Braa SNMP Analyzer
Braa is a mass snmp scanner.
The intended usage of such a tool is of course making SNMP queries – but unlike
snmpget or snmpwalk from net-snmp, it is able to query dozens or hundreds of
hosts simultaneously, and in a single process. Thus, it consumes very few
system resources and does the scanning VERY fast.
Braa
implements its OWN snmp stack, so it does NOT need any SNMP libraries like
net-snmp. The implementation is very dirty, supports only several data types, and
in any case cannot be stated ‘standard-conforming’! It was designed to be fast,
and it is fast. For this reason (well, and also because of my laziness ;),
there is no ASN.1 parser in braa – you HAVE to know the numerical values of
OID’s (for instance .1.3.6.1.2.1.1.5.0 instead of system.sysName.0).
braa [-2] [-v] [-t <s>] [-f <file>] [-a <time>] [-r
<retries>] [-d <delay>] [querylist1] [querylist2] ...
As you can see, the list of
queries to make is specified as a commandline argument. The syntax of the query
list follows:
[community@]host1[-host2][:port]:query1[/id][,query2[/id][,query3[/id]...]]
Some Example of OID
The 'private@' part before the host range of course sets the SNMP
community name for the transaction to 'private'.
... and that seems to be all about the query format. You may also
make a file containing the query lists one by line instead of providing them as
commandline arguments. Use the -f option to load queries from such a list.
Other options are:
-r <count> retry count:
try making each query <count> times before giving up. By default, the
retry count is set to 3.
-a <seconds> deadline time; makes braa quit after
<seconds> seconds, independent on what happens.
-2 SNMPv2C - braa will introduce itself as a SNMPv2C agent (but in
fact the packets are always constructed according to SNMP1 RFCs). This is
useful for retrieving data from objects that hold data types not covered by the
SNMP1 specification - at the moment the only such supported data type is
Counter64.
-t <seconds> Wait <seconds> seconds for responses. When
nothing happens for the given time (there are no more messages to send and
nothing more is received), braa quits. The default is 2 seconds.
-d <micro> Makes braa wait for <micro> microseconds after
sending each packet. Useful if the bandwidth between you and the devices you
are querying is limited - see the short explanation on how braa works below.
Braa takes full advantage of the possibility to make serveral SNMP
queries using a single SNMP packet and will never send more than one packet per
a query type (of course except retries if there was no answer) to a host (btw,
see LIMITATIONS). This means that the following commands:
braa 10.253.101.1:.1.3.6.1.2.1.1.6.0 10.253.101.1:.1.3.6.1.2.1.1.5.0
braa 10.253.101.1:.1.3.6.1.2.1.1.5.0,.1.3.6.1.2.1.1.6.0
Do EXACTLY the same: a SINGLE packet requesting information on
.1.3.6.1.2.1.1.5.0 and .1.3.6.1.2.1.1.6.0 is sent to 10.253.101.1.
Braa sends queries for every host on the query list, meanwhile
listening for answers (non-blocking sockets are used for this purpose). Every
upcoming answer is immediately decoded and outputted. After queries for all
hosts have been sent, it waits 20 ms, and then every host that did not answered
in the first pass is sent the query again. The passes continue, until the retry
count (specified using the -r option) is achieved or until all the hosts have
answered. In the first case, braa waits then for any delayed messages for 2 seconds
(this timeout might be changed by the -t option).
Each time a packet is sent, braa might wait for a short period so as
not to flood the link to its SNMP peers. This is controlled by the -d option.
No comments