can generate numerous false positives

That being said, I would start implementing some basic monitoring using ping or a ssh/telnet session to check running processes on a box. I have looked at SNMP and I find that it is overly complicated and was not really worth the time invested; It was easier to just capture the output from a ps -ef command and parse that to see what was going on.

Replies are listed 'Best First'.
Re^2: Pinging network devices and setting SNMP traps
by McDarren (Abbot) on Jul 13, 2006 at 15:11 UTC
    On some networks they are filtered; so you cannot get a response

    ICMP filtering is not as common-place as it was say 2-3 years ago. There was one particular worm (can't recall exactly which one.. MSBlaster, perhaps?) that used an ICMP probe to search for vulnerable hosts. It caused havoc for a short time, and many ISP's started filtering ICMP in response. The problem with ICMP filtering is that it can have unwanted side-effects, such as breaking Path MTU Discovery - and so many of these filters have gradually been removed.

    In my experience, most ISP's will will remove an ICMP filter, or at least allow it for a specific host - if asked nicely.

    Cheers,
    Darren :)

      most ISP's will will remove an ICMP filter

      That is assuming that you are working with an ISP; large business tend to have their own network staff.

      God forbid they don't have anyone looking over them, if that is the case you will end up with a monster because most of them will implement any security idea they read in magazine. They end up making the whole thing so complicated they don't even know how it all works; it is like spaghetti code with network devices.

      I am not fond of our networking staff, can you tell... :)

        Herkum:

        I had no idea you worked at the same company as me!

        Seriously, though, this is my first gig at a Fortune 500 company, and I am *amazed* by the networking and security configurations. Quite frightful.

        I would tell you where I worked, except that I'd hate to get fired. About all I could tell you is that it's a Bank, somewhere in America...

        --roboticus

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://560970]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others learning in the Monastery: (5)
As of 2024-03-19 08:51 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found