Aka. Simple Network Management Protocol. A network management protocol. Operates at the OSI application layer.
In FCAPS, SNMP handles performance and fault management acceptably; configuration management partially. Accounting and security management use separate techniques.
Versions
SNMP v2
Added communities and proxies.
Community
An administrative relationship between SNMP managers and agents. Serves as the primary mechanism for access control and authentication. Defines which managers are permitted to interact with which agents, and with what level of access. All managers and agents that share the same community string belong to the same community and can communicate under its permissions.
Identified by a community string which is a plaintext string. Included in every SNMP message as Community field.
Considered weak security since the string is transmitted in plaintext.
Proxy
An SNMP entity that acts as an intermediary to provide interoperability between different network management domains or protocol versions.
SNMP v3
Added security enhancements related to authentication, encryption and replay protection.
Transport
Uses UDP over:
- Port 161 for agent (receives requests).
- Port 162 for manager (receives traps).
Structure
Master agents and sub-agents run on managed devices. Management stations run the managing entity side.
MIB is accessed through agents.
Data Types
- Simple (general) types.
- Application-specific types.
Both defined using SMI (Structure of Management Information), which is a subset of ASN.1.
Usage
Operational uses:
- Monitoring device uptimes.
- Inventory of OS versions.
- Collecting interface information.
- Measuring network interface throughput.
- Querying remote ARP caches.
Visualisation uses:
- Traffic graphs, topology maps — generated by third-party tools (MRTG, Nagios) that consume SNMP data.
PDU Structure
SNMP Message — outer envelope containing: Version, Community, SNMP PDU.
Request PDUs
GetRequest, GetNextRequest, and SetRequest share a common structure:
| Field | Description |
|---|---|
| PDU type | identifies the operation |
| Request id | matches request to response |
| (two fields) | set to 0 |
| Variablebindings | list of name-value pairs |
Response PDU
GetResponse PDU:
| Field | Description |
|---|---|
| PDU type | — |
| Request id | — |
| error-status | error code |
| error-index | identifies the failing variable |
| Variablebindings | — |
Trap PDU
Agent-initiated; sent on exceptional events.
| Field | Description |
|---|---|
| PDU type | — |
| Enterprise | OID of the device type |
| Agent-addr | IP address of agent |
| Generic-Trap | standard trap type |
| Specific-trap | vendor-specific trap code |
| Time-stamp | time since last re-initialisation |
| Variablebindings | — |
Variablebindings
A sequence of (name, value) pairs: name₁, value₁, name₂, value₂, …, nameₙ, valueₙ.