SNMP V2 and V3, RMON, RMON2

SNMP, which stands for Simple Network Management Protocol, was developed in 1988 by a consortium of university researchers. Its primary purpose was to offer monitoring capabilities for devices connected across TCP/IP-based networks. Just two years later, in 1990, SNMP earned recognition as an internet standard from the Internet Architecture Board (IAB). 

The SNMPv2 protocol standards introduced several endeavors to tackle the security concerns inherent in SNMPv1. These efforts included the introduction of various security models like the party-based SNMPv2p, user-based SNMPv2u, and the community-based SNMPv2c.

Despite these initiatives not completely rectifying the critical security issues, SNMPv2 did bring about several enhancements over SNMPv1. Notably, it improved data retrieval capabilities through the inclusion of SNMP GETBULK operations. Moreover, SNMPv2 retained the community-based security approach established by SNMP

In the late 1990s, SNMPv3 was conceived, and by December 2002, it was ratified as a standard. 

This version is delineated across RFCs 3410 to 3415. While SNMPv3 retains the fundamental SNMP management system and operations from SNMPv1 and SNMPv2, it introduces a comprehensive security architecture. 

This architecture is designed in a modular fashion, allowing specific components to be enhanced without necessitating a complete overhaul. 

SNMPv3's framework encompasses several models:

1.Message Processing Model (SNMPv3)

2.User-Based Security Model

3.View-Based Access Control Model

This framework is structured to support multiple models concurrently and to facilitate gradual replacements over time. For instance, although SNMPv3 introduces a new message format, it still supports messages created in SNMPv1 and SNMPv2c formats. Similarly, the user-based security model can coexist with the previously used community-based models. Additionally, SNMPv3 incorporates significant protocol updates

1.Enhanced Notification Support: SNMPv3 introduces a new notification type called INFORM. This type resembles a TRAP but requires acknowledgment. If acknowledgment is absent, the INFORM is retransmitted.

2.Trap Filtering: SNMPv3 allows filtering of TRAPs at the sender's end.

3.Dynamic Configuration: SNMP agents in SNMPv3 can be dynamically configured using MIB modules defined in RFC 3584 and RFCs 3411 through 3415

SNMP utilizes port numbers 161 and 162 for transmitting instructions and messages. Specifically, the SNMP agent employs port 161, while the SNMP manager operates through port 162. 

RMON1, or Remote Network Monitoring Version 1, is an initial .version of the Remote Network Monitoring (RMON) standard. It was designed to facilitate remote monitoring and analysis of network traffic and performance on specific network segments. RMON1 focuses on providing essential statistics and information relating to network traffic and errors, primarily at the physical and data link layers of the OSI model.

Key features of RMON1 include:

1.Packet and Byte Counts: RMON1 allows administrators to gather information on the number of packets and bytes transmitted and received on a network segment. This data helps in understanding network utilization.

2.Error Statistics: RMON1 provides insights into various types of errors occurring on the network, such as CRC errors, collision counts, and other anomalies.

3.Utilization Metrics: Administrators can monitor the utilization of network resources, which helps in identifying congestion and potential performance issues.

4.Promiscuous Mode: RMON1 enables network devices to capture packets in promiscuous mode, allowing administrators to analyse all traffic passing through a specific segment.

5.Historical Data: RMON1 supports historical data collection, allowing administrators to track network trends over time.

6.Alarms and Events: RMON1 can generate alarms or events based on specified thresholds, notifying administrators when specific conditions are met (e.g., excessive errors).

7.Protocol Distribution: This feature provides statistics about the distribution of different network protocols, helping administrators understand the composition of network traffic.