If you’re a network administrator, I bet I know what keeps you awake at night: Is my network okay? Is everything running smoothly? Are my devices online and healthy, or is something about to crash and burn when I least expect it? You probably wish your network could just speak up and tell you what’s going on. Well, guess what? It can! Enter SNMP- the superhero of network monitoring that helps you stay in the know and keep things running like clockwork.
What is SNMP?
Simple Network Management Protocol (SNMP) acts as the eyes and ears of your network, constantly monitoring and reporting on the health of connected devices. It works by sending messages among network devices. SNMP helps gather vital statistics like CPU usage, disk and memory usage, and network interface statistics such as bandwidth and packet errors. It also enables remote configuration and sends alerts when issues arise, allowing you to stay ahead of potential problems and keep your network running smoothly.
So, let’s take a step back. At the heart of SNMP are two key components: the SNMP manager and the SNMP agent. A device that has SNMP enabled is known as a SNMP agent. The manager, usually another device is the network, acts as the central device, sending requests and receiving data from devices across the network. More Importantly, the roles of manager and agent are not fixed: any device can act as a manager or an agent depending on who initiates the request in each transaction. Now, let’s explore how SNMP managers fetch specific information from agents.
OIDs and MIBs
An agent contains several objects that can be interacted with. Some of these objects are part of industry standards, while others are vendor-specific to the device. For example, a switch may have objects for its name, interfaces and packet counters to name just a few. Each object is assigned a unique identifier known as an Object Identifier (OID). The OID is a sequence of numbers that may resemble an IP address at first glance and is used to uniquely identify the object. Following are some common industry-standard OIDs:
- sysName (1.3.6.1.2.1.1.5) – Represents the system’s name, typically the hostname of the device.
- sysUpTime (1.3.6.1.2.1.1.3) – Indicates the amount of time since the device was last restarted.
- ifTable (1.3.6.1.2.1.2.2) – Represents the interface table, which includes information about each network interface on the device.
- ifInOctets (1.3.6.1.2.1.2.2.1.10) – Indicates the number of incoming octets (bytes) on a particular interface.
- ifOutOctets (1.3.6.1.2.1.2.2.1.16) – Indicates the number of outgoing octets (bytes) on a particular interface.
These OIDs are stored in a file called the Management Information Base (MIB), which organizes them in a tree structure. The MIB structure allows SNMP managers to navigate through the tree to find the information they need from devices.
As an example, to find the OID for sysName (1.3.6.1.2.1.1.5), start at the root of the MIB tree, follow the path through 1.3.6.1.2.1 (System group), then to 1.3.6.1.2.1.1 (System information), and finally reach sysName at 1.3.6.1.2.1.1.5.. SNMP managers can use these OIDs to request specific information from the agent. When the request contains an OID, the agent understands which piece of information the manager is asking for and sends the corresponding data in response.
From what you know so far, it might seem straightforward that any device could request information from another device by knowing the required OID. However, this is not the case due to multiple levels of security built into SNMP. These security measures vary significantly across the different versions of SNMP, which include SNMPv1, SNMPv2c, and SNMPv3. Let’s dive into these versions to understand their security features and how they govern communication.
SNMP Versions
When a manager sends a request to an agent, the request must conform to the SNMP version the agent is configured to use. The main SNMP versions are SNMPv1, SNMPv2c, and SNMPv3. Both SNMPv1 and SNMPv2c offer similar levels of security, while SNMPv3 provides the highest level of security.
In SNMPv1 and SNMPv2c, the manager must know the agent’s community string to communicate, but this string is transmitted in plaintext. SNMPv2c also introduced additional request types to enhance functionality compared to SNMPv1.
SNMPv3 is the latest and most secure version of the Simple Network Management Protocol, designed to provide secure access to devices by authenticating and encrypting data packets over the network. Defined in RFCs 3413 to 3415, SNMPv3 enhances security through three key features: message integrity (ensuring data isn’t tampered with), authentication (verifying the source of messages), and encryption (protecting data from unauthorized access). Unlike previous versions, SNMPv3 introduces a security model that defines authentication strategies and security levels, allowing administrators to control how SNMP packets are handled securely.
Following table shows the different security levels of SNMPv3 (extracted from cisco.com)
Having covered SNMP agents, managers, and the various SNMP versions along with their security features, we now turn our focus to the different types of SNMP requests that facilitate communication between managers and agents.
SNMP Requests
SNMP provides various request types, each serving a specific purpose in monitoring and managing network devices:
- SNMP Get – Retrieves specific information from an agent.
- SNMP Walk – Systematically queries multiple OIDs in a structured way.
- SNMP Set – Modifies or configures values on an agent remotely.
- SNMP Trap – Allows agents to send alerts to managers without being polled.
- SNMP Inform – Similar to Traps but includes acknowledgment from the manager.
Understanding these request types is key to leveraging SNMP for efficient network monitoring, troubleshooting, and remote configuration.
In Linux systems, you can use the snmpd service to send and receive SNMP requests. The snmpget command allows you to retrieve specific information from a device by specifying the SNMP version, community string, target IP address, and the OID (Object Identifier) for the information you need.
snmpget -v 2c -c public 192.168.1.1 1.3.6.1.2.1.1.5
In this example:
- -v 2c: Specifies the SNMP version (version 2c in this case).
- -c public: The community string (used as a password for SNMP operations).
- 192.168.1.1: The IP address of the SNMP-enabled device you want to query.
- 1.3.6.1.2.1.1.5: The OID for the sysName object, which gives the device name.
This command will return the name of the device 192.168.1.1.
SNMP Walk, on the other hand, retrieves a sequence of OIDs from a device, essentially polling everything under a given OID or the entire MIB tree if no OID is specified. With SNMP Set, the manager can modify configurations on the device, such as changing interface status or adjusting device parameters. SNMP Trap is an unsolicited alert sent by the agent to notify the manager of significant events, like a device failure, without any request from the manager. SNMP Inform works similarly to a trap but requires the manager to acknowledge the message, ensuring reliable communication. While these SNMP requests are crucial for network management, their details and use cases require a deeper dive, which would be better suited for a separate post. Stay tuned for a future post where we’ll dive deeper into these advanced topics!
There are numerous tools available in the market that leverage SNMP as the underlying protocol for device monitoring, but Paraqum SNMP Monitor (integrated to WiDi) offers far more advanced features. Our software not only allows you to monitor devices but also creates detailed network maps and establishes links between devices. You can monitor critical metrics like RX/TX bandwidth usage on those links, as well as track resource utilization on the devices, all through SNMP. One standout feature is our dedicated MIB browser, which allows you to parse MIBs, whether they are custom MIBs you’ve uploaded or existing ones. Once parsed, you can easily add any OID to a device, and the system will automatically poll it via SNMP. To learn more about how Paraqum SNMP Monitor can enhance your network monitoring, visit our website for more details.
