Network admins generally manage the devices in a network and allocate and free up ports and interfaces to ensure continuous uptime and bandwidth-hog-free network operations. Closely monitoring SNMP devices is a major part of this. Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. SNMP allows devices to communicate even if the devices are different hardware and run different software. In other words, SNMP is a communications protocol through which an admin, via manager systems and authorized agents, can monitor and even manipulate some aspects of a networks configuration and traffic.

SNMP monitoring tools are necessary to:

  • Automatically discovering, monitoring, and managing network devices.
  • Configuring threshold limits and generate alerts in case of anomalies.
  • Monitoring key performance metrics at the device and interface level.
  • Obtaining granularity into the performance of network devices.

SNMP protocol is an application layer protocol defined by the Internet Architecture Board in RFC1157. This Protocol generally uses User Datagram Protocol (UDP) port number 161/162.

There are multiple versions of the SNMP protocol, and SNMP is so popular that most network devices come pre-bundled with SNMP Agents. The most recent version of the protocol, SNMPv3, includes security mechanisms for authentication, encryption and access control.

The purpose of SNMP is to provide network devices such as routers, servers and printers with a common language for sharing information with a network management system (NMS). Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more. In fact, without a protocol like SNMP, there would be no way for network management tools to identify devices, monitor network performance, keep track of changes to the network, or determine the status of network devices in real time.



ITperfection, security, monitoring, network monitoring, SNMP-01

SNMP exposes management data in the form of variables on the managed systems organized in a management information base (MIB) which describe the system status and configuration. These variables can then be remotely queried (and, in some circumstances, manipulated) by managing applications.

SNMP can issue read or write commands, such as resetting a password or changing a configuration setting. It can also report back how much bandwidth, CPU and memory are in use. SNMP works by sending messages, called protocol data units (PDUs), to devices within your network that “speak” SNMP. These messages are called SNMP Get-Requests. Using these requests, network administrators can track virtually any data values they specify. All of the information SNMP tracks can be provided to a product that asks for it.

The clients, called agents, are any type of device or device component connected to the network. They can include not just computers but also network switches, phones, printers, and so on.

The protocol’s client/server architecture has four components:

  • SNMP Manager: It acts as the client. The SNMP manager is the central system used to monitor the SNMP network. Also known as a network management station (NMS), an SNMP manager is responsible for communicating with the SNMP-agent-implemented network devices. It runs on a host on the network. The manager queries the agents, gets responses, sets variables in them, and acknowledges events from them. In other words, when the SNMP Manager asks the Agent a question, the Agent uses the MIB to supply the answer.
  • SNMP Agent: It acts as the server. An SNMP agent is a software process that responds to SNMP queries to provide status and statistics about a network node. SNMP agents play the most important role in management. They are locally located and associated with SNMP network devices from which they collect, store, and transmit monitoring data. Data is transmitted to the designated SNMP manager when queried. In fact, SNMP software agents on network devices and services communicate with a network management system to relay status information and configuration changes.
  • SNMP-managed network nodes: These are the network devices and services upon which the agents run. A managed device is a network node that implements an SNMP interface that allows unidirectional (read-only) or bidirectional (read and write) access to node-specific information.
  • Management Information Base (MIB): It acts as the server’s database. An SNMP MIB is a structure that defines the format of information exchange in an SNMP system. Every SNMP agent maintains an information database describing the parameters of the device it manages. An SNMP manager is a software system that uses SNMP to collect data for fault management, performance management, and capacity planning. SNMP managers store collected data in a MIB as a commonly shared database between the agent and the manager. The managed objects in an MIB are called object identifiers (object IDs or OIDs). In fact, an OID uniquely identifies each object managed within an MIB hierarchy and its design makes it reasonably flexible for even proprietary needs. MIBs can be created for any network device in the Internet of Things (IoT), including IP video cameras, vehicles, industrial equipment and medical equipment.

SNMP includes an “inform” message type that allows a network monitoring tool to acknowledge messages from a device. Inform messages allow the Agent to reset a triggered alert.



ITperfection, security, monitoring, network monitoring, SNMP-02

Generally an SNMP agent and manager will utilize an array of relatively simple commands to communicate with one another:

  • GetRequest: Generated by the SNMP manager and sent to an agent to obtain the value of a variable, identified by its OID, in an MIB.
  • GetNextRequest: This command does the same but for the next sequential object after the previous Get.
  • SetRequest: A manager-to-agent request to change the value of a variable or list of variables.
  • GetBULKRequest: An optimized version of GetNextRequest. Sent by the SNMP manager to the agent to efficiently obtain a potentially large amount of data, especially large tables.
  • Response: Sent by the agent to the SNMP manager, issued in reply to a GetRequest, GetNEXTRequest, GetBULKRequest, and a SetRequest. Contains the values of the requested variables. This PDU was called GetResponse in SNMPv1. Used to carry back the values or signal of actions directed by the manager.
  • Trap: Asynchronous notification from agent to manager. This command provides an unsolicited Response, generally to serve as an alert or heads up of an event or threshold.NMP traps enable an agent to notify the management station of significant events by way of an unsolicited SNMP message.
  • InformRequest: And this command is essentially a response but specific to Traps to assure agents that it has been received, as they will continue sending Traps otherwise. An asynchronous alert similar to a TRAP, but requires confirmation of receipt by the SNMP manager.



ITperfection, security, monitoring, network monitoring, SNMP-03

We have introduced some SNMP-related tools in our blogs so far. For example, you can read the following blog:

Network Inventory Tool: LANsweeper

LANsweeper network inventory does three main task: Discovery, Inventory, and Analytics