Simple Network Management Protocol or SNMP is a protocol for exchanging information between network devices. The protocol is application–layer and is defined by the Internet Architecture Board (IAB) in RFC1157.
There are a lot of SNMP monitoring systems available on the market today that can detect SNMP traps in real-time and let you set alerts based on automatic or user-set trigger conditions. Trap details can be logged with the time the event occurred, associated hostnames and the type of trap event.
Here’s our list of the best SNMP monitoring tools:
- SolarWinds Network Performance Monitor EDITOR’S CHOICE This is the industry leader for network device monitoring and it uses SNMP to communicate with equipment and uses SNMP Trap receiver monitoring; The software installs on Windows Server 2016 or later and it is free to use on a 30-day trial.
- Paessler PRTG Network Monitor (FREE TRIAL) A comprehensive monitoring tool for networks, servers, and applications with SNMP providing data collection systems for the LAN monitoring functions.
- Site24x7 (FREE TRIAL) A comprehensive IT infrastructure, applications, and user behavior monitor that uses SNMP to track network performance.
- Atera (FREE TRIAL) A network monitoring system that is tailored towards Managed Service Providers and is underpinned by SNMP.
- ManageEngine OpManager (FREE TRIAL) A comprehensive SNMP-based network monitor that has a great user interface.
- SysAid Monitoring A challenger SNMP-based network monitoring system that is an add-on to Help Desk software.
- Kaseya Network Monitor Part of Kaseya VSA, this monitoring tool uses SNMP to collect device statuses.
- piceworks Network Monitor An ad-supported free network monitoring system that is based on SNMP procedures.
- Pulseway IT Management Software An infrastructure monitoring system that relies on SNMP for device status monitoring.
- LogicMonitor Software-as-a-Service network monitoring that interfaces with SNMP to monitor network device health.
- Event Sentry A resource monitoring system that combines threat protection with device monitoring. Equipment health checks rely on SNMP.
- Ipswitch WhatsUp Gold A network monitoring system that runs on Windows Server and utilizes SNMP to gather equipment status data.
The best SNMP monitoring tools
The ease of use of SNMP monitoring systems and the important contribution that Traps provide makes this protocol an essential part of any network administrator’s toolkit. It is great to be alerted of potentially damaging conditions on equipment and resolve those issues before the users start calling. Being proactive and discovering errors saves a fortune on Help Desk time.
The cost savings borne of SNMP monitoring in terms of Help Desk budget is further illustrated by the number of companies that offer these systems as modules in a suite of services that also includes Help Desk interoperability.
The SolarWinds Network Performance Monitor (NPM) is our top pick SNMP management tool. The installation of this system is very easy, thanks to a device discovery tool, which will locate, map, and configure all of the nodes on your network, installing agent software, or instructing existing, pre-loaded agents.
The console of this network monitoring system tracks availability and load and keeps you updated when new devices are added or nodes get taken away. This is particularly useful for large networks that cover multiple sites, or workplaces that have a “Bring your own device” policy.
A graphical map shows you all of the topology of your network and reports on link utilization through color coding. You don’t have to set up this map yourself because the SolarWinds software compiles the data on your network and puts them on the map automatically.
The SolarWinds console is able to zoom in on each detected device and show a detailed performance report. The Node Details screen of the console leverages graphical displays to instantly make visual checks on the health of a device.
A typical network includes SNMP-enabled devices sourced from a number of different manufacturers. SolarWinds is ideal for a multi-vendor network environment because it relies on the universal Simple Network Management Protocol to ensure interoperability.
The location and ownership of network segments don’t matter to the Network Performance Monitor. This enables cloud services to be integrated into the network. The performance of links to those off-premises services can help the network manager decide where extra resources are needed to prevent bottlenecks.
The automation of setup and the ability to use the Network Performance Monitor to adjust the settings of devices means that the Network Manager is able to maintain multi-site networks from anywhere in the world. It is no longer necessary to employ a key network manager at every site of a network because all administration tasks can be centralized, thanks to the SolarWinds Network Performance Monitor.
SNMP Trap Receiver Monitoring is made easy with Network Performance Monitor where you can receive, log and display SNMP traps whenever an event occurs. The monitor and intuitive dashboard give you a commanding view of network resources and performance including device event information.
Get 30-Day Free Trial: olarwinds.com/network-performance-monitor/
OS: Windows Server 2016 or later
The PRTG system from Paessler includes three different network monitoring methods and SNMP is one of them. The other two are packet sniffing and NetFlow. Each of these three technologies provides a specific level of network information. The role of SNMP in the PRTG system is to provide an overview of network performance. NetFlow and packet sniffing are both engaged when analysis of network traffic is required.
The interpretation of SNMP messages is complicated by the fact that there are several different versions of the standard. The network management software you choose might not be compatible with the SNMP versions that firmware of your equipment uses. The PRGT Network Monitor is able to interpret all versions of SNMP. Paessler has also compiled interpretations of the custom OIDs that many network equipment manufacturers add to the standard MIB list. PRGT Network Monitor software can be installed on Linux, Windows, and macOS.
PRGT Network Monitor categorizes facility statuses as “sensors.” So, there is a CPU Load Sensor, a Disk Free Sensor, and so on. In all, PRGT incorporates more than 200 sensors, giving you the ability to keep track of network performance over a wide range of factors.
The manager software of PRGT is able to discover all available SNMP devices connected to the network. However, you might need to access each device individually and manually set up SNMP, because many devices are shipped with their SNMP capabilities switched off. Equipment firmware that includes firewalls also has to be adjusted to allow SNMP messaging through.
The management console includes an SNMP tester, which enables you to get more precise details remotely on a reported alert condition arriving via a trap message. The dashboard of PRGT includes graphical elements, such as dials and graphs that give instant recognition to overall network performance. It is also possible to drill down and examine the status reports of each device, which can also be displayed as real-time graphs. Download a 30-day free trial here.
Site24x7 is a cloud-based service, which probably points towards the common format of the future for infrastructure monitoring systems – the network monitoring software does not need to be resident on a server that is directly connected to that network.
The distance of the remote server that hosts the monitoring software from the network that is being monitored only requires an internet connection to ‘bridge’. Many business managers may be nervous about network information being let outside the building, particularly in these days of heightened cybersecurity attacks.
An essential element for any business service delivered remotely is connection security. Site24x7 addresses these concerns by encryption communication between their servers and the networks of their customers. Another potential security weakness lies in the communication between technicians at the client site and the console resident on the Site24x7 server. Those communications are also protected by encryption.
So, the remote nature of Site24x7 shouldn’t raise concerns. The network monitoring section of this service relies on SNMP to discover devices, generate a device inventory, and draw up a network topology map.
The monitor communicates with switches and routers through SNMP procedures. It also monitors network appliances, such as firewalls, wireless network access points, cloud resources, and internet connection for WANs.
Site24x7 also monitors server performance. While SNMP provides pre-installed agents on switches and routers, servers can only be fully monitored through the installation of a dedicated Site24x7 agent. The existence of SNMP agents in the firmware of network devices is a distinct advantage. Not all network managers like the idea of installing agents on-site for access by remote monitoring services, so Site24x7 gives customers the option of working on an agentless model. However, that strategy reduces the amount of information that the monitor can extract from the client’s servers.
The Site24x7 service is charged for on a subscription basis, which is an attraction for startups and cash-strapped SMBs because they don’t have to pay the full cost of the monitoring software upfront. Even better, there is a free version of the service for very small networks with up to five servers or websites to monitor. The paid version of the service is marketed in four editions. You can gain access to a free trial that lasts for 30 days.
Atera integrates its network monitoring system into a complete MSP support package, which includes a Help Desk system. The complete system covers the usage and capacity of apps and infrastructure and generates invoices and reports from logs of staff activities.
This option would be a good choice if your IT department operates as an income center or if your business provides fee-based support to other companies. The SNMP involvement in this package is concentrated on the network monitoring module. SNMP Traps provide a key element of the monitoring system, providing real-time alerts in the Atera console.
The network manager dashboard includes scripts that automate routine administration tasks and you can also create your own custom scripts to complete your regular tasks your way.
Atera allows you to reach out from the data center, and even leave it. The system includes remote access procedures and it is also possible to access the dashboard from a mobile device. The dashboard includes real-time performance graphs to speed decision making. Alerts can be set to trigger notifications by email.
Configuration control and patch management is also centralized. Remote management utilities enable you to centralize IT support for multi-site, or even multi-customer scenarios. The closed-loop information flows between the network monitor and the Help Desk system keeps customer Support teams apprised of solution progress in real time and enables online operators to match existing system alerts with incoming queries.
Atera offers a free trial that helps you get the feel of the system. There are also video walkthroughs available on the Atera website to show you how to use the package effectively.
You can gain accesss to a 30-day free trial when you register on their site.
ManageEngine OpManager is a very comprehensive facilities management tool that includes network mapping, configuration management, traffic analysis, WAN link monitoring, network status monitoring, and even a specific module for VoIP traffic management.
The first day of an OpManager install involves network discovery and mapping, which the management software can carry out automatically. The system uses a range of protocols to keep track of the performance of equipment and infrastructure. SNMP is used in conjunction with WMI and CLI to provide process monitoring and system health monitoring. WMI is Windows Management Instrumentation — this technology can sometimes put extra load on a network, whereas SNMP is a very lightweight system.
Monitoring data can be accessed from mobile devices, which helps you keep on top of situations when you are out of the office or on a site visit. Overall, the management console is very attractive. Topology visualizations are map-based for multi-site networks, and colorful graphs and dials make quick overview checks fruitful.
The Configuration Management module helps you keep track of software version statuses and enables you to patch and update remotely from one central location.
You can analyze traffic by application and get network load visualizations that show overloaded or underutilized infrastructure at a glance. These facilities extend into security management because you can get alerts on exception traffic levels from certain devices, specified applications, or both. This demonstrates where unusual activity occurs, and traffic analysis tools can help you packet sniff problems to identify irregular system usage.
The Trap processing element of OpManager can process 300 messages per second, giving collated feedback on arising equipment problems and failures. Logging functions include trap conditions. Other logs are an event log for security purposes and syslog interpretation that highlights critical conditions in all system logs. The visibility of network performance is made easier by monitoring templates, which are pre-written reports that source live data from the entire monitoring system.
OpManager comes in three different editions – Standard (10+ devices starting at $245), Professional (10+ devices starting at $345), and Enterprise (250+ devices starting at $11,545). The free edition can monitor up to 3 devices. You can download OpManager on a 30-day free trial.
SysAid produces a range of IT support utilities and SysAid Monitoring is one of those. The SysAid Monitoring package is not a standalone product but is an optional extra for the Help Desk and IT service management software systems that the company produces.
The system relies on SNMP and its Trap alerts that enable the monitoring system to spot problems before network users call them into the Help Desk. Ongoing monitoring examines resource utilization to assist network administrators in capacity planning.
You can choose to get notified of alert events either by email or SMS, which means that you can keep on top of system issues around the clock, even when you are out of the office. Although the system comes with a set of commands and utilities that help automate network management, you can also create your own custom scripts to get the precise functionality that helps your job as network manager run smoothly.
The main panel of the consoles shows a table of performance metrics for the whole network with each record featuring data from one asset. Performance monitor graphs are instantly available as overlays on the main screen on demand for each asset.
The notifications for each device don’t just log hardware statuses, but you can see instantly if the software is altered on each device. This is a great way to keep on top of security breaches, such as virus attacks or Advanced Persistent Threat disabling of network activity reporting. Those network activity reports can also alert you to intrusion by displaying abnormal traffic on specific network cards.
SysAid also produces a Help Desk module and the Monitoring system integrates seamlessly with that. This enables you to get a data flow through into opening up response tickets. It also keeps the support team informed with answers in response to user calls about any problems that arise.
The Kaseya Network Monitor is part of a wider network and system remote monitoring package, called Kaseya VSA.
The Network Monitor Module includes a visualization of the topology of your network displayed on a world map. This is very similar to the network visualization feature built into SolarWinds Network Performance Monitor. The dashboard of the network manager includes other visualizations including charts, performance graphs, and other graphical interfaces.
Performance data featured in the monitor includes CPU utilization and which nodes originate and receive the most network traffic. Storage space utilization is another focus topic. SNMP Trap alerts are integrated into the Kaseya Network Monitor system.
Network elements that the Network Monitor has specific functions for include mail servers. The Monitor keeps tabs on the availability of mail servers and keeps track of their capacity and performance.
The standard install includes pre-set reports and a list of routines and commands to help automate processes. However, the system also integrates a scripting language, called Lua, that enables you to create your own custom automation programs. Lua scripts are easy to put together because the Kaseya Network Monitor environment includes an Integrated Development Environment to help you assemble them.
The patch status of all network devices is instantly available in a specialized panel of the dashboard. Installer and update programs can be distributed and implemented on remote network nodes from one central console.
The wider VSA system has a comprehensive patch management module and also monitors the status of network devices for malware. You can integrate cloud storage into your network through Kaseya VSA and manage network remotely, accessing each node for manual troubleshooting.
Atera is pitched at a reasonable price. However, Spiceworks goes one better: it’s free. The dashboard features real-time performance graphs for all the devices on the network, which makes the screen look a little crammed. However, if there’s something wrong on the network, you’ll spot it straight away.
Those SNMP Traps are displayed as device alerts in a headline strap in the dashboard and they certainly can’t be overlooked. You can specify those alerts be sent to you via email as well.
The attributes of each device that make it onto the screen in the form of performance graphs are selected by the user. There are nine attribute slots in all that can show you real-time data on factors such as I/O rate, packet loss, and packet throughput.
Version control functions are available with Spiceworks. User event tracking will enable you to monitor for unusual activity on the network. These two elements are important tasks for network managers now that vulnerabilities appear quickly and updates to block those exploits are produced almost as fast.
The Spiceworks network has a learning center and community forums that can help you pick up tips on getting the most out of your network monitoring software.
The network monitoring module of Pulseway’s IT management software is based on the SNMP system. The SNMP manager software can be loaded onto Windows, Linux or macOS, which then communicates with the SNMP agents that are loaded into the firmware of your network-attached equipment.
A rules base in the manager can be set to categorize alert levels when SNMP Trap signals come in. The response to these alerts can be scripted to automate reporting and device resets. The central console can be accessed through mobile devices, which enables you to manage the network while away from your desk.
Service and system restarts can be commanded from the management console and you can also get remote access to equipment through a terminal session. A scripting element enables you to automate processes such as scheduled monitoring, version upgrades, backups and, security sweeps. The management console can be accessed from any terminal on the network.
The Pulseway software integrates with software from other vendors, which includes the Slack messenger system, Kaspersky antimalware, and SQL Server.
The access management system allows you to grant different levels of access to different user types. This enables you to grant read-only access to live reporting screens of the dashboard, enabling customers and upstream managers to check on progress towards goals.
The Pulseway software enables you to manage sites remotely, integrating networks from dispersed locations into one WAN that can be monitored and managed uniformly. A remote Desktop feature even allows you to access individual devices attached to the wider network, no matter where they are in the world.
Version control and patch management is another module of the Pulseway system. This enables you to update operating systems and firmware automatically across the system. The system is also capable of monitoring mail servers, virtual machines, internet servers, and applications, including cloud services.
Like Paessler’s PRGT monitoring system, LogicMonitor blends data sourced from NetFlow with its SNMP services to give a complete representation of a network’s performance. While NetFlow shows traffic flows over links, SNMP monitors the status of the network equipment and devices connected to that network.
LogicMonitor leverages the Software-as-a-Service model. That means that the servers that collate information on your network are held offsite. You access information through a browser on your desktop, or through an app on your mobile device. An element of this service that is resident on your site, called the Collector. Think of this as a relay for the SNMP manager. So, rather than running the manager software on your network, the collector receives all data from device agents and forwards that on to the LogicMonitor server. The Collector’s communication with the LogicMonitor server over the internet is fully encrypted.
The cloud-based concept of LogicMonitor enables it to integrate data from multiple sites and also from other cloud services, such as cloud storage or managed application servers. Being a third-party, the LogicMonitor treats all resources equally, no matter where they are located or who owns and manages them.
The SNMP agents on your equipment regard the Collector as the SNMP manager. The functionality of the communication between the LogicMonitor server and its Collectors enables network discovery. Topology is charted on an attract real-world map. Other graphics on the dashboard include real-time performance line graphs and the ability to view snapshots or aggregations of historical data. These reporting graphs include the ability to perform trend analysis and forecast capacity requirements for each node on the network, segments of the network, or the network as a whole.
Event Sentry monitors the utilization of resources — both hardware and software, like most network monitoring systems. However, this package has a security monitoring feature that enables the tracking of user activity as well. The system can be tuned to look out for multiple logins across servers, and activity across the network that might indicate an Advanced Persistent Threat or virus infection. Another warning sign is the number of failed authentication attempts, which may indicated a brute force password cracking attempt.
Given recent headlines regarding ransomware attacks, the system monitoring procedures of Event Sentry to guard against this category of attacks is especially interesting. This network monitoring system has a much greater stress on network security than on resource performance.
Internet monitoring checks on events for incoming connections and can trace a location of a suspicious source to integrate origin details into activity reports.
Getting back to hardware performance, SNMP is used to monitor the capacity of network equipment. The SNMP Traps are collected by the Event Sentry network management console. The performance of UPS units and Linux machines is particularly followed by Event Sentry. The system routinely polls for conditions including CPU usage, memory availability and storage capacity.
On the software front, Event Sentry keeps track of the current versions of all applications and operating systems available on the system and logs the latest versions for each, giving update functions an alert.
The dashboard can be accessed via browser and there is also a version of the monitor’s reporting console that can be channeled to TVs around the office. The web interface of Event Sentry can be displayed in nine different languages, including English, Spanish, German, and French. The interface has a note keeping facility to enable you to remark on events and highlight important information.
The WhatsUp Gold monitoring system by Ipswitch covers infrastructure monitoring, focusing on network performance. The system runs on Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016. The software installs itself and finishes the initialization process with a network discovery routine. That network discovery is driven by SNMP.
The SNMP MIB response gives the manager full details of each device. The details tell the central controller the device’s type, manufacturer, serial number and firmware version as well as current status settings. Each device is identified by an IP address, a MAC address, and a hostname.
The WhatsUp Gold central console software assembles the information collected from the SNMP responses into a database. The device register is searchable and you can also filter the device list display.
That database provides the source information for a network map, which depicts all of the devices on the network and the connections between them. The statuses of devices and links are color-coded on the network map, which instantly shows you which parts of the system are experiencing problems.
The SNMP manager of WhatsUp Gold keeps polling the network, requesting reports from SNMP device agents. The information gathered from these MIB responses are shown on the WhatsUp Gold dashboard in real time. The constant updates on statuses also identifies altered or moved devices and that information gets written into the database and it also updates the network map. You don’t have to adapt either the device list or the map when you add or remove devices because the SNMP manager notices those changes automatically and updates all information in the database and in the console for you.
The manager is also constantly listening for Trap messages from the device agents. These Traps get interpreted into alerts, which are shown on the dashboard and they can also be sent out as notifications via email or SMS. Notifications can also be delivered a Slack messages, IFTTT posts or web alarms. You can get WhatsUp Gold on a free trial.
Definitive SNMP Guide
What is SNMP?
When organizing your network, you will be faced with a range of proprietary and open protocol-based options. The Simple Network Management Protocol is one of those options. SNMP is not a product of any single company. Rather, it is a set of guidelines freely available to everyone. If you decide to implement SNMP for your network, you will then be faced with deciding which implementation to choose.
SNMP is implemented on a wide range of hardware including network devices such as switches, bridges, routers, and gateways, and also on endpoint equipment such as printers. As such, you will discover that manufacturers already include SNMP agents on the operating systems of the devices that you buy to include on your network.
Network managers are very familiar with the concept of protocols. The definition of the Simple Network Management Protocol is managed by the Internet Engineering Taskforce and it can be downloaded for free from the IETF website. SNMP fits into the application layer of the TCP/IP stack.
The IETF labels the protocols that it manages with a “request for comments” number, or RFC. There have been three versions developed for SNMP. These are:
- RFC 1157 – a refinement of the first definition of the protocol, known as SNMPv1.
- RFC 1901 – this is SNMPv2c and includes improved error-handling methodologies evolving the original SNMPv2 definition, which was contained in RFC 1441.
- RFC 3410 – the latest version of the protocol, known as SNMPv3, which has enhanced security and privacy features.
As it has been around longer, there are more implementations of SNMPv1 on the market. SNMPv1 was first defined in 1988, although earlier RFCs defined this version prior to RCF 1157.
SNMPv2 dates back to 1993. The core definition of version 2 includes a “party-based” authentication security model. This is hardly ever implemented because it uses a complicated system. SNMPv2c is the most widely used variant of version 2. This is exactly the same as SNMPv2, except that it uses a “community-based” model for authentication. You might also see reference to SNMPv2u, which uses a “user-based” system for authentication. This is not as popular as SNMPv2c.
The extra security features of the latest version should be sought out, so aim for networking software that implements SNMPv3. This version employs user-based authentication, the same as SNMPv2u. SNMPv3 includes the ability to use transport layer protocols, such as SSH and TLS in order to provide encryption protection to messages.
The user-based authorization in SNMPv3 offers three statuses that can be allocated to each user:
- NoAuthNoPriv — no authentication and no encryption of the messages they send and receive.
- AuthNoPriv — authentication necessary but no message encryption.
- AuthPriv — authentication necessary and messages are encrypted.
An SNMP network includes the following three elements:
- Managed devices, such as switches, routers, servers, workstations, and printers
- Software agents that run constantly to monitor the status of all devices
- A Network management system (NMS) which requests, compiles, and stores status information.
Now let’s take a deeper look at these contributors to an SNMP network.
How SNMP works
The controlling element of SNMP is the network manager. This can be installed on any computer on the network. The network manager drives the system, whereas the software agents’ main task is to respond to requests from the network manager.
The SNMP Manager
The network management system includes a schedule for querying agents. Each device on the network has a software agent installed on it and the communication of SNMP takes place between the manager and the agents, making it unnecessary for the network manager to communicate directly with each device.
A central element of SNMP is the Management Information Base (MIB). The MIB is a communications framework and dictates the format of data communicated between the network manager and each device agent.
The SNMP standard allows for more than one manager. The responsibilities of each manager may overlap.
The SNMP Agents
The SNMP agent monitors the device on which it is installed. It creates a local MIB, maintaining the status of each category in the database, ready to respond to requests for information from the network manager. The agent does not automatically communicate with all network managers. It will only respond to managers that it has been configured to deal with. This selective communication strengthens the security of SNMP because each network manager has to authenticate its identity with credentials before an agent will respond to its request.
The SNMP system includes a pre-defined information structure, which includes a little flexibility in the information that it can handle. So, you may find that the agent implementation that is already loaded onto the equipment that you buy contains some extra information slots that aren’t defined in the protocol.
The Management Information Base
The MIB structure dictates the format of information exchange in an SNMP system. Information on a device is collected by its associated SNMP agent and stored in a text file at the device. When a request for information arrives from the SNMP manager, that data is returned showing the current status of the specified parameter.
The notation of conditions and statuses is mapped in a hierarchy. This hierarchy has two forms of notation: one that uses number and one that uses variable names. Either naming system can be used for interaction between the manager and the agent.
The hierarchy is expressed as an addressing system. Each address is called an object ID, or OID. The addresses of each point in the hierarchy rely on inheritance. So, a root address would be 1 and then all nodes beneath that point in the tree would also include 1 in its label, such as 1.1, 1.2, 1.3, etc.
The MIB notation has been revised since it was first created. The newer version of the system is called MIB-2. The version of the notation being used for communication is written into the address. The standard address for internet resources in the addressing scheme is 184.108.40.206. This can also be written as iso.org.dod.internet. The management function of this resource has the OID 220.127.116.11.2.1, or iso.org. dod.internet.mgmt-mib-2. That last element — 1 or mib-2 — indicates that the MIB-2 address format is in operation.
You can get more details on the meaning of OID addresses at the OID Repository. When you install an SNMP system, you don’t need to understand the entire MIB-2 addressing language because the SNMP manager dashboard will interpret these addresses for you and present the values transferred by this system as meaningful data rather than delivering a long list of variables and statuses for you to decode.
The Simple Network Management Protocol includes the definition of seven network message types, which are also known as “protocol data units.” These are:
- Get – an information request
- GetNext – requests next information segment
- GetBulk – requests a range of information categories
- Set – change a setting
- Response – the reply from the agent
- Trap – an alert
- Inform – acknowledges a Trap
The SNMP manager sends out Get, Set, GetNext, and GetBulk, and PDUs. The agents send back Response PDUs. The Trap PDU is a method made available to agents in order to send out unsolicited alerts, and managers send Inform PDUs to acknowledge Trap messages.
Message Types in More Detail
Here are some more details on each message type:
- Get – The Get PDU is the main method used by the SNMP manager to request information from a service agent on a specific object identifier.
- GetNext – The GetNext message type allows the SNMP manager to work through an ordered list of OIDs according to the standard MIB hierarchy. So, the SNMP hierarchy would start at a specific point in the hierarchy with a Get request, and then continue through point by point with a series of GetNext requests.
- GetBulk – The GetBulk request is implemented as a sequence of GetNext requests, allowing a large segment of the MIB hierarchy to be queried by the SNMP manager from a device agent.
- Set – The Set message type is the method that the SNMP manager uses to instruct an agent to alter a setting on the device that it monitors.
- Response – The Response message type is used by the device agents. It acts as a delivery mechanism for the requested information. In cases where no information is required back, such as with a Set PDU, the Response acts as an acknowledgment.
- Trap – The Trap PDU enables the device agents to send out alerts to the SNMP manager. These Trap messages concern the failure of the monitored device, maintenance issues, and other unexpected conditions.
- Inform – The Inform message is the SNMP manager’s version of a Response. It is only sent out in reply to a Trap message. This acts as an acknowledgment and the device agent will keep resending its Trap message until it receives an Inform PDU back from the manager.
The Trap command is one of the most distinctive features of SNMP and is probably the reason why the protocol is so universally applied in the networking industry. The Trap will pick up on events that the scheduled Get requests from the manager might miss.
Network Equipment Issues
Just about all network equipment and most devices intended to connect to a network now ship with an SNMP module installed. This gives most of the hardware that you acquire the ability to send Trap messages. In most cases, the SNMP functions are turned off in the factory settings. So one of your tasks, when you plug in a new piece of kit, is to log into its administration console and turn SNMP on.
Older equipment may not have SNMP capabilities. However, that doesn’t mean that you have to throw it way. You can install an RTU to interface on it. “RTU” means “remote terminal unit.” Think of it as a modem for one piece of equipment. This device will implement SNMP monitoring on that device and send out Trap messages when error conditions are detected.
SNMP Version Issues
Different versions of SNMP can be a problem when buying network equipment. It is better to settle on one version. As SNMPv3 includes encrypted messaging and more sophisticated authentication procedures, it is best to settle with version 3.
Unfortunately, as SNMPv3 access levels are defined per user and not per device, it isn’t really backward compatible with devices running earlier protocol versions. In these instances, you can install a translator to make your equipment SNMPv3-compatible. The translator is another RTU and it can handle incoming traps from a lot of devices, encrypt them, and convert them to the SNMPv3 standard. The only weakness of this solution is that the messaging that feeds into the RTU is not secure. If you run several sites, you will need at least one translator per site.
The issue of compatibility and newer versions is a problem that all IT managers face with all of their equipment and software. Migrating from an older version of SNMPv3 may seem to be an unnecessary expense for established businesses. You don’t need to worry about your traps running out over the internet unencrypted if you opt for a SaaS solution to network monitoring because all of the cloud services run messaging through a client program on your network, which will encrypt all internet communications.
SNMP capabilities are already installed on network devices out of the box. However, in some cases, that capability may be turned off. You need to make sure the SNMP service is active on each of your network devices and servers. The activated SNMP service will run constantly, starting up with the operating system. The location of the executable files and its name varies depending on your operating system.
You will get a number of .mib files on each of the servers on your network. These files are generated when you activate the SNMP agent and they are not properties of the collector. On Windows, these files are stored in the Windows\System32 directory. On Linux, the MIB files will be in /usr/share/snmp/mib.
The SNMP manager has a collector, a data store, and a user interface. Cloud-based network monitors still need the collector installed on a server on your network — the store and the user interface software are held on a remote server. An on-premises installation consists of installing the three elements on a server on your network. The data store can be implemented as a file or as an SQL database.
Once the agents on all of your devices and servers are operating they are ready to respond to a Get request from a collector. The installation process of your network monitor finishes with its first request broadcast. All of the agents on the network will pick up that request. The interface software of your monitoring tool will assemble an inventory from the SNMP responses. So, you don’t have to do anything to map your network and start monitoring device health.
There is much to discover about network management. Here is a list of some great resources on the topic that are available on the web.
- Best free bandwidth monitoring software and tools to analyze network traffic usage
- 6 of the best free network vulnerability scanners and how to use them
- 8 best packet sniffers and network analyzers for 2018
- RFC 1157 – A Simple Network Management Protocol (SNMP)
- RFC 1901 – Introduction to Community-based SNMPv2
- RFC 3410 – Introduction and Applicability Statements for Internet Standard Management Framework
- RFC 1213 – Management Information Base for Network Management of TCP/IP-based internets: MIB-II
- RFC 2570 – Introduction to Version 3 of the Internet-standard Network Management Framework
- RFC 2574 – User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)