SNMP (Simple Network Management Protocol) is a widely used network device management protocol. The protocol simplifies network management by providing a unified interface for many different devices connected to the same network.
In this article, you will learn about SNMP, how it works, its components, and some basic SNMP commands.
What is SNMP?
SNMP is an internet standard application-layer protocol allowing different devices on a network to communicate and exchange data. It is a part of the TCP/IP protocol suite and one of the most widely accepted network protocols.
SNMP enables users to identify devices, monitor network performance, and keep track of network changes and device status in real-time. SNMP monitors network elements using the SNMP agent that must be enabled for it to work.
The devices that use SNMP to communicate include routers, switches, printers, firewalls, load balancers, workstations, servers, cameras, and many other. SNMP collects and organizes the data from all those devices using their IP address, which facilitates network troubleshooting, monitoring, and management.
Why Do You Need SNMP Monitoring?
SNMP monitoring helps users collect various information from network devices. Since many device manufacturers support SNMP, it is easy to collect data from various network devices, NAS appliances, printers, and scanners and process it in monitoring software.
Using SNMP to monitor and manage network devices also improves customer experience because it enables the administrator to anticipate demands and quickly resolve any network errors.
Note: See the best tools for monitoring network bandwidth on a Linux server.
There are multiple advantages to using SNMP:
- Suitable for all businesses.
Since SNMP works with almost all device types, it can be used for a complete monitoring setup in both small network environments and large networks with many components. The utility can easily retrieve various types of data, such as the toner level in a printer, or the temperature in a server room.
- Straightforward monitoring.
Almost all manufacturers include an SNMP agent in their devices, so there is no need to install third-party software to enable monitoring. Thus, SNMP makes monitoring accessible to anyone without the need for proprietary software or additional access rights.
SNMP operates in a unique language allowing the users to communicate with devices from different manufacturers. One of its main benefits is that it allows administrators to manage network assets that don't have an operating system but need to be monitored - such as printers.
SNMP's uniformity makes it compatible with any operating system, including Windows, Linux, macOS, or Java virtual machines.
An SNMP system contains the following key components:
- A network management system (NMS). Manages network elements on a network.
- SNMP agent. The software that runs on the monitored hardware or service, collects metric data, and performs the requested operations in the MIB of the managed device.
- A Management Information Base (MIB). The MIB is an information database that contains the managed device parameters.
- Managed device. A node on the network (routers, access servers, switches, hubs, etc.) containing the SNMP agent and the MIB (Management Information Base).
All the components work together, allowing network engineers to extract information from network devices, regardless of the vendor, device type, or the software powering the device.
The following diagram shows the basic SNMP components and communication path:
The sections below explain each component in more detail and the functionalities they rely on.
The SNMP manager (or SNMP server) is a centralized management station responsible for communicating with the devices running the SNMP agent. The manager sends requests to the SNMP agent and receives responses at regular intervals.
It is usually a machine that runs one or more network management systems. The key functions of an SNMP manager are to:
- Send queries and requests to SNMP agents.
- Receive the responses from SNMP agents.
- Set or change different variables in SNMP agents.
- Acknowledge asynchronous events from agents.
The SNMP agent is a piece of software contained within a network device, used to monitor and manage those devices in a network.
Enabling the agent allows it to accept queries and requests from SNMP managers and respond by providing the device status and required metrics or by setting the requested variable. The agent obtains the necessary data from the MIB of the managed object.
Depending on the type of device, the SNMP agent can be standard or vendor-specific. The key functions of an SNMP agent are to:
- Collect data about its local environment.
- Store and retrieve data from the MIB.
- Notify the manager about an event.
- Act as a proxy for some non-SNMP manageable network nodes.
SNMP has two default port numbers it utilizes to send UDP data packets when sending or responding to a request:
- Port 161. Used when the NMS sends requests to the SNMP agent. If you want to change the default NMS port number, ensure that the port number used for sending requests and by the SNMP agent for responding to requests is the same.
- Port 162. Used by the SNMP agent to send traps or informs to the NMS. When changing the port number, make sure it is the same as the one used by the NMS for receiving traps and inform messages.
A managed device is a network node that contains an SNMP agent. Almost every device in a network (e.g., routers, switches, servers, printers, etc.) functions as a managed device. The NMS monitors and controls the managed devices using three SNMP commands:
readcommand. Used by the NMS for monitoring managed devices.
writecommand. Used by the NMS for controlling managed devices.
trapcommand. Used by the managed devices to report events to the NMS.
The NMS polls devices periodically, querying for status information or sending configuration changes when needed.
The Management Information Base (MIB) is a data structure that contains local network device values that can be collected, configured, and modified. It is a text file describing all data objects used by a particular device that can be queried or controlled via SNMP.
Typically, the values in a MIB include a set of statistical and control values for the hardware nodes on a network. The values correspond to the possible queries that the SNMP Manager can request from the SNMP agent. The agent collects and stores the data locally.
The SNMP agent maintains the database, while the SNMP manager uses the database to send or retrieve information and forward it to the NMS.
There are many different standardized MIBs defined by the IETF or ISO, but also proprietary MIBs defined by specific vendors. SNMP allows users to extend the MIB values to a particular agent if they are using proprietary MIBs.
The diagram above shows data hierarchy and organization inside a MIB. The tree structure contains all the manageable features of all network devices. Each branch has a number and a name, and each point is named after the complete path, from the top of the tree to the point itself.
The MIB contains many managed objects identified using Object Identifiers (OID). An OID is a numeric MIB identifier used to distinguish between different devices in the base. The system uses the OIDs to access MIB-managed objects.
There are two types of managed objects:
- Scalar objects. Unique, defined by a single object instance.
- Tabular objects. Defined by multiple related object instances that are grouped in MIB tables.
Each OID consists of strings of numbers denoting the managed objects, separated by dots. The OIDs are organized hierarchically, in a tree structure, with individual variable identifiers for each OID. The following diagram shows an example of the tree structure:
SNMP traps are messages the SNMP agent sends to notify the NMS about events or alarms in a network device. The traps inform the network administrator about a device's status and events.
There are two types of notification messages - traps and informs. While they have the same goal of informing the administrator about an event, they differ in the fact that an inform message requires a response from the NMS, while the trap message doesn't. Additionally, SNMPv1 doesn't support inform messages.
Each trap message contains the following information:
- Enterprise. The device that generates the trap message (trap source).
- Agent address. The trap source IP address.
- Generic trap. Specifies the trap type.
- Specific trap. Includes private trap information of an enterprise.
- Timestamp. Specifies the time elapsed between the reinitialization of the network entity and trap message creation.
- Variable bindings. A list of variable names and corresponding values.
The following diagram shows how the trap and inform messages work:
Different versions of SNMP have different features available, especially in terms of security. The following list denotes the key features of each SNMP version:
It is the oldest and original version of SNMP, supporting 32-bit counters. It has weak security features, identifying devices using a clear-text community string, forming an outdated authentication method. Additionally, network admins can request information without encryption.
SNMPv1 uses some default access credentials, making it easy for someone to obtain sensitive data about the network. That, combined with the lack of encryption, enables anyone with access to the network to intercept data or to assume the role of a network manager, jeopardizing the entire system.
SNMPv2 was released in 1993 and introduced security enhancements currently considered good enough for internal networks. However, it should not be an option for public-facing devices as its poor authentication system, and encryption leaves the network vulnerable to attacks.
Nevertheless, SNMPv2 is still the most deployed SNMP version, even though SNMPv3 replaced it in 1998.
SNMPv3 features improved security and data encryption and authentication support. The latest protocol version also offers packet protection during transmission.
SNMPv3 also allows network administrators to establish role-based authentication, preventing unauthorized access to sensitive network segments. Additionally, SNMPv3 can also be set up to require encryption for data transfers.
SNMP monitoring provides data that facilitates tracking a network device's status, making it ideal for IT monitoring. It allows network administrators to keep track of the most critical parameters of the system, including switches, access points, and routers, but also other network-connected devices, such as printers, hardware sensors, and others.
The sections below focus on how SNMP monitoring works, the metrics it provides, the commands it utilizes to obtain the data, and some available tools for SNMP monitoring.
How Does SNMP Monitoring Work?
The SNMP monitoring utility is a central hub for retrieving data from SNMP agents on the monitored devices. The hub also serves as a recipient for any event messages sent from the device agent.
However, although the devices contain an SNMP agent, it is considered agentless monitoring because there is no need to install the monitoring software on the devices, as the vendors have already implemented the SNMP protocol on the device.
Therefore, the monitoring works with the default device software without needing additional access rights from the device vendor. You must install a custom monitoring agent on the system if you decide to use a custom monitoring agent.
SNMP Monitoring Commands
The information exchange in SNMP monitoring is conducted by using a set of commands. The commands are listed below:
Get. The command is a request sent by the SNMP manager to the network device. Its goal is to retrieve data from the device.
GetNext. Similar to
Get, but it retrieves the value of the following OID in the MIB tree.
GetBulk. Retrieves large amounts of data from large MIB tables. It works by executing multiple
GetNextrequests and returns it all in a single response.
Set. Used for modifying or assigning a value to a managed device.
Trap. The SNMP agent sends the command to the SNMP manager, informing it about an event.
Informis also sent by the SNMP agent to the manager, informing about an event. The difference is that
Informmessages require a confirmation from the SNMP manager that the message has been received.
Response. The response messages carry back the value(s) or instructions for the device as directed by the SNMP manager.
The following table shows which command is available in which SNMP version:
Although SNMP v2 and v3 support the same commands, they differ significantly in terms of security features.
SNMP allows users to collect various metrics from devices connected to a network. The metrics include:
- Uptime. The amount of time a device has been powered on and connected to the network.
- Throughput. The amount of data transferred from the source to the destination within a given timeframe.
- Temperature. The current operating temperature of the device.
- Interface Errors. A list of errors that occurred during the device's operation.
- CPU Utilization and Memory Usage. The device's performance and resource statistics.
The network administrators can use the SNMP monitoring tools to analyze the data obtained from the device, visualize the data, and get alerts based on some metrics exceeding certain thresholds. Another useful tool are tags, which allow users to organize the metrics and compare them according to subsets.
SNMP Monitoring Tools
Network admins use SNMP monitoring tools to manage devices in a network, allocate ports or release them, and ensure smooth network operation and continuous device uptime. The monitoring tools require an admin to configure the SNMP agent so that the SNMP manager properly receives monitoring data.
Monitoring tools automatically discover new devices and start the monitoring process. The tool receives key performance metrics from each device and provides a complete overview of the device's performance. The tool allows admins to configure threshold limits and generate notifications for certain anomalies.
Based on the insight from the monitoring tools, network administrators track the availability and performance of network devices and promptly pinpoint any network issues. Some tools also provide a dashboard or graphs of the collected data.
Below is a list of different SNMP monitoring tools to help you find the one best suited for your business:
1. SolarWinds Network Performance Monitor
SolarWinds Network Performance Monitor (NPM) is an SNMP monitoring tool that boasts automatic device discovery, intelligent mapping, and an interactive, dynamic dashboard for comprehensive data overview.
The monitor is available for Windows Server and Microsoft SQL Server. The program offers a fully functional 30-day free trial, after which its services must be purchased.
2. ManageEngine OpManager
One of the key features of ManageEngine OpManager is the processing element that manages up to 300 trap messages per second. The administrator receives organized feedback that helps identify potential issues or defects, while the logging function shows a comprehensive overview of trap messages.
The OpManager is available for Linux and Windows and has a free SNMP monitoring tool. However, it is available for up to three devices, making the free version quite limited.
3. Paessler PRTG Network Monitor
Paessler PRTG Network Monitor provides three network monitoring methods, including SNMP monitoring. Combined with packet sniffing and NetFlow, it provides a comprehensive overview of network information and access to a detailed data overview.
PRTG is based on sensors, the tool's basic monitoring elements, each assigned to track a certain network part. The preconfigured SNMP sensors monitor network devices.
The cost of the monitoring tool depends on the number of sensors you need. While it is affordable for smaller businesses with a small number of network devices, it may become very costly for a big network system.
4. SysAid Monitoring
The SysAid SNMP monitoring tool allows network admins to proactively monitor network devices by automatically identifying the specified events and alarming them if there is an issue. It can monitor services, processes, website availability, changes in hardware or software, ports, listens for trap messages, etc.
The tool offers a basic and full edition, depending on the number of monitored assets, with a free trial for both versions.
Atera is an SNMP monitoring tool offering support for an unlimited number of workstations and servers. The tool monitors application usage and capacity, user activity, generates reports, and logs SNMP trap messages. It has a real-time alert system and allows remote access.
The tool has a technician-based pricing system, which is transparent and flexible. Each pricing plan also includes a free 30-day trial.
After reading this article, you should know what SNMP is, how it works, why it is beneficial, and know some of the SNMP monitoring tools available on the market.