116 COMMANDCENTER NOC ADMINISTRATOR GUIDE
In most cases, if the CC-NOC is not collecting data from a particular device, it’s usually because
of a misconfiguration on the remote device. Often, incorrect community strings are the culprit, or
the SNMP service has not been turned on or configured correctly.
There are several ways you can test the SNMP configuration for your devices:
• Use the SNMP Walk tool on the Network Infrastructure Tools page from the Tools
tab. This is the quickest and easiest method.
• Using a freeware utility, like GetIF. It is available at
http://www.wtcs.org/snmp4tpc/getif.htm . This utility has some additional
functionality, other than just confirming strings, and bears further discussion.
GetIF
The GetIF utility, which runs on Windows 2000/2003/XP, allows you to type in a hostname and a
community string, click a button, and see if data is available from the agent. If data is available, it
will not only pull it from the agent, but it will organize it very handily for troubleshooting
purposes. A screen shot of GetIF that shows some of the examples used earlier:
The power of GetIF is in using it to minimally expose the ability the gather data. On the main
panel, you have a series of fields that, if data is available, are automatically populated. In the case
that they are, you know you have the correct community string and simply need to update the CC-
NOC, if you can’t get data, you know have a tool that can help you in the troubleshooting process.
A screenshot of that main panel:
Be sure to add GetIF to your toolbox of network troubleshooting tools. It can also come in handy
when troubleshooting some potential “re-parenting” problems in your environment as well. For
example, if you click on GetIF’s Addresses tab, you’ll get a listing of the interfaces that the
SNMP agent on that device knows about. This can be VERY handy when troubleshooting re-
parenting problems. Armed with GetIF, you’ll likely figure out a little more about SNMP and be
able to provide additional information to us as you deploy new gear and new networking
technologies.
Vulnerability Scanning
The vulnerability scanning service relies heavily on some very advanced features of the TCP and
UDP services on your nodes. As a basic test, you should make certain that you could connect to
the open services on the device before initiating a scan. This will at least verify that you can route