Mini-Howto: SNMP (Simple Network Management Protocol)

This Howto covers some SNMP Basics and examples how you can read some values


The “Simple Network Management Protocol” is a powerful possibility to query network-devices for information, or even to manage them. It’s often also a security risk. As SNMP is a bit difficult to use at the beginning some administrators just skip over it. This can lead to security holes, when SNMP is activated by default on devices. For example on some HP-Switches I configured the default setting for SNMP was set to “read + write” for “public”. SNMP was limited to the local network, but still this enables all connected servers to shutdown ports and have other fun as they wanted. Often the configuration is like that to enable some configuration tools to control the switches.

You can find more information in the wikipedia article

What can I do with it?

So what excactly can I do with it? Here some examples

  • Manage all your switches over a nice gui – major producers of network hardware often provide some management gui which is based on SNMP
  • Automatically query your hardware for some information, like sent packets, packet-loss, printer cartridge status, etc.
  • Automatically set some values, or change configurations, e.g. disable ports which are source of a DOS-attack

Basic Principles


SNMP is a database with a tree structure. The nodes and leafes of the tree are represented by numeric values. The “Management Information Database” (MIB) translates these numeric values into human understandable values. The tool to manually translate values is “snmptranslate”. Here an example:

Let’s assume you want to check automatically how full are your printercartridges to order new supplies, when they’re used up to 70%. So you need information about which cartridge has which fillstand. Let’s start with the name of the cartridges. In the SNMP-Database the path for the black cartridge would be:

. = STRING: "Black Cartridge HP CB540A"

pretty intuitive, hu? But let’s look at the same example using the proper MIB: = STRING: "Black Cartridge HP CB540A"

Like this it’s a lot easier to figure out the meaning of the SNMP-Entry’s. Of course with string-values often you can figure out the meaning, just by the value (Black Cartridge HP CB540A is pretty unique), but take integer values and you are lost and really need the MIB.

There are various sites in the net, where you can get MIBs for almost every device out there, one example is this:

SNMP communities

In protocol version 1 (all I used) the privileges are managed over so called “communities”. With every SNMP-Request you have to provide a community. The SNMP-Server then checks if this community has the necessary rights (read, write) to complete the operation. Otherwise it returns nothing, the request times out. Basically i use the default “public”-community, which normally gives read-rights to quite a lot of values. If you want to enable a more strict security policy, disable the rights for the “public” community and create a new community with a cryptic name, like “Cie5fie9ei” (<- this is an example, create your own). Then you grant the rights to this hard guessable community. Community-names like "read" or "write" are not so smart, because they can be figured out easily.


SNMP comes with a bunch of programs, which are easy to use (if you know how).


At the beginning, normally you don’t know exactly which values you can query. So it’s a good idea to just query everything. snmpwalk does exactly this. It walks all tree nodes and leafes and echos them.

snmpwalk -m ALL -Os -c public -v 1
  • -m ALL : query all MIBs in the default directory (/usr/share/snmp/mibs under my system)
  • -Os : some output formatting, for details look in “man snmpcmd”
  • -c public : query the public community
  • -v 1 : use SNMP-Protocol Version 1 , most simple devices (like printers) just support this version

There are echoed 1180 lines similar like these:

... more lines ...
prtMarkerSuppliesType.1.1 = INTEGER: toner(3)
prtMarkerSuppliesType.1.2 = INTEGER: toner(3)
prtMarkerSuppliesType.1.3 = INTEGER: toner(3)
prtMarkerSuppliesType.1.4 = INTEGER: toner(3)
prtMarkerSuppliesDescription.1.1 = STRING: "Black Cartridge HP CB540A"
prtMarkerSuppliesDescription.1.2 = STRING: "Cyan Cartridge HP CB541A"
prtMarkerSuppliesDescription.1.3 = STRING: "Magenta Cartridge HP CB543A"
prtMarkerSuppliesDescription.1.4 = STRING: "Yellow Cartridge HP CB542A"
... more lines ...

to get the full path use:

snmpwalk -m ALL -Osf -c public -v 1


just get some specific values

snmpget -OQ -v 1 -c public sysLocation.0


translate “named” path values into numeric values and vice versa

example, translate the named path to numeric:

snmptranslate -m ALL -On

the output:

pixelstats trackingpixel

Comments (2)

DennisOctober 12th, 2010 at %I:%M %p

Thanks really helped me until then I thought SNMP was some massive thing, well simplified, brilliant for a beginner like me so gonna read more on it. Dont see much jobs advertising for it though, but still gonna learn it.

adminOctober 20th, 2010 at %I:%M %p

glad you liked the article. yeah, when one got the basics it’s not so difficult. Perhaps you don’t see it in much job advertistings but i think it is an essential part of every admins daily work. You can query/monitor all kind of services with it and many monitoring systems like for example OpenNMS or Nagios make use of it. Also for security implications it is good to know that there might be a factory-default security hole (as written in the introduction).

Leave a comment

Your comment

Time limit is exhausted. Please reload the CAPTCHA.