1 00:00:00,360 --> 00:00:09,510 It's very important that you understand MIBS or management information bases, OIDs or object identifiers 2 00:00:09,960 --> 00:00:16,170 and performance counters within your role as a network manager and also in working with network management 3 00:00:16,170 --> 00:00:20,050 applications. With regards to understanding network protocols, 4 00:00:20,460 --> 00:00:22,740 there are three key terms to understand. 5 00:00:23,340 --> 00:00:26,270 Firstly, MIBS or management information bases, 6 00:00:26,760 --> 00:00:32,830 secondly, OIDs or object identifiers and performance counters or perfmon. 7 00:00:33,420 --> 00:00:37,580 Now, in a lot of conversations, network engineers use the term MIB 8 00:00:38,410 --> 00:00:46,330 and OID interchangeably, however, it's important to make a distinction, a MIB is a larger entity 9 00:00:46,330 --> 00:00:51,120 than an OID and an OID is included within a MIB. 10 00:00:51,850 --> 00:00:59,140 A MIB is a database used for managing entities in a network using protocol such as SNMP. 11 00:00:59,800 --> 00:01:07,690 Objects in the MIB are defined using abstract syntax notation or ASN, and the database is structured 12 00:01:07,690 --> 00:01:10,700 as a hierarchical database or tree structure. 13 00:01:11,200 --> 00:01:15,880 Each entry in the MIB is addressed through an OID. 14 00:01:16,510 --> 00:01:23,560 So as an example, if a network manufacturer wanted to create a MIB for pooling environmental statistics 15 00:01:23,560 --> 00:01:30,700 on a router, the router manufacturer would include a MIB with many different types of variables and statistics, 16 00:01:31,090 --> 00:01:34,330 which would give you a total view of that type of statistic 17 00:01:34,330 --> 00:01:42,760 for the device. Whereas an OID would be used for polling a specific interface as an example with a specific 18 00:01:42,760 --> 00:01:44,190 object identifier 19 00:01:44,620 --> 00:01:47,020 and that's where the term OID comes from. 20 00:01:47,500 --> 00:01:55,570 Here's an RFC discussing the management information base or MIB for network management of TCPIP based 21 00:01:55,570 --> 00:01:56,290 internets, 22 00:01:56,890 --> 00:02:08,020 this RFC obsoletes RFC 1158 and it defines the second version of the MIB 2 for use with network management 23 00:02:08,020 --> 00:02:12,020 protocols in a TCP IP network. The RFC 24 00:02:12,020 --> 00:02:19,420 explains in a lot of detail about some of the groups that are available in the MIB, including, 25 00:02:19,420 --> 00:02:21,010 as an example, the system group. 26 00:02:21,850 --> 00:02:26,920 This contains four objects which you'll often see in network management environments, 27 00:02:26,920 --> 00:02:30,730 sysContact, sysName, sysLocation and sysServices 28 00:02:31,620 --> 00:02:39,360 and this provides contact administrative information regarding the managed node. Interface group contains 29 00:02:39,360 --> 00:02:45,930 information about interfaces as an example. In our Wireshark capture, information was being sent back 30 00:02:46,050 --> 00:02:52,650 from a managed device, in this case, router 2 to the network management station 31 00:02:52,920 --> 00:02:58,290 and notice, it includes information such as 1.3.6.1.2 and so forth. 32 00:02:58,980 --> 00:03:07,560 Doing a search in this RFC MIB 2 we can see information with that hierarchy of values, 1.3. 33 00:03:07,560 --> 00:03:08,040 6. 34 00:03:08,110 --> 00:03:12,270 1.4 as an example in the obsoleted version 35 00:03:13,180 --> 00:03:17,350 of this RFC, so the one that this RFC replaced. 36 00:03:18,340 --> 00:03:26,710 We could search for information and it would include information such as this ISO organization, DOD, 37 00:03:26,710 --> 00:03:29,910 Internet management MIB system, system descriptor. 38 00:03:30,400 --> 00:03:34,930 So this is appended to an instance sub identifier of zero. 39 00:03:35,350 --> 00:03:38,600 A value like this indicates system descriptor. 40 00:03:39,130 --> 00:03:50,440 So in this example, notice the hierarchy 1.3.6.1.2.1 and then it changes to other 41 00:03:50,440 --> 00:03:50,830 values 42 00:03:50,830 --> 00:03:51,490 2.2. 43 00:03:52,430 --> 00:03:58,220 Now, it's very difficult to look for information in an RFC such as this, so it's easier to look at 44 00:03:58,220 --> 00:04:02,690 a MIB browser for specific MIB OID information. 45 00:04:03,140 --> 00:04:08,900 So rather than trying to work this out, you could use a MIB browser to see what this actually means.