GIST NOTES 22 - SNMP
[DISCLAIMER: This is solely for non-commercial use. I don't claim ownership of this content. This is a crux of all my readings studies and analysis. Some of them are excerpts from famous books/sources on the subject. Some of them are my contemplation upon experiments with direct hand coded code samples using IDE or notepad.
I've created this mainly to reduce an entire book into few pages of critical content that we should never forget. Even after years, you don't need to read the entire book again to get back its philosophy. I hope these notes will help you to replay the entire book in your mind once again.]
>SNMP uses MIB
>MIBs use notation defined by ASN.1(Abstract Syntax
Notation)
BER
---
>BER(Basic Encoding Rules) of ASN is used
>BER uses notation TLV(Type-Length-Value) form
>Type - 8bits
Type
The type field is an octet specifying the characteristics of the
value field.
Type identifier octet
|
8
|
7
|
6
|
5
|
4
|
3
|
2
|
1
|
Class
|
P/C
|
Tag Number
|
If Class is set to Universal, the value is of a
type native to ASN.1 (e.g. INTEGER). The Application class is only valid for
one specific application. Context-specific depends on the context (such as
within a sequence, set or choice) and private can be defined in private
specifications.
Class bits in a Type identifier octet
|
Class
|
bit 8
|
bit 7
|
Universal
|
0
|
0
|
Application
|
0
|
1
|
Context-specific
|
1
|
0
|
Private
|
1
|
1
|
P/C is the primitive/constructed bit; it
specifies whether the value is primitive, like an INTEGER, or constructed,
which means it again holds TLV values like a SET.
P/C
|
bit 6
|
Primitive
|
0
|
Constructed
|
1
|
Tag Number – specifies standard known data types
>Length - 2 or more bytes(big endian encoded)
Big Endian / Little Endian
--------------------------
>Byte order in a word at hardware level
>BigEndian - stores most significant byte first
>LittleEndian - stores the least significant byte first
>MixedEndian/MiddleEndian - both big and little endians
mixed in larger words
>Endianness in networking - based on which byte is sent
first; IP uses big endian
------------x-------------
>SNMP agent receives request on UDP port 161
>Manager receives notifications on pot 162(Trap and InformRequests)
>When used with Transport Layer Security or Datagram
Transport Layer Security requests are received on port 10161 and traps are sent
to port 10162.[3].
>SNMPv1 introduced 5 PDUs
>SNMPv2 added two more(GetBulkRequest and InformRequest)
>SNMPv3 added no new PDUs
All SNMP PDUs are constructed as follows:
IP header
|
UDP header
|
version
|
community
|
PDU-type
|
request-id
|
error-status
|
error-index
|
variable bindings
|
The seven SNMP protocol data units (PDUs) are as follows:
1. IP
Header
2. UDP
Header
3. Version
4. Community
5. PDU
type
6. Request
id
7. Error
status
8. Error
index
9. Variable
bindings
GetRequest
A manager-to-agent request to
retrieve the value of a variable or list of variables. Desired variables are
specified in variable bindings (values are not used). Retrieval of the specified
variable values is to be done as an atomic operation by the agent. A Response
with current values is returned.
SetRequest
A manager-to-agent request to
change the value of a variable or list of variables. Variable bindings are
specified in the body of the request. Changes to all specified variables are to
be made as an atomic operation by the agent. A Response with (current) new
values for the variables is returned.
GetNextRequest
A manager-to-agent request to
discover available variables and their values. Returns a Response with variable
binding for the lexicographically next variable in the MIB. The entire MIB of
an agent can be walked by iterative application of GetNextRequest starting at
OID 0. Rows of a table can be read by specifying column OIDs in the variable
bindings of the request.
GetBulkRequest
Optimized version of
GetNextRequest. A manager-to-agent request for multiple iterations of
GetNextRequest. Returns a Response with multiple variable bindings walked from
the variable binding or bindings in the request. PDU specific non-repeaters and
max-repetitions fields are used to control response behavior. GetBulkRequest
was introduced in SNMPv2.
Response
Returns variable bindings and
acknowledgement from agent to manager for GetRequest, SetRequest,
GetNextRequest, GetBulkRequest and InformRequest. Error reporting is provided
by error-status and error-index fields. Although it was used as a response to
both gets and sets, this PDU was called GetResponse in SNMPv1.
Trap
Asynchronous notification from
agent to manager. Includes current sysUpTime value, an OID identifying the type
of trap and optional variable bindings. Destination addressing for traps is
determined in an application-specific manner typically through trap
configuration variables in the MIB. The format of the trap message was changed
in SNMPv2 and the PDU was renamed SNMPv2-Trap.
InformRequest
Acknowledged asynchronous
notification manager to manager[4] or agent to manager. Manager-to-manager
notifications were already possible in SNMPv1 (using a Trap), but as SNMP
commonly runs over UDP where delivery is not assured and dropped packets are
not reported, delivery of a Trap was not guaranteed. InformRequest fixes this
by sending back an acknowledgement on receipt. Receiver replies with Response
parroting all information in the InformRequest. This PDU was introduced in
SNMPv2.[5]
>SNMPv2 added party based
security to v1 but was not agreed widely, instead community based v2c became
de-facto standard as SNMPv2c
>SNMPv2 and SNMPv1 are not compatible
with each other due to PDU format change and additional two requests in SNMPv2
Proxy Agent: Translates between
SNMPv1 and SNMPv2
Bilingual NMS: Talks both SNMPv1
and SNMPv2 as per the device capability. Identifies the agent version by
examining certain basic info from the local database or device.
SNMPv3: Makes no changes to the
protocol except for the addition of cryptographic security; adds security and
remote configuration enhancements to SNMP; it adds encryption/confidentiality,
integrity/message integrity and authentication/source validation;
Resource Indexing: Certain devices
might change indices (of the device resources) in the MIB entries between
device reboots; for such devices, NMS should re-poll the data upon receiving
cold-restart trap from the agent
Security Implications:
1. SNMPv1
and SNMPv2 send community string as clear text hence prone to attack using packet
sniffers
2. All
versions of SNMP are subject to brute force and dictionary attacks for guessing
the community strings, authentication strings, authentication keys, encryption
strings, or encryption keys, because they do not implement a challenge-response
handshake.
3. Although
SNMP works over TCP and other protocols, it is most commonly used over UDP that
is connectionless and vulnerable to IP spoofing attacks. Thus, all versions are
subject to bypassing device access lists that might have been implemented to
restrict SNMP access, though SNMPv3's other security mechanisms should prevent
a successful attack.
4. Auto
Discovery – trying to discover local network devices by broadcasting community
strings might pose security threat in a shared data centers or commercial
networks
SMIv1 – used by SNMPv1
SMIv2 – used by SNMPv2 and SNMPv3
>SNMP is an internet standard
protocol
>SGMP(Simple Gateway Management
Protocol) is the predecessor to SNMP
>Host Resources MIB implements
disk space , running processes and such things on Windows or Linux system
>An agent usually implements
multiple MIBs; from standard MIBs to proprietary MIBs
>MIB-II defines standard
management information and interface details for a typical device
>RMON – Remote Monitoring; data
collector for a network without NMS; NMS can later poll the RMON probe data
collector to retrieve complete management polled data for the remote network;
RMON probe can also send traps to NMS upon certain critical condition on
monitored network
>Some standard MIBs: ATM MIB,
Frame Relay DTE Interface Type MIB, BGP MIB, RDBMS MIB, Radius Auth Server MIB,
Mail Monitoring MIB, DNS Server MIB
>SMI(Structure of Management
Information) tells how to define managed objects and properties
>MIB is a definition of
management data for a device using SMI notations
>Network Management mainly
focuses on FCAPS(defined by ISO)
>FCAPS: Fault, Configuration,
Accounting, Performance, Security
Fault Management: detect, log and
report faults in the devices and networks; 1)isolate the problem;
2)resolve the
problem, 3)record the process used to detect and resolve the problems
Configuration Management: Monitor
and Change certain information in devices that would change the behavior of the
device in some way.
Accounting Management: Tracking
network resource utilization by all groups and individuals to ensure fair usage
and capacity sharing
Performance Management: 1.
Performance data is gathered, 2. Baseline levels are established based on data
gathered, 3. Performance thresholds are established, and when the thresholds
are exceeded, alert is raised to indicate the problems.
Security Management: 1. Control
access to resources such as devices, services and networks, 2. Detect and
prevent attacks that can compromise networks and hosts. Not only network
security but also physical security; todays security tools and systems are:- 1.
Firewalls, 2. Intrusion Detection Systems(IDS), 3. Intrusion Prevention
Systems(IPS), 4. Antivirus Systems, 5. Policy Management and Enforcement
System.
Most of today’s network security
systems can integrate with NMS through SNMP.
Alarm Correlation or RCA(Root
Cause Analysis): Alarm correlation deals with narrowing down many alerts and
events into a single alert or several events that depict the real problem.
Getting More Information
Getting a
handle on SNMP may seem like a daunting task. The RFCs provide the
official
definition of the protocol, but they were written for software developers, not
network
administrators, so it can be difficult to extract the information you need
from them.
Fortunately, many online resources are available. A good place to look is
is another
good site for information. The Simple Times, an online publication
devoted to SNMP
and network management, is also useful. You can find all the
SNMP vendor.
Aside from selling advanced SNMP solutions, its web site contains
a good amount
of free information about SNMP. The company’s web site is
* At this
writing, the current issue is quite old, published in December 2002.
This is the Title of the Book, eMatter Edition
Copyright © 2008 O’Reilly & Associates, Inc. All rights
reserved.
18 | Chapter 1: Introduction to SNMP and Network Management
Another great
resource is Usenet news. The newsgroup most people frequent is
comp.dcom.net-management. Another good
newsgroup is comp.protocols.snmp.
Groups such as
these promote a community of information sharing, allowing seasoned
professionals
to interact with individuals who are not as knowledgeable about
SNMP or
network management. Google has a great interface for searching Usenet
Cisco has some
very good papers on network management, including “Network
were drawn.
Also, Douglas W. Stevenson’s article, “Network Management: What It
important
background material for all students of network management.
>SNMP uses UDP
>UDP is defined in RFC 768
>UDP was chosen over TCP(Transmission
Control Protocol) because it is connectionless.
>Hence, an NMS should resend the datagram
after a timeout assuming it is lost in the transit. No.of retries is
configurable
>SNMP is an application layer protocol
>Due to this unreliable UDP, NMS may not
get traps sometimes from agents, if the trap datagram is lost in between
>At the same time, the unreliable UDP puts
less load on the network performance
>SNMP has been implemented
over TCP, but this is more for special-case
situations in which someone is developing
an agent for a proprietary piece of
equipment. In a heavily congested and managed
network, SNMP over TCP is a bad idea. It’s
also worth realizing that TCP isn’t
magic and that SNMP is designed for working
with networks that are in trouble—if
your network never failed, you wouldn’t need
to monitor it. When a network is failing,
a protocol that tries to get the data through
but gives up if it can’t is almost certainly
a better design choice than a protocol that
floods the network with
retransmissions in its attempt to achieve
reliability.
>>SNMP community modes: read-only, read-write and trap
communities
>Among other things, authentication-failure traps can be
very useful in determining when an intruder might be trying to gain access to
your network.
>The definition of managed objects can be broken down into three
attributes:
Name
The name, or
object identifier (OID), uniquely defines a managed object. Names
commonly
appear in two forms: numeric and “human readable.” In either case,
the names are
long and inconvenient. In SNMP applications, a lot of work goes
into helping
you navigate through the namespace conveniently.
Type and syntax
A managed
object’s datatype is defined using a subset of Abstract Syntax Notation
One (ASN.1).
ASN.1 is a way of specifying how data is represented and
transmitted
between managers and agents, within the context of SNMP. The
nice thing
about ASN.1is that the notation is machine independent. This means
that a PC
running Windows 2000 can communicate with a Sun SPARC machine
and not have
to worry about things such as byte ordering.
This is the Title of the Book, eMatter Edition
Encoding
A single
instance of a managed object is encoded into a string of octets using
the Basic
Encoding Rules (BER). BER defines how the objects are encoded and
decoded so
that they can be transmitted over a transport medium such as
Ethernet.
>1.3.6.1 – internet OID
>private enterprises space, e.g iso.org.dod.internet.private.enterprises.cisco, or 1.3.6.1.4.1.9.
OID and data types
-------------------------
>IpAddress represents 32bit value (both SMIv1 and SMIv2
do not talk about IPv6 addressing)
>Gauge moves between min and max value but never exceeds
max(interface speed)
>Counter – ever increasing count tracker, can wrap around
and start over from 0
>OBJECT IDENTIFIER represents a MIB Object
>TimeTicks – represents time to .01sec precision
>Opaque Allows any other ASN.1 encoding to be stuffed
into an OCTET STRING.
>SEQUENCE Defines lists that contain zero or more other
ASN.1 datatypes.
SEQUENCE OF Defines a managed object that is made up of a
SEQUENCE of ASN.1 types.
>MIB is a logical grouping of managed objects as they
pertain to a specific management
task, vendor, etc. The MIB can be thought of as a
specification that defines
the managed objects a vendor or device supports.
>After the OIDs are defined, we get to the actual object
definitions. Every object definition
has the
following format:
OBJECT-TYPE
SYNTAX
ACCESS
STATUS
DESCRIPTION
"Textual description describing this particular managed object."
::= { }
The first
managed object in our subset of the MIB-II definition is ifTable, which represents
a table of
network interfaces on a managed device (note that object names are
defined using
mixed case, with the first letter in lowercase). Here is its definition
using ASN.1
notation:
This is the Title of the Book, eMatter Edition
Copyright © 2008 O’Reilly & Associates, Inc. All rights
reserved.
ifTable OBJECT-TYPE
SYNTAX SEQUENCE OF IfEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A list of interface entries. The number of entries is given
by
the value of ifNumber."
::= { interfaces 2 }
The SYNTAX of ifTable is SEQUENCE OF
IfEntry. This means that ifTable
is a table containing
the columns
defined in IfEntry. The object is not-accessible, which means
that there is
no way to query an agent for this object’s value. Its status is mandatory,
which means an
agent must implement this object in order to comply with the MIBII
specification.
The DESCRIPTION describes exactly what this object is. The unique
OID is 1.3.6.1.2.1.2.2, or iso.org.dod.internet.mgmt.mib-2.interfaces.2.
Let’s now look
at the SEQUENCE definition from the MIB file earlier in this section,
which is used with the SEQUENCE OF type in the ifTable definition:
IfEntry
::=
SEQUENCE
{
ifIndex
INTEGER,
ifDescr
DisplayString,
ifType
INTEGER,
ifMtu
INTEGER,
.
.
.
ifSpecific
OBJECT
IDENTIFIER
}
Table
2-2. New datatypes for SMIv2
------------------------------------------------
Datatype
Description
Integer32
Same as an INTEGER.
Counter32
Same as a Counter.
Gauge32
Same as a Gauge.
Unsigned32
Represents decimal values in the range
of 0 to 232 -
1, inclusive.
Counter64
Similar to Counter32,
but its maximum value is 18,446,744,073,709,551,615. Counter64 is
ideal
for
situations in which a Counter32 may wrap back to 0 in a short amount of time.
BITS
An enumeration of nonnegative named
bits.
Table 2-5. Brief description of the MIB-II groups
Subtree name OID Description
system 1.3.6.1.2.1.1 Defines a list of objects that pertain to system
operation, such as the system
uptime, system contact, and system name.
interfaces 1.3.6.1.2.1.2
Keeps track of the status of
each interface on a managed entity. The interfaces
group monitors which interfaces are up or down and tracks such
things as octets
sent and received, errors and discards, etc.
at 1.3.6.1.2.1.3 The address translation (at) group is deprecated and is provided only for backward
compatibility.
ip 1.3.6.1.2.1.4 Keeps track of many aspects of IP, including IP
routing.
icmp 1.3.6.1.2.1.5 Tracks things such as ICMP errors, discards, etc.
tcp 1.3.6.1.2.1.6 Tracks, among other things, the state of the TCP
connection (e.g., closed, listen,
synSent, etc.).
udp 1.3.6.1.2.1.7 Tracks UDP statistics, datagrams in and out, etc.
Root-Node
ccitt(0) iso(1) joint(2)
org(3)
dod(6)
internet(1)
directory(1) mgmt(2) experimental(3) private(4)
mib-2(1)
system(1) interfaces(2) at(3) ip(4) icmp(5) tcp(6) udp(7) egp(8)
transmission(10) snmp(11)
This is the Title of the Book, eMatter Edition
Copyright © 2008 O’Reilly & Associates, Inc. All rights
reserved.
>snmpwalk is nothing but a form of snmpgetnext command
Table 2-8. Generic traps
Generic trap name and number Definition
coldStart (0) Indicates that the agent has rebooted. All management variables
will be reset;
specifically, Counters and Gauges will be reset to zero (0). One nice thing about
the coldStart trap is that it can be used to determine when new
hardware is
added to the network. When a device is powered on, it sends this
trap to its trap
destination. If the trap destination is set correctly (i.e., to
the IP address of your
NMS), the NMS can receive the trap and determine whether it needs
to manage
the device.
warmStart (1) Indicates that the agent has reinitialized itself. None of the
management variables
will be reset.
linkDown (2) Sent when an interface on a
device goes down. The first variable binding identifies
the index in the interfaces table for the interface that went down.
linkUp
(3) Sent when an interface on a device comes
back up. The first variable binding identifies
which
interface came back up.
authenticationFailure
(4) Indicates that someone has tried to
query your agent with an incorrect community
string;
useful in determining if someone is trying to gain unauthorized access to
one
of your devices.
egpNeighborLoss
(5) Indicates that an EGP neighbor has gone
down.
enterpriseSpecific
(6) Indicates that the trap is
enterprise-specific. SNMP vendors and users define their
own
traps under the private-enterprise branch of the SMI object
tree. To process
this
trap properly, the NMS has to decode the specific trap number that is part of
the
SNMP message.This is the Title of the Book,
eMatter Edition
Copyright © 2008 O’Reilly & Associates, Inc. All rights
reserved.
--
RDBMS MIB. One of the
traps
defined by this MIB is rdbmsOutOfSpace:
rdbmsOutOfSpace
TRAP-TYPE
ENTERPRISE
rdbmsTraps
VARIABLES
{ rdbmsSrvInfoDiskOutOfSpaces }
DESCRIPTION
"An
rdbmsOutOfSpace trap signifies that one of the database
servers
managed by this agent has been unable to allocate
space
for one of the databases managed by this agent. Care
should
be taken to avoid flooding the network with these traps."
::=
2
--
The most important change is that Version 3 abandons the
notion of managers and
agents. Both managers and agents are now called SNMP
entities. Each entity consists
of an SNMP engine and one or more SNMP applications, which
are discussed in
the following sections. These new concepts are important
because they define an
architecture rather than simply a set of messages; the
architecture helps to separate
different pieces of the SNMP system in a way that makes a
secure implementation
possible.
--
The
SNMPv3 Engine
The engine is composed of
four pieces: the Dispatcher, the Message Processing Subsystem,
the Security Subsystem,
and the Access Control Subsystem. The Dispatcher’s
job is to send and receive
messages. It tries to determine the version of each
received message (i.e.,
v1, v2, or v3) and, if the version is supported, hands the message
off to the Message
Processing Subsystem. The Dispatcher also sends SNMP
messages to other
entities.
The Message Processing
Subsystem prepares messages to be sent and extracts data
from received messages. A
Message Processing Subsystem can contain multiple message
processing modules. For
example, a subsystem can have modules for processing
SNMPv1, SNMPv2, and SNMPv3
requests. It may also contain a module for
other processing models
that are yet to be defined.
The Security Subsystem
provides authentication and privacy services. Authentication
uses either community
strings (SNMP v1and v2) or SNMPv3 user-based
authentication. User-based
authentication uses the MD5 or SHA algorithms to
authenticate users without
sending a password in the clear. The privacy service uses
the DES algorithm to
encrypt and decrypt SNMP messages. Currently, DES is the
only algorithm used,
though others may be added in the future.
The Access Control
Subsystem is responsible for controlling access to MIB objects.
You can control what
objects a user can access as well what operations she is
allowed to perform on
those objects. For example, you might want to limit a user’s
read-write access to
certain parts of the mib-2 tree while allowing
read-only access to
the entire tree.
SNMPv3
Applications
Version 3 divides most of
what we have come to think of as SNMP into a number of
applications:
Command
generator
Generates get, getnext,
getbulk, and set requests and processes the responses.
This application is
implemented by an NMS, so it can issue queries and set
requests against entities
on routers, switches, Unix hosts, etc.
Command
responder
Responds to get, getnext,
getbulk, and set requests. This application is implemented
by an entity on a Cisco
router or Unix host. (For versions 1and 2, the
command responder is
implemented by the SNMP agent.)
Notification
originator
Generates SNMP traps and
notifications. This application is implemented by an
entity on a router or Unix
host. (For versions 1and 2, the notification originator
is part of an SNMP agent.
Freestanding utilities for generating traps are also
available.)
Notification
receiver
Receives traps and inform
messages. This application is implemented by an
NMS.
Proxy
forwarder
Facilitates message passing
between entities.
SNMPv3
Textual Conventions
SNMPv3 defines a number of
additional textual conventions, outlined in Table 3-2.
The next two sections will
look at the USM and VACM in a little more detail.
Figure
3-1. SNMPv3 entity
Table
3-2. SNMPv3 textual conventions
Textual
convention Description
snmpEngineID
An administratively unique identifier
for an SNMP engine. Objects of this type
are
for identification, not for addressing, even though an address can be used in
the
generation of a specific value. RFC 3411 provides a detailed discussion of
how
snmpEngineIDs are created.
snmpSecurityModel
An SNMP securityModel
(SNMPv1, SNMPv2, or USM). USM stands for
Userbased
Security
Model, which is the security method used in SNMPv3.
snmpMessageProcessingModel
A message processing model used by the
Message Processing Subsystem.
snmpSecurityLevel
The level of security at which SNMP
messages can be sent, or the level of security
at
which operations are being processed. Possible values are
noAuthNoPriv
(without authentication and without
privacy), authNoPriv
(with
authentication but without privacy), and authPriv
(with authentication
and
with privacy). These three values are ordered such that
noAuthNoPriv
is less than authNoPriv and
authNoPriv is less than
authPriv.
snmpAdminString
An octet string containing administrative
information, preferably in humanreadable
form.
The string can be up to 255 bytes long.
snmpTagValue
An octet string containing a tag value.
Tag values are preferably in human-readable
form.
According to RFC 3413, valid example tags include acme,
router,
and
host.
snmpTagList
An octet string containing a list of tag
values. Tag values are preferably in
human-readable
form. According to RFC 3413, valid examples of a tag list are
the
empty string, acme router, and host managerStation.
KeyChange
An object used to change authentication
and privacy keys.
------------------x---------------x--------------
Network Technology
Network nodes: switches, bridges, routers or gateways
Network Links: Local Area
Network(LAN), Wide Area Network(WAN), Access Networks, Customer
Premises
Equipment(CPE)/Home Networks
Fiber Distributed Data Interface
(FDDI) – Token Ring based architecture in fiber optic environment
VLAN – virtual LAN
WLAN – wireless LAN
DTE – Data Terminal Equipment
LAN configured in: bus, ring,
star topologies
Hub – is a pseudo topology that
combines a star topology with either of the other two
Star topology is used for hub
implementations or for WLAN using an access point (AP)
DTE – each device that is
connected in a LAN
WAN – uses either mesh or tree
topology
Mesh topology – is most common
form for Internet routing
Tree topology is employed using
brouters.
Brouters – bridged routers that
do the routing function at OSI layer 2(also known as spanning tree
configuration)
Ethernet is specified by IEEE
802.3 standard.
IBM uses Token-Ring.
Token-Ring: Whoever holds the
token can transmit data. After done with token, it passes to the downstream
neighbor thus creating round-robin situation. Hence Token ring is bandwidth
efficient
Flooding – a node receiving the
same packet multiple times
Looping – a packet going around
nodes in a loop
Mesh topology is implemented
using switches and routers.
>>SNMPv1 get/set PDU
PDUType|RequestID|ErrorStatus|ErrorIndex|Varbind1
Name|Varbind1 Value|…..|Varbindn Name|Varbindn Value|
>>SNMPv1 Trap PDU
PDUType|enterprise|agent
IP|Speficif Trap Type|Generic Trap Type|TimeStamp|Varbinds…..
>>SNMPv2 doesn’t have
separate PDU for traps. It unified all PDUs into one format except for
SNMPBulk
request which is also a new PDU introduced in SNMPv2
>>SNMPv2
get/set/trap/inform/getnext/getresponse PDU format(for trap PDU, varbind1 has
sysUpTime and varbind2 has snmpTrapOID)
PDUType|RequestID|ErrorStatus|ErrorIndex|varbinds…..
>>SNMPv2 GetBulk PDU format
PDUType|RequestID|NonRepeaters|MaxRepetitions|varbinds…
>>ErrorIndex – tells you
which varbind caused the error
