May the source be with you,
but remember the KISS principle ;-)
Key Softpanorama Topics
|About||Contents||Top Updates||Top Visited|
|Bulletin||Selected Papers||Softpanorama Bookshelf||History|
|News||Application Layer Protocols||Recommended Links||References||Security||Perl Tools|
|Net-SNMP||Perl SNMP||Processing SMTP Traps||Tivoli SNMP adapter|
|Event correlation||Horror Stories||Random Findings||Humor||Etc|
The SNMP protocol came into existence in the late 1980’s due to the requirement of having to manage growing networks. There have been seven versions of the protocol: SNMPv1, SNMPsec, SNMPv2p, SNMPv2c, SNMPv2u, SNMPv2* and SNMPv3. SNMP v1 is the only one that has been widely implemented and deployed, though v3 is expected to eventually ascend thanks to its superior security architecture.
Only SMTP v.1 is widely used. See:
Network management means different things to different people. The ISO defines five areas of network management:
The SNMP is probably the most popular network management protocol. SNMP is UDP-based as UDP traffic will still flow in a degraded network when a connection-based transport, such as TCP, fails.
SNMP is essentially a simple request-reply protocol running over UDP (ports 161 and 162), though TCP operation is possible. It is client-server protocol, operating between a management station (server) and an agent.
The most distinctive feature of SNMP is universal naming scheme for objects called Management Information Base (MIB), a collection of information that is organized hierarchically. This is a huge tree that is comprised of managed objects with each node identified by object identifiers.
Hierarchical structure of MIB is similar to a typical Unix filesystem. Instead of organizing files, the MIB logically organizes management information in a hierarchical tree-like structure. Each node in this tree has a short text string, called a label, and an accompanying number that represents its position at that level in the tree.
An object identifier (or OID) uniquely identifies a managed object in the MIB hierarchy. The MIB hierarchy can be depicted as a tree with a nameless root, the levels of which are assigned by different organizations. RFC 1156, Management Information Base for Network Management of TCP/IP-based Internets, defines the managed objects contained in the MIB using so called Abstract Syntax Notation One (ASN.1). ASN.1 is defined in International Standard number 8824 by the ISO/OSI. The following object groups are defined in RFC 1156:
The top-level MIB object IDs belong to different standards organizations, while lower-level object IDs are allocated by associated organizations.
A managed object (sometimes called a MIB object, an object, or simply MIB) is one of any number of specific characteristics of a managed device. Managed objects are comprised of one or more object instances, which are essentially variables.
Two types of managed objects exist: scalar and tabular.
An example of a managed object is atInput, which is a scalar object that contains a single object instance, the integer value that indicates the total number of input AppleTalk packets on a router interface.
Vendors can define private branches that include managed objects for their own products. MIBs that have not been standardized typically are positioned in the experimental branch.
The managed object atInput can be uniquely identified either by the object name, for example:
or by the equivalent object descriptor,
The SNMP agent is installed on the device being managed - all its software has to do is implement a few simple packet types and a generic get-or-set function on its MIB variables. The management station presents the user interface.
Simple management stations can be built with UNIX command-line utilities. More complex (and expensive) ones collect MIB data over time and use GUIs to draw network maps.
An SNMP operation takes the form of a Protocol Data Unit (PDU), basically a fancy word for packet. Version 1 SNMP supports five possible PDUs:
All "Get" operation retrieve data from a managed device (from its SNMP agent). Network management stations can poll managed devices periodically and perform SNMP gets in order to update a graphic display.
A single "Set" operation changes the data on a managed device via the SNMP agent. A device can be instructed to change its IP address, for example. This, of course, can lead to errors because the management station would lose contact with the device until it was discovered again.
A single "Trap" operation is sending an unsolicited message to the management station. SNMP traps are often used by network devices to report on network link failures, device reboots, and so on.
Traversal operations are used by the NMS to determine which variables a managed device supports and to sequentially gather information in variable tables, such as a routing table.
The SMI for TCP/IP-based Internets is defined in RFC1157. It describes how managed objects contained in the MIB are defined. RFC1157 states that;
The specification for an object as defined in RFC 1156 is:
"An Object Identifier (OID) is a sequence of integers which traverse a global tree. This tree consists of an unlabeled root connected to a number of labeled nodes via edges. Each node may, in turn, have children of its own which are labeled."
Vendors can write their own specific MIB extensions to take advantage of their products' features.
There are many SNMP-based management applications. Many vendors offer management applications. For example:
Net-SNMP, a free SNMP implementation for Linux is probably the best starting point. It contains a tutorial.
Some other useful starting points:
|Bulletin||Latest||Past week||Past month||
A3Com is a set of Perl modules and utilites which use SNMP to manage 3Com switches, such as SS3900s, SS9300s, and CoreBuilders. Tools included will search/dump/store bridge tables, ARP tables, retrieve system info, save and restore configurations in batch mode, upload new software in batch mode, change passwords, reboot switches, dump VLAN configurations, and more.
Cimon is Perl program wich monitors the load (memory and CPU) on Cisco routers using SNMP, and generates graphics with statistics using rrdtool. It's a good source for information about your router's health. It also has the abillity to make IP accounting via Cisco IP accounting features. It creates rrd graphics with the bandwith usage and traffic logfiles. The logfiles are the same as these produced by sasacct so you can use it for date-to-date statistics and on-the-fly graphic generation.
Sep 1, 2001 | Sysadmin
The rtr-graph package described in Shearer's article is a set of Perl scripts for polling routers (or other SNMP-enabled devices) to gain specific traffic information.
MIBs are like directories; you have a broad top directory, with more specific directories within. Similarly, the uppermost MIB contains a variety of MIBs beneath it. MIBs are referred to by name or by number. At times you'll see MIBs like:
That MIB is the same as
The numerical MIB is longer than the word one. That's because the numerical MIB includes the default
.188.8.131.52.2.1, which means
.iso.org.dod.internet.mgmt.mib-2. Almost every MIB you encounter will have this leading string, which is why nobody bothers writing it down any more.
If you're in one of those kinky moods, you can even use:
Most SNMP tools prefer numerical MIBs. People prefer words. By the end of this article, you can use whichever you prefer. As usual, while my examples are written for FreeBSD, you can use them on NetBSD or OpenBSD with only minor modifications.
Exact SNMP MIBs can vary from device to device, and with the agent used. You'll want to check the documentation for your SNMP agent, or your device, to see what MIBs are available.
The best SNMP agent for BSD is
ucd-snmp. It's small, extensible, and efficient. It's included as a FreeBSD port (
/usr/ports/net/ucd-snmp). This is a popular package, and generally up-to-date. If it isn't current, the raw source of
ucd-snmpcompiles well. The
ucd-snmpfolks are actively interested in FreeBSD and quite responsive to useful problem reports, requests for help, or (better still) patches.
Installing from source is simple; the standard
./configure && make && make installwill do it for you. They even respect the FreeBSD standard of installing under
/usr/local. If you're installing on NetBSD, you'll want to edit the makefile to install under
ucd-snmpincludes not only a SNMP daemon, but also a tool to examine the SNMP tree on other hosts. This "
snmpwalk" package works well on any sort of agent: I use my FreeBSD system to
snmpwalkrouters, switches, other BSD machines, and even the occasional NT system.
Using snmpwalk is very simple:
snmpwalk hostname community
The community is somewhat like a password. A SNMP agent makes different information available to different communities. The agent can also control access by IP address, so don't be too surprised if you get different answers from different locations. Many network administrators configure their systems so that a single SNMP workstation gets full access to them, and others have restricted or nonexistent access.
snmpwalkon a local system with SNMP running. You'll get a huge pile of information. Try it again, this time redirecting the output to a file. Look through it at your leisure; you might be surprised at the amount of information the system offers via SNMP.
You can also make very specific queries via SNMP, simply by specifying the portion of the tree you're interested in.
For example, checking the Windows NT documentation, the MIB
184.108.40.206.4.1.3220.127.116.11.18.104.22.168represents "available memory." You can use
snmpwalkto check this value without logging into the system:
snmpwalk fileserver public .22.214.171.124.4.1.3126.96.36.199.188.8.131.52.0enterprises.3184.108.40.206.220.127.116.11.0 = 154447872
SNMP READMEThe Perl5 'SNMP' Extension Module v5.0 for the Net-SNMP Library Contents: Introduction: Availability: Contact: Supported Platforms: Release Notes: Installation: Operational Description: Trouble Shooting: Acknowledgments: History: Copyright: Introduction: ******************************NOTE NOTE NOTE************************** This module now relies on many other modules. Do not try to build it independently, as it won't work. Instead of running "perl Makefile.PL" in this directory, run it in the net-snmp/perl directory instead which has a global makefile used to build all the sub-modules in their proper order. ******************************NOTE NOTE NOTE************************** Note: The perl SNMP 5.0 module which comes with net-snmp 5.0 and higher is different than previous versions in a number of ways. Most importantly, it behaves like a proper net-snmp application and calls init_snmp properly, which means it will read configuration files and use those defaults where appropriate automatically parse MIB files, etc. This will likely affect your perl applications if you have, for instance, default values set up in your snmp.conf file (as the perl module will now make use of those defaults). The docmuentation, however, has sadly not been updated yet (aside from this note). This is the Perl5 'SNMP' extension module. The SNMP module provides a full featured, tri-lingual SNMP (SNMPv3, SNMPv2c, SNMPv1) API. The SNMP module also provides an interface to the SMI MIB parse-tree for run-time access to parsed MIB data. The SNMP module internals rely on the Net-SNMP toolkit library (previously known as ucd-snmp). For information on the Net-SNMP library see the documentation provided with the Net-SNMP distribution or the project web page available on 'Source Forge': http://sourceforge.net/projects/net-snmp Availability: The most recent release of the Perl5 SNMP module can be found bundled with the latest Net-SNMP distibution available from: http://sourceforge.net/projects/net-snmp (Note: The perl SNMP distribution obtained this way has the highest chance of being up to date and compatible with the Net-SNMP version with which it is bundled.) A seperately bundled package of the SNMP module can be obtained from CPAN. Development and older releases may be found at the following FTP site: ftp://ftp-east.baynetworks.com/netman/snmp/perl5 (Note: In previous releases this module was compatible with the CMU SNMP library. Starting with Perl5/SNMP-1.7 this module will *only* work with the Net-SNMP (aka ucd-snmp) library due to dependence on new features) Contact: the following forums may be helpful: comp.lang.perl.modules firstname.lastname@example.org mail list (see http://www.net-snmp.org/lists/users/ to subscribe) Supported Platforms: Linux 1.2.x, 2.x Solaris 2.x Many other UNIX variants Win9x/NT Release Notes: SNMP module version 5.0 is being developed against NET-SNMP-5.0 see http://sourceforge.net/projects/net-snmp for details. Compatibility with earlier or later versions of Net-SNMP or UCD-SNMP is not guaranteed due to the dynamic nature of open software development :).
This package contains Perl 5 modules SNMP_Session.pm, BER.pm, and SNMP_util.pm which, when used together, provide rudimentary access to remote SNMP (v1/v2) agents.
Download it from http://www.switch.ch/misc/leinen/snmp/perl/dist/
The library is featured in the book Essential SNMP by Douglas R. Mauro and Kevin J. Schmidt, July 2001, O'Reilly & Associates, ISBN: 0-59600020-0.
... This module differs from existing SNMP packages in that it is completely stand-alone, i.e. you don't need to have another SNMP package such as Net-SNMP. It is also written entirely in Perl, so you don't have to compile any C modules. It uses the Perl 5 Socket.pm module and should therefore be very portable, even to non-Unix systems.
Note: For the development of new scripts, I strongly recommend to use the higher-level programming interface provided by SNMP_util.pm. Its use is described in README.SNMP_util. The remainder of this page desribes the low-level API in SNMP_Session.pm, which you normally shouldn't use.
The SNMP operations currently supported are "get", "get-next", "get-bulk" and "set", as well as trap generation and reception.
For an excellent example of the type of application this is useful for, see Tobias Oetiker's ``mrtg'' (Multi Router Traffic Grapher) tool. Another application that uses this library is IOG (Input/Output Grapher).
multiwalk2c is a multi-threaded SNMP scanner. It is a modified version of snmpbulkwalk. It can scan agents listed in special agents file, write to a single or many output files, and traverse different parts of a MIB tree in one thread.
Release focus: Minor feature enhancements
File Format: PDF/Adobe Acrobat - View as HTML
interfaces for communicating between SNMP-based management consoles ... resource and negotiate for the resource to be freed (or free it unilaterally) ...
www.montefiore.ulg.ac.be/ ~leduc/cours/ISIR/ISIR-chap8.pdf -
SimpleWeb provides links and information on network management, including software, RFCs and tutorials. The focus is on SNMP and Internet management, but people interested in other management technologies will also find interesting information.
Maintained by the Telematics Systems and Services management group (TSS) of the University of Twente (the Netherlands), in collaboration with Jürgen Schönwälder of the TU Braunschweig (Germany).
Software section has a nice Search tool, that lets you search by OS and whether something is free.
Another SNMP links site, put up by Pierrick Simier. Nice to look at, but Search tool is not as helpful as SimpleWeb's.
Scotty - Tcl Extensions for Network Management -- contains a large collection of links
SecurityPortal - SNMP Security Resources
Linux SNMP Network Management Tools
The Simple Times Technical Article
This advisory addresses a vulnerability in the common configuration of the Windows NT SNMP Service. This vulnerability allows individuals to remotely configure network parameters that are critical to the security and proper operation of the system.
This book is the definitive guide to SNMP-based network and internetwork management for network administrators, managers, and designers. Concise, focusing on practical issues, and completely up to date, it covers SNMPv1, SNMPv2, and the most recent SNMPv3, as well as RMON1 and RMON2--all of which are currently deployed in today's LANs and WANs. With this book, you will be better equipped to determine your network management needs, gain insight into design issues, and obtain the necessary understanding to evaluate available SNMP-based products.
Snmp Network Management (McGraw-Hill Series on Computer Communications)
Written for network professionals who want to know how SNMP (Simple Network Management Protocol) really works, this book incorporates the latest version and provides hundreds of hands-on exercises from real world examples. The CD contains protocol analysis tools and complete files of data collected from working networks.
SNMP : A Guide to Network Management (McGraw Hill Series on Computer Communications)
Dr. Sidnie M. Feit
Written for both those who plan, administer, and manage networking, and for software developers who work in a networked environment, this reference presents all the ideas behind SNMP and clearly explains the protocols and mechanisms. Emphasizing practical network management, this is the only book to provide descriptions of what is managed using SNMP.
I found this book as a very good learning guide for SNMP protocol and MIB structures. The book is very good for those who want to understand SNMP and the popular MIBs.
Network Management & Monitoring with Linux by David Guerrero
Cameron Laird's personal notes on SNMP
The Simple Times - HTML Archive
The NET-SNMP Project Home Page -- looks like the most current
Network Development Software -- classic set of tools
Linux SNMP Network Management Tools -- a little bit old.
http://www.munitions.com/~jra/cricket/ cricket (a "CPU friendly MRTG")
http://ucd-snmp.ucdavis.edu ucd-snmp (to be used in combination with mon)
SNMP COMMERCIAL TOOLS
|S - Security
N - Not
M - My
P - Problem...
If you are using SNMP v1 make sure it is blocked from the Internet in general
and are using reasonably obtuse community names. SNMP v2 at least has passwords...
Look at Phrack #50 for some exploits of the SNMP security holes.
Phrack site is
Plugging Holes In SNMP -- weak
SNMP Brute Force Attack
ucd-snmp-coders mailing list archives for 2000-07 snmp securit
Security Archive November 1998 ISS Security Advisory Hidden SNMP community in HP OpenView
SNMP Security Pack
The SNMP Security Pack provides an extension to HP Open View Network Node Manager (NNM), allowing NNM (4.1 and later) to use SNMPv3 with security. SNMPv3 provides safe configuration and control operations. Its administration offers logical contexts, view-based access control, and remote configuration. The user-based authentication mechanism is based on MD5, SHA, and a loosely synchronized monotonically increasing time indicator. The user-based privacy mechanism is based on Data Encryption Standard (DES) Cipher Block Chaining (CBC) mode, 16-byte key algorithms, and multiple levels of compliance. SNMPv3 is available for networks, systems, applications, manager-to-manager communications, and proxy management of legacy systems.
This advisory addresses a vulnerability in the common configuration of the Windows NT SNMP Service. This vulnerability allows individuals to remotely configure network parameters that are critical to the security and proper operation of the system.
Roxen Community RFC 1352 SNMP Security Protocols ()
Windows NT SNMP Security Permissions
Q200885 - How to Troubleshoot SNMP Security Issues
Microsoft Windows 2000 Server Documentation
Simple network management protocol (SNMP) provides security through the use of community names and authentication traps. You can restrict SNMP communications for the agent, allowing it to communicate with only a specific list of other SNMP management systems.
You can configure SNMP security in SNMP Service Properties on the Security tab.
The following options can be configured to enable SNMP security:
- Accepted community names. The service requires at least one default community name. Public is the common community name that is universally accepted in all SNMP implementations. You can add multiple community names, and delete or change the default community name. The community names configured here are used in trap destinations. If an SNMP request is received from a community which is not on this list, it will generate an authentication trap.
- If you remove all the community names including the default name Public, SNMP will not respond to any community names presented.
- Rights. A permission level can be selected, determining how the SNMP agent processes requests from a selected community. For example, you can configure the permission level to block the SNMP agent from processing any requests from a specific community.
- Accept SNMP packets from any host. In this context, the source host and list of acceptable hosts are the source SNMP management system and the list of acceptable management systems. No SNMP packets are rejected on the basis of the name or address of the source host or the list of acceptable hosts. This option is checked by default.
- Accept SNMP packets from these hosts. In this context, the list of acceptable hosts means the acceptable SNMP management systems. When selected, only SNMP packets received from the hosts in this list are accepted. Otherwise, the SNMP message is rejected and an authentication trap sent. This selection provides greater security than using a community name, which might contain many hosts.
- Send authentication trap. Authentication is the process of verifying that a host name or address is valid. When the SNMP agent receives a request that does not contain the correct community name or is not sent from a member of the acceptable host list, the agent sends an authentication trap message to one or more trap destinations (management systems), indicating the failure of authentication. This option is checked by default.
For more information on how to configure SNMP security, see To configure securityTOPICS
The Twenty-Minute SNMP Tutorial (Perl for System Administration)
moodss A modular system, database, and network monitoring application.
Cisco Monitoring Tool Monitors CPU and memory usage on Cisco routers.
ifGraph A tool to create graphs of network interface traffic via SNMP queries.
mon Highly configurable service monitoring daemon
perlPrinterInfo A Perl script that shows you the most important data from a network printer.
Printerspy Perl/Tk tool to monitor printers via SNMP
Pancho A Perl script used to configure and archive network device configs through SNMP.
SNMP Network Auditor Tools for auditing a large network for SNMP services.
freshmeat.net Project details for Net-SNMP
The NET-SNMP (formerly UCD-SNMP) package contains various tools relating to the Simple Network Management Protocol including an extensible agent, an SNMP library, tools to request or set information from SNMP agents, tools to generate and handle SNMP traps, a version of the unix 'netstat' command using SNMP and a Tk/perl mib browser. It was originally based on the Carnegie Mellon University SNMP implementation (version 18.104.22.168), but has been greatly enhanced, ported and fixed and barely resembles the original package anymore.
freshmeat.net Project details for SNMPInfo
SNMP::Info gives an object oriented interface to information obtained through SNMP. This module is geared towards network devices. Speciality sub-classes exist for a number of network devices and MIBs.
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : C++ Humor : ARE YOU A BBS ADDICT? : Object oriented programmers of all nations : C Humor : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor: Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : The Most Comprehensive Collection of Editor-related Humor : Microsoft plans to buy Catholic Church : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor : Best Russian Programmer Humor : Russian Musical Humor : The Perl Purity Test : Politically Incorrect Humor : GPL-related Humor : OFM Humor : IDS Humor : Real Programmers Humor : Scripting Humor : Web Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor :
The Last but not Least
|You can use PayPal to make a contribution, supporting hosting of this site with different providers to distribute and speed up access. Currently there are two functional mirrors: softpanorama.info (the fastest) and softpanorama.net.|
The statements, views and opinions presented on this web page are those of the author and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.
Last modified: August 05, 2013