NEW

DOCUMENTATIONS

Knowledge Base & Help Desk

Extensions # Basic TCP / UDP exceptions
Posted by Ran Hartal | 2019-02-22 13:24:45
Posted by Ran Hartal
2019-02-22 13:24:45

Extensions >> Basic TCP / UDP exceptions


Allprobe's TCP / UPD (network layer) exceptions monitoring template is using the build-in Net-SNMP OIDs.

The Basic Network template is especially meaningful detecting basic core network flacuations such as DDOS attacks or sudden rais in connections. Those probes are also useful in identifying faulty network equipment.


The following SNMP OIDs is added when you add this monitoring template to a host:


Name OID Sample rate
icmpDestUnreachs 1.3.6.1.2.1.5.3.0 120 seconds
icmpInEchos 1.3.6.1.2.1.5.8.0 60
icmpInMsgs 1.3.6.1.2.1.5.1.0 60
icmpOutDestUnreachs 1.3.6.1.2.1.5.16.0 60
icmpOutEchoReps 1.3.6.1.2.1.5.22.0 60
icmpOutMsgs 1.3.6.1.2.1.5.14.0 60
segments received in error (e.g., bad TCP checksums) 1.3.6.1.2.1.6.14.0 30
tcpActiveOpens 1.3.6.1.2.1.6.5.0 60
tcpCurEstablished 1.3.6.1.2.1.6.9.0 30
tcpEstabResets 1.3.6.1.2.1.6.8.0 60
tcpOutSegments 1.3.6.1.2.1.6.11.0 60
tcpPassiveOpens 1.3.6.1.2.1.6.6.0 60
The number of TCP segments sent containing the RST flag 1.3.6.1.2.1.6.15.0 30
udpInDatagrams 1.3.6.1.2.1.7.1.0 60
udpInErrors 1.3.6.1.2.1.7.3.0 30
udpOutDatagrams 1.3.6.1.2.1.7.4.0 60

This template is also configured with some triggers to produce an alert/event on sudden rais in connections happening in an ongoing DDOS attack.


How To's