Debian Package of the Day (static archived copy)

Entry submitted by Kurt Pfeifle. DPOTD needs your help, please contribute !

Some common daily problems for IT people….

• You are installing a Laserjet driver for the brandnew Lexmark printer your boss bought, but you do not know: was the darn thing shipped with a PostScript module installed or does it understand PCL only?
• You are wondering, what the LCD display of the printer down the hall currently indicates, but you’re too busy to get up and walk down?
• You are bothered by a user who phones “My big HP jammed; though I removed the paper, this red light keeps blinking all the time!”?

Use scli.

scli is the command to invoke the “SNMP Command Line Interface”. A little known console utility, it is of great use to me on many occasions.

Executive summary:

scli connects to any SNMP-enabled network node and lets you interactively “browse” through the values stored in the device’s SNMP database (”MIB”, Management Information Base). My own personal usage is mainly for network printers (yeah, that’s why I picked these examples), but scli can work with many more device types: bridges, routers, gateways, switches, computers and more. (And it also has a scriptable, non-interactive mode).

Target users:

• users who want to learn what kind of info the devices owned by them do reveal to their network neighbourhood
• users who are executing a kind of “remote helpdesk” function (in their job, for their friends, or within their own family)
• users who are just curious about SNMP functions, and want to learn about that resource and about their network nodes
• users who are somewhat familiar with “snmpwalk”, but not familiar enough to run it without consulting the manpage every time again)

Links:

• Upstream homepage
• Screenshots
• Documentation
• Mailing List (Note: the URL on the scli homepage is broken)

Glorious details for the curious:

scli does not only give you a more user friendly way than snmpwalk to run SNMP queries, it also formats the results it returns in a more user friendly way. You can run scli interactively (which gives you its own shell+prompt to run different commands) or in a way that just executes one command, displays the result and returns to your standard shell (this mode is also good for scripting stuff).

By default, scli returns plain ASCII text messages. But you can also tell it to return XML by using the “–xml” parameter. (XML may be useful if you want the return to be processed by software, instead of being read by a human).

Assuming the network node you are interested in poking at has the IP address 192.168.23.45. Start the tool by typing

  scli 192.168.23.45

SNMP-enabled devices by default use “public” as their “community name”, and if scli does not see a community name on the commandline, it tries to use “public”.

You wonder what that community name” thingie means? It is a very weak way of authorization; in essence, a password common to all users, but no separate user names. SNMP in version 1 will not even encrypt the community name on the wire! Yes, that’s very bad security for most devices, but that’s how the real life SNMP world around us currently is. (SNMP v2 and v4 are better, but not yet as common in devices used out there).

If you have a less open node, and you happen to know the used “community name”, use it as an additional argument:

  scli 192.168.23.45 "community-name"

If it succeeds connecting, scli will present you its prompt:

  scli > 

It is in interactive mode now. Type “help” to see the available commands. Type “show system info” to find out who the vendor of the device was, and what the model name is. I’m sure you will find more interesting queries of your own quickly.

scli has a good commandline auto-completion (using the [TAB] key) built in. Type “show system [TAB] [TAB]“ to get a list of subcommands other than the “info” we used. You’ll see possible completions “devices info mounts processes storage”. That means “show system storage” is another valid scli full command. Try it.

Of course, you can even try “show system” on its own [without any of the available sub commands]. That makes scli execute all of these subcommands and return all results at once (but piped through a pager).

The same is true for “show [TAB] [TAB]“ or “show” all on its own. Run it and see all SNMP info about of device you are currently accessing.

A few tips will help you get up to speed with scli:

1. Your most important command to remember with scli is “show scli command [TAB] [TAB]“.
2. Your most frequently used initial command with scli will probably be “show scli command tree”.
3. scli ships with a very good man page; make sure to look at it at least one time.
4. scli can return its qurey results XML-formated, if called with the “–xml” parameter.

scli is available in Debian (stable, testing and unstable all have 0.2.12-2, while experimental has 0.3.0-0.1). If you happen to use 0.3.0, don’t miss to try a scan for SNMP enabled devices in your neighbourhood. At the interactive scli command prompt (scli >), type “run scli scan <a-network-IP-address-in-your-reach>”. Or run scli in command mode from the shell, and type: “scli -c ‘run scli scan <a-network-IP-address-in-your-reach>’” (that network address may be something like 192.168.0.0/24 or 10.162.4.0/22). This scan command is one of the new ones in 0.3; it will present you a list of all SNMP-enabled nodes that respond to the (unsafe) community name “public” (which we didn’t explicitely need to type here). You may want to fix that hole…

scli was created by Prof. Juergen Schoenwaelder, who also is one of the people who created the SNMP standard and wrote the RFCs describing it.

P.S.: Oh, you *really* wanted to know the answers to these initial questions? Ok, here we go: