Previous Page | Next Page

  1. Introduction
  2. Network Topology
  3. Hardware Connections
  4. TCP/IP Ports and Addresses
  5. Network Protocol Levels
  6. Data Link Layer and IEEE
  7. Network Protocol Categories
  8. Repeaters, Bridges, Routers
  9. ARP and RARP Address Translation
  10. Basic Addressing
  11. IP (Network)
  12. TCP (Transport)
  13. UDP (Transport)
  14. ICMP
  15. Hardware Cabling
  16. Wireless media
  17. Outside Connections
  18. Ethernet
  19. Token Ring
  20. ARCnet
  21. AppleTalk
  22. FDDI
  23. IPX/SPX
  24. NetBEUI
  25. AppleTalk
  26. SNA
  27. Others
  28. Simple Routing
  29. More Complex Routing
  30. IP Masquerading
  31. Firewalls
  32. Domain Name Service (DNS)
  33. Virtual Private Networking
  34. DHCP
  35. BOOTP
  36. RPC and NFS
  37. Broadcasting and Multicasting
  38. IGMP
  39. Dynamic Routing Protocols
  40. Simple Mail Transfer Protocol (SMTP)
  41. Simple Network Management Protocol
  42. Network Services
  43. Installing Drivers
  44. Network Operating Systems
  45. Applications
  46. Wide Area Networks
  47. Backing up the network
  48. Fault Tolerance
  49. Troubleshooting
  50. Commonly used Network Ports
  51. Networking Terms and Definitions
  52. Networking RFCs and Protocols
  53. Further Reading
  54. Credits

Simple Network Management Protocol

Simple Network Management Protocol (SNMP) is used as the transport protocol for network management. Network management consists of network management stations communicating with network elements such as hosts, routers, servers, or printers. The agent is the software on the network element (host, router, printer) that runs the network management software. Therefore when the word agent is used it is referring to the network element. The agent will store information in a management information base (MIB). Management software will poll the various network devices and get the information stored in them. RFC 1155, 1157, and 1213 define SNMP with RFC 1157 defining the protocol itself. The manager uses UDP port 61 to send requests to the agent and the agent uses UDP port 62 to send replies or messages to the manager. The manager can ask for data from the agent or set variable values in the agent. Agents can reply and report events.

There are three supporting pieces to TCP/IP network management:

  1. Management Information BASE (MIB) specifies variables the network elements maintain.
  2. A set of common structures and a way to reference the variables in the database.
  3. The protocol used to communicate between the manager and the network element agent which is SNMP.

SNMP collects information two ways:

  1. The devices on the network are polled by management stations.
  2. Devices send alerts to SNMP management stations. The public community may be added to the alert list so all management stations will receive the alert.

SNMP must be installed on the devices to do this. SNMP terms:

  • Baseline - A report outlining the state of the network.
  • Trap - An alert that is sent to a management station by agents.
  • Agent - A program at devices that can be set to watch for some event and send a trap message to a management station if the event occurs.

The network manager can set the threshold of the monitored event that will trigger the sending of the trap message. SNMP enables counters for monitoring the performance of the network used in conjunction with Performance Monitor.

SNMP Communities

An SNMP community is the group that devices and management stations running SNMP belong to. It helps define where information is sent. The community name is used to identify the group. A SNMP device or agent may belong to more than one SNMP community. It will not respond to requests from management stations that do not belong to one of its communities. SNMP default communities are:

  • Write = private
  • Read = public

SNMP Security

SNMP should be protected from the internet with a firewall. Beyond the SNMP community structure, there is one trap that adds some security to SNMP.

  • Send Authentication Trap - When a device receives an authentication that fails, a trap is sent to a management station.

Other configuration parameters that affect security are:

  • Accepted Community Names - Only requests from computers in the list of community names will be accepted.
  • Accept SNMP Packets from Any Host - This is checked by default. Setting specific hosts will increase security.
  • Only Accept SNMP Packets from These Hosts - Only requests from hosts on the list of IP addresses are accepted. Use IP, or IPX address or host name to identify the host.

SNMP Message Types

There are five types of messages exchanged in SNMP. They are referred to by Protocol Data Unit (PDU) type.

PDU TypeNameDescription
0get-requestGet one or more variables .(manager to element)
1get-next-requestGet next variable after one or more specified variables. (manager to element)
2set-requestSet one or more variables. (manager to element)
3get-responseReturn value of one or More variables. (element to manager)
4trapNotify manager of an event. (element to manager)


The SNMP message with PDU type 0-3 consists of:

  1. Version of SNMP
  2. Community - A clear text password character string
  3. PDU type
  4. Request ID - Used to associate the request with the response. For PDU 0-2, it is set by the manager.
  5. error status - An integer sent by the agent to identify an error condition
    ErrorNameDescription
    0no errorOK
    1too bigReply does not fit into one message
    2no such nameThe variable specified does not exist
    3bad valueInvalid value specified in a set request.
    4read onlyThe variable to be changed is read only.
    5general errorGeneral error
  6. error index - Specifies which variable was in error when an error occurred. It is an integer offset.
  7. name - The name of the variable (being set or read).
  8. value - The value of the variable (being set or read)
  9. any other names and values to get/set

The SNMP message with PDU type 4 (trap) consists of:

  1. PDU type
  2. Enterprise - The agents OBJECT IDENTIFIER or system objects ID. Falls under a node in the MIB tree.
  3. agent addr - The IP address of the agent.
  4. Trap type - Identifies the type of event being reported.
    Trap TypeNameDescription
    0cold startAgent is booting
    1warm startAgent is rebooting
    2link downAn interface has gone down
    3link upAn interface has come up
    4authentification failureAn invalid community (password) was received in a message.
    5egp neighbor lossAn EGP peer has gone down.
    6enterprise specificLook in the enterprise code for information on the trap
  5. Specific code - Must be 0.
  6. Time stamp - The time in 1/100ths of seconds since the agent initialized.
  7. name
  8. Value
  9. Any other names and values

Types of data used:

  • INTEGER - Some have minimum and maximum values.
  • OCTET STRING - The number of bytes in the string is before the string.
  • DISPLAY STRING - Each byte must be an ASCII value
  • OBJECT IDENTIFIER - Specifies a data type allocated by an organization with responsibility for a group of identifiers. A sequence of integers separated by decimals which follow a tree structure.
  • NULL - Used as the value of all variables in a get request.
  • IpAddress - A 4 byte long OCTET STRING. One byte for each byte of the IP address.
  • PhysAddress - A 6 byte octet string specifying an ethernet or hardware address.
  • Counter - A 32 bit unsigned integer
  • GaugeAn unsigned 32 bit integer with a value that can increase or decrease but wont fall below a minimum or exceed a maximum.
  • TimeTicks - Time counter. Counts in 1/100 of seconds.
  • SEQUENCE - Similar to a programming structure with entries of type IPAddress called udpLocalAddress and type INTEGER called udpLocalPort.
  • SEQUENCE OF - An array with elements with one type.

The MIB data structure RFC 1213

In the above list the data type "OBJECT IDENTIFIER" is listed as a part of the management information database. These object identifiers are referenced very similar to a DNS tree with a directory at the top called root. Each node in the tree is given a text name and is also referenced numerically similar to IP addresses. There are multiple levels in the tree with the bottom level being variables, and the next one up is called group. The packets sent in SNMP use numeric identifiers rather than text. All identifiers begin with iso(1).org(3).dod(6).internet(1).mgmt(2).mib(1). Numerically, that is 1.3.6.1.2.1. In text it is "iso.org.dod.internet.mgmt.mib". Under mib are the following groups. The information in these groups is not complete and you should refer to the RFC for full information.

  1. system
    1. sysDesc (DisplayString) - Description of entity
    2. sysObjectID (ObjectID) - Vendors ID in the subtree (1.3.6.1.4.1.
    3. sysUPTime (Timer) - Time the system has been up
    4. sysContact (DisplayString) - Name of contact person
    5. sysName (DisplayString) - Domain name of the element such as mymachine.mycompany.com
    6. sysLocation (DisplayString) - Physical location of the element.
    7. sysServices 0x1-physical, 0x02-datalink, 0x04-internet, 0x08 end to end, 0x40-application. If the bit is set the service is provided
  2. interfaces
    1. ifNumber (INTEGER) - Number of network interfaces
    2. ifTable (table)
      1. ifIndex
      2. ifDescr - Description of interface
      3. ifType - 6=ethernet, 7=802.3 ethernet, 9=802.5 token ring, 23 = PPP, 28=SLIP
      4. ifMtu
      5. ifSpeed - Bits/second
      6. ifPhysAddress
      7. ifAdminStatus - Desired state of interface 1=up, 2=down, 3=testing
      8. ifOperStatus - Current state of interface 1=up, 2=down, 3=testing
      9. ifLastchange
      10. ifInOctets - Total bytes received
      11. ifInUcastPkts
      12. ifInNUcastPkts
      13. ifInDiscards
      14. ifInErrors
      15. ifInUnknownProtos
      16. ifOutOctets
      17. ifOutUcastPkts
      18. ifOutNUcastPkts
      19. ifOutDiscards
      20. ifOutErrors
      21. ifOutQLen
      22. ifSpecific
  3. at - Address translation group
    1. atIfIndex (INTEGER) - Interface number
    2. atPhysAddress (PhyAddress)
    3. atNetAddress (NetworkAddress) - IP address
  4. ip
    1. ipForwarding
    2. ipDefaultTTL (INTEGER)
    3. ipInReceives (counter)
    4. ipInHdrErrors (counter)
    5. ipInAddrErrors (counter)
    6. ipForwDatagrams (counter)
    7. ipInUnknownProtos (counter)
    8. ipInDiscards (counter)
    9. ipInDelivers (counter)
    10. ipOutRequests (counter)
    11. ipOutDiscards (counter)
    12. ipOutNoRoutes (INTEGER)
    13. ipReasmTimeout (counter)
    14. ipReasmReqds (counter) - Number of IP fragments received that need to be reassembled.
    15. ipReasmOKs (counter)
    16. ipReasmFails (counter)
    17. ipFragOKs (counter)
    18. ipFragFails (counter)
    19. ipFragCreates (counter)
    20. ipRoutingDiscards (counter)
    21. ipAddrTable (table)
      1. ipAddrEntry (index)
        1. ipAdEntAddr
        2. ipAdEntIfIndex
        3. ipAdEntNetMask
        4. ipAdEntBcastAddr
        5. ipAdEntReasmMaxSize
  5. icmp
  6. tcp
  7. udp
    1. udpInDatagrams (counter) - UDP datagrams delivered to user processes.
    2. udpNoPorts (counter) - UDP datagrams which were not received at the port since there was no application to receive it.
    3. udpInErrors (counter) - Number of UDP datagrams not delivered for reasons other than no applications available to receive them.
    4. udpOutDatagrams (counter) - Number of UDP datagrams sent.
    5. udpTable (table)
      1. udpEntry - Specifies the table entry number
        1. udpLocalAddress
        2. udpLocalPort

The ordering of data in the MIB is numeric. When the getnext function is used it gets the next data based on the numeric ordering.