SNMP - HackMD

# SNMP [TOC] ## What is SNMP? - **Simple Network Management Protocol** - An **application-level protocol** which is used to **communicate management information** between the managers and the agents in the network elements. ### Managers and Agents - **Manager** (management station) - A host runs the **SNMP client program**. - **Agent** (managed station) - A host or a router that runs **SNMP server program**. > The agent keeps performance information in a database. The manager has access to the values in the database. ### Concepts > What exactly does SNMP do? 1. A manager checks an agent by requesting information that reflects the behavior of the agent. 2. A manager forces an agent to perform a task by resetting values in the agent database. 3. An agent contributes to the management process by warning the manager of an unusual situation. ### UDP ports 161/162 - SNMP use the services of UDP on two well-known ports - **161** - The agent(server) issues a passive open on port 161, waits for a connection from a manager (client). - **The request messages are sent from the client's ephemeral port to the server's port 161.** > Also, the response messages will sent back through the same two ports(server's port 161 --> client's ephemeral port). - **162** - The manager(client) issues a passive open on port 162, waits for a connection from an agent (server). - **The Trap messages are sent from the server's ephemeral port to the client's port 162.** > This connection is only **one-way**, from the server to the client. :::info - **Trap Message** - An unsolicited message sent from an agent to the the manager. - **Allow the remote devices to alert the manager in case an important event happens.** - Traps don't need a status request from the manager(client). ::: :::warning Notice that **request messages are initiated by a manager(client)**, but **Trap messages are initiated by an agent(server)**. Here both the client and the server use well-known ports. In addition, both the client and the server are running infinitely. ::: ## Framework - Actually, the management on the Internet is done through the cooperation of three protocols -- SNMP, SMI, MIB. ### Analogy of three protocols -- SNMP/SMI/MIB ![](https://i.imgur.com/QZNRQ0v.png) ### Role of SNMP - **Defines the format of the packet** to be sent from a manager to an agent and vice versa. - The packets exchanged contain **the object(variable) names and their status(values)**. SNMP is responsible for **reading and changing** these values. ### Role of SMI - **Structure of Management Information** - [RFC 1155](https://datatracker.ietf.org/doc/html/rfc1155) - **Defines the rules** for - naming objects - the length, size, range of object types - how to encode - The objects in SNMP form a hierarchical structure(parent/child). So the relationship of inheritance is also defined in SMI. :::warning SMI only defines the rules, it's a collection of general rules to name objects and to list their types. ::: ### Role of MIB - **Management Information Base** - [RFC 1156](https://datatracker.ietf.org/doc/html/rfc1156) - **Defines the number of objects, name them** according to the rules defined by SMI. - Associate a type to each named object. > MIB creates a set of objects defined for each entity similar to metadata in a database(names and types without values). > ```c= > int a; > char b[10]; > int c = 2 * a; > ``` #### OID ``` Cisco 1.3.6.1.4.1.9 Juniper 1.3.6.1.4.1.2636 ``` ## Some Details - The SNMP server must support a PDU with an upper limit of 484 bytes or greater. ### PDUs in SNMP - SNMPv3 defines eight types of protocol data units 1. GetRequest 2. GetNextRequest 3. GetBulkRequest 4. SetRequest 5. Response 6. Trap 7. InformRequest 8. Report ![](https://i.imgur.com/chAxNFo.png) ### Format for SNMP PDUs ![](https://i.imgur.com/SbeVq48.png) ### Messages - SNMP does not send only a PDU, it **embeds the PDU in a message**. - A message is a sequence made of four elements - Version - GlobalData - SecurityParameters - ScopePDU(encoded PDU) ![](https://i.imgur.com/7asJPWH.png) ### SNMPv3 - Added two new features to the previous version - Security levels - Manager can choose one or more levels of security when accessing an agent. - Remote administration - Allows remote configuration of security aspects. ## Reference ### Official - [RFC 1157 - A Simple Network Management Protocol (SNMP)](https://datatracker.ietf.org/doc/html/rfc1157) ### Article - [SNMP Community Strings Tutorial and Monitoring Tool](https://www.dnsstuff.com/snmp-community-string)