SNMP (Simple Network Management Protocol)
Definition
SNMP (Simple Network Management Protocol, RFC 1157) is an internet-standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information. It is the de facto standard for network monitoring and device management.
SNMP enables network administrators to monitor network-attached devices for conditions that warrant alerts.
SNMP Architecture
Network Manager (NMS) Managed Devices
┌─────────────────┐ ┌─────────────────────┐
│ SNMP Console │ │ Router/Switch │
│ (Nagios/Zabbix) │◄── SNMP ────▶│ SNMP Agent │
│ Grafana/Prometheus│ │ MIB database │
└─────────────────┘ └─────────────────────┘
│
├── Printer
├── Firewall
├── Server (IPMI/SNMP)
└── UPS
SNMP Versions
| Version |
Year |
Security |
Notes |
| SNMPv1 |
1988 |
None (community string) |
Original, widely supported |
| SNMPv2c |
1993 |
None (community string) |
Added bulk operations, error handling |
| SNMPv3 |
1998/2002 |
Auth + encryption |
Authentication, encryption, access control |
SNMP Operations
| Operation |
SNMPv1 |
SNMPv2 |
Description |
| GET |
Yes |
Yes |
Retrieve a single OID value |
| GETNEXT |
Yes |
Yes |
Retrieve next OID in MIB tree |
| GETBULK |
No |
Yes |
Retrieve large data sets efficiently |
| SET |
Yes |
Yes |
Modify an OID value |
| TRAP |
Yes |
Yes |
Unsolicited notification from agent |
| INFORM |
No |
Yes |
Acknowledged trap (NMS confirms receipt) |
A MIB is a hierarchical database of managed objects defined by OIDs (Object Identifiers):
iso (1)
└── org (3)
└── dod (6)
└── internet (1)
└── mgmt (2)
└── mib-2 (0)
├── system (1)
│ ├── sysDescr (1) — device description
│ ├── sysUpTime (3) — uptime in seconds
│ └── sysContact (6) — admin contact
├── interfaces (2)
│ ├── ifTable (1)
│ │ ├── ifDescr (2)
│ │ ├── ifType (3)
│ │ ├── ifMtu (4)
│ │ └── ifSpeed (9)
├── ip (4)
│ ├── ipInReceives (10)
│ └── ipOutRouts (11)
├── ifInOctets (10)
└── ifOutOctets (16)
Common SNMP OIDs
| OID |
Name |
Description |
| 1.3.6.1.2.1.1.1 |
sysDescr |
System description |
| 1.3.6.1.2.1.1.3 |
sysUpTime |
System uptime |
| 1.3.6.1.2.1.2.2.1.6 |
ifPhysAddress |
Interface MAC address |
| 1.3.6.1.2.1.2.2.1.10 |
ifInOctets |
Bytes received on interface |
| 1.3.6.1.2.1.2.2.1.16 |
ifOutOctets |
Bytes sent on interface |
| 1.3.6.1.2.1.1.5 |
sysName |
System hostname |
SNMP in Monitoring
| Tool |
SNMP Support |
Notes |
| Nagios |
Full SNMP checks |
Traditional monitoring |
| Zabbix |
Full SNMP support |
Template-based monitoring |
| Prometheus |
SNMP exporters |
SNMP→Prometheus via snmp_exporter |
| Grafana |
Via Prometheus/InfluxDB |
Visualization layer |
| LibreNMS |
Full SNMP discovery |
Auto-discovery, auto-configuration |
| PRTG |
Full SNMP support |
Commercial monitoring |
SNMP Security
- SNMPv1/v2c: Community strings sent in plaintext (like passwords)
- SNMPv3: Supports authentication (HMAC-MD5/SHA) and encryption (DES/AES)
- Best practice: Use SNMPv3 with auth+priv, or limit v2c to trusted networks
- Firewall: Restrict SNMP to management network only (UDP 161/162)
