What is SNMP?

Simple Network Management Protocol (SNMP) is an internet standard protocol used to monitor and manage network devices connected over an IP. SNMP is used for communication between routers, switches, firewalls, load balancers, servers, CCTV cameras, and wireless devices.

SNMP collects, organizes, and sends data from various devices for network monitoring assisting with fault identification and isolation. Both the monitored endpoints and the monitoring system rely on SNMP for seamless communication.

SNMP Protocol

What is SNMP

Simple Network Management Protocol is an application layer protocol defined by the Internet Architecture Board in RFC 1157. SNMP protocol is used to exchange management information between network devices. It is one of the most widely used protocols for network management. SNMP is part of Internet Engineering Task Force's Transmission Control Protocol/Internet Protocol (TCP/IP) suite.

Organizations use SNMP protocol to monitor and manage devices in a local area network (LAN) or wide area network (WAN). Most network devices on the market include SNMP agents. If not, network admins can install the agents on some devices.

What is SNMP Port & Port Numbers?

An SNMP port is an SNMP communication endpoint that identifies SNMP data transfers. SNMP uses both port 161 and port 162 for sending commands and messages. SNMP managers communicate with SNMP agents through designated SNMP ports. SNMP message transfers happen via the User Datagram Protocol (UDP). The Transport Layer Security (TLS) or Datagram Transport Layer Security (DTLS) protocols are sometimes used.

Here's a list of the port numbers that each protocol uses for specific processes:


Process Protocol Port number
Request receipt by the agent UDP 161
Manager's communication with the agent UDP 161
Notification receipt by the manager UDP 162
Agent's notification generation UDP Any available port
Request receipt TLS/DTLS 10161
Notification receipt TLS/DTLS 10162

Why do you need SNMP monitoring tools?

Network admins manage the devices in a network and allocate or release ports, interfaces, and more to ensure continuous uptime and bandwidth-hog-free network operations. Closely monitoring SNMP devices is a significant part of this. SNMP monitoring requires an admin to configure the SNMP agent to send the monitoring data to an SNMP manager. Since the network management tool takes care of monitoring, admins can focus on performing corrective measures.

Based on the insights provided by these tools, admins can track the availability and performance of SNMP network devices and pinpoint issues to maintain their network's health. The ideal SNMP monitoring tool monitors different versions of the protocol to help IT admins get a complete picture of their network environment. SNMP monitoring software also shows the captured data in intuitive formats, like dashboards and graphs.

Need for SNMP

SNMP monitoring tools are necessary to:

Automatically discover, monitor, and manage network devices.

Monitor key performance metrics at the device and interface levels.

Obtain complete, granular visibility into network device performance.

Configure threshold limits and generate alerts in case of anomalies.

How SNMP works?

SNMP works by sending protocol data units, also known as SNMP GET requests, to network devices that respond to SNMP. All these communications are tracked, and network monitoring tools use GET requests to fetch data from SNMP. Traffic flows into your network from different sources. Simple Network Management Protocol communicates with the whole network and the devices in it.

As mentioned earlier, SNMP is preconfigured on devices, and once the protocol is enabled, the devices will store their performance stats. Each network server will have multiple management information base (MIB) files. The device MIB files are queried to fetch the monitoring data. The working of SNMP revolves around its components, with each component contributing to the management of resources.

How SNMP works

What are the components of Simple Network Management Protocol (SNMP)?

SNMP components consist of an SNMP manager, managed devices with an SNMP agent, and SNMP MIBs that contain SNMP OIDs.

SNMP manager

The SNMP manager is the central system used to monitor the SNMP network.Also known as a network management station (NMS), an SNMP manager is responsible for communicating with the network devices that have an SNMP agent implemented. It runs on a host within the network. The SNMP manager queries the agents, gets responses, sets variables, and acknowledges events from the agents.

Managed devices

A managed device is an SNMP-enabled network entity that is managed by the SNMP manager. These are usually routers, switches, printers, or wireless devices.

SNMP agent

An SNMP agent is a software process that plays a crucial role in network management. It responds to SNMP queries from SNMP managers to provide the status and statistics of a network node. The SNMP agent is located locally in the network device, from which the agent collects, stores, and transmits monitoring data to the SNMP manager.

SNMP MIB

An MIB forms an integral part of network management models. An SNMP MIB is a structure that defines the format of information exchange in an SNMP system. Every SNMP agent maintains an information database describing the parameters of the device it manages. An SNMP manager is a software system that uses SNMP to collect data for fault management, performance management, and capacity planning. An SNMP manager stores collected data in an MIB as a commonly shared database between the agent and the manager.

MIBs are saved as text files in a specific format that MIB editors, SNMP agent builders, network management tools, and network simulation tools can understand, facilitating network building, testing, deployment, and operations. The managed objects in an MIB file are called object identifiers (object IDs or OIDs).

SNMP OIDs

OIDs are identifiable by strings of numbers separated by dots. There are two types of managed objects:

  • Scalar objects are defined by a single object instance (i.e., there can only be one result).
  • Tabular objects are defined by multiple related object instances that are grouped in MIB tables.

MIBs organize OIDs hierarchically, represented by a tree structure with individual variable identifiers for each OID. This tree structure contains all the manageable features of all the products arranged in it. Each branch of this tree has a number and a name, and each point is named after the complete path—from the top of the tree down—that leads to that point.

SNMP MIB Tree Diagram

To provide an example from the diagram above, the OID of sysDescr is .1.3.6.1.2.1.1.1, which can be found by following the path of green points from ROOT to sysDescr:

  • ISO is .1
  • ORGANIZATION is .3
  • DOD is .6
  • INTERNET is .1
  • MGMNT is .2
  • MIB-2 is .1
  • SYSTEM is .1
  • sysDescr is .1

SNMP Versions

SNMP has three versions: SNMPv1, SNMPv2c, and SNMPv3.

SNMPv1

SNMPv1 is the first version of the protocol. It is easy to set up and is defined in RFC 1155 and 1157.

SNMPv2c

This revised version includes enhanced protocol packet types, transport mappings, and MIB structure elements. But it also uses the existing SNMPv1 administration structure, which is "community-based," hence the version name SNMPv2c. It is defined in RFC 1901, RFC 1905, and RFC 1906.

SNMPv3

SNMPv3 supports the remote configuration of SNMP entities. It also adds both encryption and authentication, which can be used together or separately, making this the most secure version yet. RFCs for SNMPv3 are RFC 1905, RFC 1906, RFC 2571, RFC 2572, RFC 2574, and RFC 2575.

SNMP Commands

SNMP commands help retrieve, manage, modify, and parse the data. These commands make network management easier.

Basic SNMP Commands

GET

The SNMP manager issues a request to the managed device. The GET command retrieves one or more values from the managed device.

GET NEXT

GET NEXT, like GET, retrieves the value of the next OID in the MIB tree.

GET BULK

This command retrieves bulk data from a large MIB table.

SET

Managers use the SET command to modify or assign the value on the managed device.

GET/GET NEXT/GET BULK/SET

GET and SET commands

TRAPS

Unlike the previous commands, which the SNMP manager initiates, SNMP agents initiate the TRAPS command. TRAPS is a signal sent to the manager by the agent when events occur.

How SNMP Traps works

INFORM

Similar to TRAPS, the agent initiates this command. However, unlike TRAPS, INFORM includes a confirmation from the manager once it receives the message.

INFORM Command

RESPONSE

This command is used to carry back the value or signal of actions directed by the manager.

Typical SNMP Communication

Since they are part of the TCP/IP suite, SNMP messages are bundled and transmitted by UDP. The following image is an example of such communication.

SNMP communication

SNMP Traps

An SNMP trap is any event generated and sent by a device and received by a trap receiver whenever a change of state or an anomaly is detected. A network management system receives these event messages. This means that fault-finding is automated, and you will instantly receive a notification if anything fails. These trap messages are generally encoded, and an SNMP trap processor is required to decode them.

SNMP traps

How does Site24x7 help with SNMP monitoring?

Site24x7 is an SNMP monitoring tool that automatically discovers and monitors SNMP devices within an IP range. With comprehensive availability monitoring, performance monitoring, trap processing, network mapping, and reporting, Site24x7 caters to all your network monitoring needs. Site24x7 also provides root cause analysis (RCA) and dashboards for easy interpretation and management.

Configuring SNMP (Simple Network Management Protocol)

Configure SNMP agents on your network servers so they can export monitoring data to the network management system.

FAQs about Application performance monitoring (APM) tools

What are SNMP devices?

An SNMP device is managed using the Simple Network Management Protocol. Routers, switches, firewalls, load balancers, storage devices, uninterruptible power supply (UPS) devices, and printers are all equipped with SNMP. The vendors preconfigure the SNMP agents, and the admins simply have to enable SNMP to start managing the device.

Why is SNMP important?

Network management is crucial to ensuring the proper functioning of different network components. SNMP follows standard protocols and procedures for data collection and communication. It is one of the best solutions for network management—and a simple one at that.

Is SNMP still used?

Yes, SNMP (Simple Network Management Protocol) is still extensively used by device vendors in network management and monitoring. SNMP is a widely used protocol that allows network administrators to observe and manage devices within their network, including routers, switches, servers, and other network equipment. It provides a standardized way to collect relevant information from network devices, including operational status, performance metrics, and configuration data. Hence, most monitoring systems use SNMP to monitor their network devices.

Can SNMPv2 and SNMPv3 coexist?

Yes, SNMPv2 and SNMPv3 can coexist. In a typical management scenario, the network management system communicates with SNMP agents of different versions. A multilingual agent, which supports all three versions, can coexist with agents that support only a single version. This is defined in RFC 25.

This coexistence is more commonly used while migrating from SNMPv2 to SNMPv3. Once migrated, it is recommended to disable the older versions.

What are SNMP community strings?

An SNMP community string, also known as an SNMP string, is a credential that provides access to the SNMP-managed device data stored within a device. It is sent when there is an SNMP GET request. It consists of an ID or a password and is usually 32 characters long. In most cases, the default community string is public.

Community strings are used only by devices that support SNMPv1 and SNMPv2c. Since SNMPv3 is highly secure, it involves username and password authentication along with an encryption key instead of SNMP community strings.

There are three types of SNMP community strings:

Type Purpose
Read-only community string Fetches only read-only information
Read-write community string Fetches data and edits the device configuration
SNMP trap community string Receives SNMP traps from the device

What is an SNMP table?

An SNMP table is an ordered collection of objects consisting of zero or more rows. Each object in a table is identified using the table index and can have a single index or multiple indices.

A scalar variable has a single instance and is identified by .0. A tabular object or a columnar variable can have one or more instances and is identified by its index value. The row index has to be appended to the variable's OID to identify a specific columnar variable.

Is SNMP TCP or UDP?

SNMP utilizes UDP, a connectionless protocol known for its fast and efficient data transmission, to meet the demands of network monitoring and management.

What are the benefits of SNMP?

SNMP offers several benefits for network management and monitoring. Here are some of the key advantages of utilizing SNMP:

  • Real-time monitoring: Quick access to performance metrics and potential problems for administrators.
  • Alerts and notifications: Address network issues and maintain service availability proactively.
  • Scalability: Facilitates monitoring of a large number of devices within complex network infrastructures
  • Remote management: Allows administrators to monitor and control devices from a centralized system.
  • Customization: Meet your monitoring needs by creating custom MIBs.