Ready for DORA & NIS2? Strengthen Your IT Resilience with our Guide! 🤓
Search
Close this search box.

What is SNMP?

Read Time: 6 minutes

This is part of a series of articles about IT Mapping

The Simple Network Management Protocol (SNMP) is a widely used protocol that allows for both the reading and updating of configuration of devices on a network. The protocol is UDP -based and is commonly supported by network devices such as switches, routers, firewalls, printers, and servers.

An SNMP network usually consists of a manager, which can update data or request data from an agent, which stores data and can send events (also known as traps) back to the manager. (For more information, see our Guide to Microsegmentation.)

The SNMP Data Model

SNMP is, in general, a hierarchical key-value database. The keys in SNMP are known as object identifiers or OIDs and are basically a list of numbers separated by dots.

For example: 1.3.6.1.2.1.1.1

Each number in the OID sequence represents a category of values. The above example for instance refers to the following SNMP value:

1  .3  .6  .1       .2   .1    .1     .1
iso.org.dod.internet.mgmt.mib-2.system.sysDescr

which contains a description of the device.

Each key has a single value of a primitive type such as an integer or a string, or a defined type such as an OID or IP Address.

The key-value pairs are described in a Management Information Base (MIB) file, which gives information on each OID and the type of data that can be found there. There are many MIB files available, some of which are defined by the different SNMP RFCs (such as SNMPv2-SMI) and some that are proprietary vendor-defined MIB files that describe specific data available in their devices.

Using the key-value pair data model, it is also possible to describe more complex data structures such as tables in the SNMP data model. This is done using the following method:

  1. Each table is given an OID value. For instance, the OID 1.3.6.1.2.1.2.2 is for the ifTable that describes all the network interfaces of a device.
  2. Then, under the table OID, there is another OID that describes a single row in a table. In this case, ifEntry with the OID ifTable.1(1.3.6.1.2.1.2.2.1).
  3. Now, for each column in the table, there is another OID defined under the OID for the row. For example, the ifIndex column has the OID ifEntry.1 and the ifDescr column has the OID ifEntry.2.
  4. For the values themselves, each row in the table has an index that is appended to the OID of the column. For example, the ifIndex of the first row in the table would be ifIndex.1 and for the second row it would be ifIndex.2.

In this manner, an entire table can be stored using this key-value format and not just single values.

Lanir Shacham
CEO, Faddom

Lanir specializes in founding new tech companies for Enterprise Software: Assemble and nurture a great team, Early stage funding to growth late stage, One design partner to hundreds of enterprise customers, MVP to Enterprise grade product, Low level kernel engineering to AI/ML and BigData, One advisory board to a long list of shareholders and board members of the worlds largest VCs

Tips from the Expert

In my experience, here are tips that can help you better leverage SNMP for network management:

  1. Implement SNMP monitoring alongside NetFlow for comprehensive insights
    Pair SNMP with NetFlow or sFlow to gain both statistical data from SNMP and detailed traffic flow information. This dual approach enhances visibility into network performance and security issues.
  2. Utilize SNMP traps for proactive alerting
    Configure SNMP traps to alert you to critical events in real-time, such as device failures or network interface status changes. This proactive approach helps in addressing issues before they escalate into larger problems.
  3. Segment SNMP traffic using VLANs
    Isolate SNMP traffic on a separate VLAN to reduce the risk of interception and to ensure that management traffic does not interfere with regular network operations. This also makes it easier to apply security policies specifically for SNMP traffic.
  4. Regularly update MIB files
    Keep your Management Information Base (MIB) files up to date to ensure accurate monitoring and management of devices. This is especially important when new devices or software versions are added to your network.
  5. Leverage SNMP for automated network topology mapping
    Use SNMP data to automate the discovery and mapping of your network topology. Tools that integrate SNMP can automatically identify network devices and their interconnections, saving time and reducing manual errors.

The SNMP Protocol

The SNMP protocol uses the UDP protocol to send and receive protocol data units (PDU). Some common PDU types are:

  • Get – Retrieves the value of a single OID.
  • Set – Sets the value for a single OID.
  • GetNext – Gets the next value available after a specific OID. This can be used to discover the next available value in the database. The GetNext PDU can be used repeatedly to “Walk” through all the available values in a database starting from a specific value (or from the first value if 0 is used as the first OID).
  • GetBulk – Returns the next multiple values after a specific OID. This is more efficient than using GetNext multiple times when multiple values are required.
  • Response – A PDU containing the data requested by one of the above operations or an acknowledgement in case of a Set operation.

In addition to the above commands, a device can also send SNMP traps. An SNMP trap is a message that is sent from an agent back to the manager to notify it of some event such as a switch sending an event that a network interface has gone up or down.

Related content: Read our guide to IT infrastructure mapping

Many SNMP browsers and libraries will also have an implementation of some helper functions to ease the reading of some common data types such as tables or will allow easily walking a subtree under a specific OID.

SNMP Authentication

Since the SNMP database can contain sensitive data and can even allow changes to a device’s configuration, the protocol requires some sort of authentication. There are two main methods of authentication used, depending on the version of SNMP being used.

Community Strings

In versions 1 and 2c of the SNMP protocol, authentication is done using a community string. A community string is basically just a password that is sent to the agent by the manager. The agent will check the string against the list of defined community strings it has. If there is a match, it will check the permissions allowed for that password. In most cases, a specific community string can be allowed access to either send Get or Set requests and can also be limited to have access only to specific sub-trees of the SNMP database.

Some devices will also have a white list specifying which IP addresses are allowed to access the device over SNMP.

If the SNMP request does not match a valid community string or if the device is not allowed access for any other reason, the SNMP server will simply not respond. In this way, a client cannot know if a device even exists or if it supports SNMP if it does not know a valid community string.

One of the main disadvantages to using SNMP community strings is from the security aspect. First of all, there is only a single identifier (the community string) as opposed to having to know a username and password, and many devices also come pre-configured with the community string “public” already defined allowing access to read the device configuration. Also, the SNMP community string is not encrypted over the network, so anyone reading packets off of the network can see the community string in clear text.

SNMP v3

The SNMP v3 protocol was introduced to solve some of the security issues that come with SNMP v2c. While it shares the same data model as previous versions, it solves the security issues by allowing user/password authentication with an SNMP server using password hashes. It also allows encryption of the data over the network. In addition, SNMP v3 also checks the integrity of the received data to make sure that it was not tampered with in transit.

In Conclusion

SNMP can be a very powerful tool for the system administrator, giving access to data and configuration from a wide range of devices. It can be used for discovery, management, monitoring, and more.

While there are some security risks involved in using older versions of the protocol, SNMP v2c is still the most widely used in most data centers today.

In this blog post, we gave a brief overview of the SNMP protocol, and this will be the first of a multi-part series in which we will go over some more details of how to use SNMP and, specifically, how it can be used to map your network topology.

Map All Your Servers, Applications, and Dependencies in 60 Minutes

Document your IT infrastructure both on premises and in the cloud.
No agents. No open firewalls. Can work offline.
FREE for 14 days. No credit card needed.

Share this article

Map Your Infrastructure Now

Simulate and plan ahead. Leave firewalls alone. See a current blueprint of your topology.

Try Faddom Now!

Map all your on-prem servers and cloud instances, applications, and dependencies
in under 60 minutes.

Get a 14-day FREE trial license.
No credit card required.

Try Faddom Now!

Map all your servers, applications, and dependencies both on premises and in the cloud in as little as one hour.

Get a FREE, immediate 14-day trial license
without talking to a salesperson.
No credit card required.
Support is always just a Faddom away.