What is an SNMP Trap?

Published by on September 21, 2018 in Net Admin

What is an SNMP Trap

The name “Simple Network Management Protocol,” also known as SNMP, sounds as though this methodology is a quick but inferior alternative to a better protocol. In fact, SNMP is the universal monitoring standard for network devices and it is implemented in all of the network equipment that you buy. There is no better system.

>>> Jump to the list of the best Network Monitoring tools <<<

SNMP configuration

SNMP includes three elements: a central manager, a device agent, and a management information base (MIB). Your network devices will already have an SNMP agent installed on it. The capability to use SNMP might be turned off when you first get a device, so you will have to be sure the agent is active if you want to employ SNMP for your network.

The central controller is not a standard fixture on computers. When you install a network monitoring system, this most likely employs SNMP and takes the SNMP manager role. Your new network management software is probably an interface that interprets MIB files, giving a display of the data that is gathered from the device agents.

The SNMP manager will send out information requests to all device agents periodically. Each device agent responds to this request by sending back a file, which is structured according to the MIB specifications in the Simple Network Management Protocol. While the device agent is waiting for a demand for information, it keeps updating its own copy of the MIB so the information that it returns is completely up-to-date and ready to be sent out on demand.

See also: SNMP Explained

SNMP traps

The normal operations of SNMP dictate that the device agent takes a passive role. It only sends out SNMP messages when prompted by a request from the SNMP manager. However, if the agent detects an emergency event on the device that it is monitoring, it will send out a warning message to the manager without waiting to be polled for data. This emergency message is called a trap.

Not all traps are worrisome. For example, when a printer detects that one of its toner cartridges is getting low and wants you to order a new one, the SNMP agent on that printer will treat this as a trap condition. Some very serious conditions don’t result in trap messages. For example, if the device gets a fatal error and stops working, it prevents the SNMP agent from operating as well. Also, if the network card on a device breaks, the SNMP agent is unable to send out a trap message. In these instances, the emergency will be revealed the next time the SNMP manager sweeps the network for SNMP responses.

SNMP alerts

If you install a network monitor, you won’t see the term “trap” used anywhere in the dashboard of your software. It is a convention of network monitoring systems, that traps are labeled as “alerts” instead. The total failure of a device or a network card is the only example of alerts that aren’t just the display of a trap.

The actions that can be taken on receipt of a trap message depend on the sophistication of your network monitoring software. If your monitor just reports on statuses, then you will have to use some other application to fix a problem or connect directly to the device to explore for error information, and fix the problem through its operating system. Some network monitors are actually network management systems and allow you to set up actions to perform in the event of an alert condition arising.

If the problem that is notified by a trap is physical, there isn’t anything that any software package could do to resolve it. In some cases, you wouldn’t want your network management system to go off and fix problems without waiting for your approval of the intended action. Usually, network management systems offer you the opportunity to specify in its settings what level of fault resolution automation you would like.

Trap messages can arise at all times of the day or night unless you turn all of your network equipment off in the evening when you go home. If you don’t have enough resources to sit someone in front of a console all day waiting for alert messages, you should look for a network monitor that will forward alert messages as well as displaying them in the dashboard. Some management systems can send out alert notifications by email, SMS, or chat system. You can even specify different team members to which messages should be sent according to the device type of the origin of the trap message, or the message severity.

SNMP versions

To date, there have been three versions of SNMP. Version 1 wasn’t very widely implemented. This was released in 1988. It was replaced in 1993 by version 2. At this point, the protocol wasn’t integrated into firmware by the manufacturers of network devices. Network managers that wanted to implement the standard needed to install the SNMP agent software on their devices. SNMPv2 has backward compatibility to version 1. So, if you have a version 2 controller, it will also be able to communicate with version 1 device agents. However, that compatibility was built into the definition of SNMP manager procedures because the format of the SNMP trap changed in version 2.

SNMPv2 was not popular because it incorporated a new authentication methodology, which was difficult to implement. The authentication process specified for SNMP version 1 was much easier to use, and so a new edition of version 2 was created that used the authentication system of version 1. This and this adjustment to the definition of SNMP made it much more workable. The major network device producers decided to integrate the agent element of SNMPv2c into the firmware of their equipment. Any new entrant into the network device market had to integrate SNMP as well, otherwise, their products would not be competitive. There is another variation of version 2, which is SNMPv2u. So there are three different types of SNMPv2. Confusingly, SNMPv2c is so dominant that is often referred to as SNMPv2.

There is also an SNMPv3. The latest version of the Simple Network Management Protocol includes a different encryption method to protect transmissions of MIB files. However, the MIB structure remains the same. So a controller is able to communicate with either version 2 or version 3 as long as it is able to adjust the transmission security method that it uses. Generally, the leading network monitors are compatible with both version 2 (meaning SNMPv2c) and version 3.

SNMP trap format

The MIB contains a series of codes that represent a position in a tree structure. The entire MIB doesn’t have to be sent every time the agent reports to the central manager. A trap message contains the time, an identifier, and a value. The identifier is an “OID” (Object Identifier). This is a code from the MIB structure denoting the trap condition’s position in the tree. Each OID represents an attribute of the device being monitored. So, the central controller can decode the OID and work out which bit of the switch or the router is being described by the trap.

Implementing SNMP

The MIB encoding system is so complicated and obscure that it is impossible to try to capture SNMP messages and traps and interpret them manually. The availability of network monitors that integrate SNMP functions makes it very easy to implement the protocol in a sophisticated software package. There are a number of SNMP-based network monitors that are free to use. Others offer free versions for small networks or a free trial for an introductory period. So, the cost of implementing SNMP on your network can be very economical.

SNMP network monitoring tools

You can get a full description of recommended network monitoring tools in the article, SNMP Explained and 11 Best SNMP Monitoring Tools. However, you can read summaries of these tools here:

Here is a list of SNMP network monitoring tools you should investigate:

  1. SolarWinds Network Performance Monitor (FREE TRIAL)
  2. Paessler PRTG Network Monitor (FREE TRIAL)
  3. SysAid Monitoring
  4. Kaseya Network Monitor
  5. OpManager
  6. Atera
  7. Spiceworks Network Monitor
  8. Pulseway IT Management Software
  9. LogicMonitor
  10. Event Sentry
  11. Ipswitch WhatsUp Gold

Learn more about these tools in the following sections.

1. SolarWinds Network Performance Monitor (FREE TRIAL)

SolarWinds Network Performance Monitor network screenshot

SolarWinds uses SNMP to drive its industry-leading Network Performance Monitor. The tool will search your network and document all of your devices once it is installed. The inventory that the monitor compiles is made up of information that is derived through SNMP. The interface programs of the monitor compile network maps from the register of devices that the SNMP procedures provide.

The standard SNMP procedures that require the manager to keep polling devices for MIB reports means that the Network Performance Monitor can keep updating its equipment register and maps to take account of added, removed, or moved devices.

SolarWinds developed the Orion platform for all of its major systems monitoring utilities. This means that you can add on other specialized monitors to cover servers and applications and also monitor traffic flows. Extra modules that integrate into the Network Performance Monitor include a Network Configuration Manager, a User Device Tracker, and an IP Address Manager. Adding on these other capabilities will give you greater control over your resources.

The SNMP traps are interpreted into alerts by the NPM. These are displayed in the utility’s dashboard and the software can also send out alert notifications by email or SMS. The dashboard includes graphical representations of live data that include charts and graphs that interpret SNMP responses. Data is also available over a timeline to enable performance analysis for capacity planning.

The SolarWinds Network Performance Monitor installs on Windows environments and you can get it on a 30-day free trial.


SolarWinds Network Performance MonitorDownload FREE Trial at Solarwinds.com


2. Paessler PRTG Network Monitor (FREE TRIAL)

Paessler PRTG monitors networks, servers, and applications. The software package comes out of the box with a large number of sensors that fulfills the functions other companies market as separate applications. A sensor monitors one hardware element or service condition. Paessler includes an SNMP sensor at the heart of the PRTG system.

The SNMP functions of PRTG will take an inventory of all of your devices as soon as it begins operating. From this information, the tool will automatically generate maps. PRTG offers a range of map types, including its own proprietary starburst layout. This is a circular graph, which shows end user applications in the inner rim and all of the services that support those applications radiating out, forming a star shape. The map is color-coded to show the status of each element in the stack. This visualization is a great way to spot exactly which layer of service is impairing delivery when you experience problems with your network.

The SNMP system keeps surveying the network, so it notices when equipment is added or removed. In these instances, it updates its equipment inventory and automatically redraws all of its available maps. You can also create your own customized network maps through a mapping tool in the utility.

Paessler PRTG installs on Windows environments, or you can choose to access it as a cloud service. The tool is free to use for up to 100 sensors. You can get a 30-day free trial of Paessler PRTG that has no limit on the sensors that you can deploy.


Paessler PRTGDownload FREE Trial at Paessler.com

3. SysAid Monitoring

SysAid Monitoring

SysAid is a Help Desk and IT service management system. You can get the server and network monitoring add-on to enhance the Help Desk functions. This is not a bad idea because you are likely to need a Help Desk application for your IT department as well as a network monitor.

The network monitoring feature of SysAid uses SNMP to map and track the performance of your network devices. As with any other SNMP implementation, the monitor keeps polling network devices and so it notices when equipment is moved, removed, or added, and updates the inventory automatically. Unlike the other tools on this list, SysAid doesn’t have a mapping module.

A strong suit of SysAid is the way it handles SNMP traps. For a received trap, it displays an alert in the dashboard and you can get alerts sent to you as notifications via email or SMS. However, this application can also feed those alerts to the Help Desk system. When an alert gets logged in the support management interface, Help Desk technicians can see that an issue has been raised about a part of the network and so are able to notify users who are impacted by the problem that a solution is in progress. Automatic ticket generation means that a technician can automatically be allocated to address the alert. This is a great way to integrate the information that you get out of SNMP with your task scheduling software.

The SysAid interface includes a scripting language that enables you to automate alert resolution and put in place workflows to log and track progress on maintenance and firefighting tasks. This will help you to keep a tighter control over your IT budget by showing where most specialists’ time is spent.

Other features of the monitoring system include configuration and patch management.

4. Kaseya Network Monitor

Kaseya VSA

The system monitoring package called Kaseya VSA includes a network monitoring module that uses SNMP. This tool is able to draw a network map and plot in a real map of the world after it has initially searched for devices and registered their details. Other graphical data representations in the Kaseya dashboard include graphs, charts, and dials. SNMP traps are interpreted as alerts by the network monitor.

The tool includes a development environment that enables you to easily assemble actions scripts in the Kaseya proprietary scripting language, which is called Lua. With a Lua script in place, you can set triggering events, such as specific types of trap messages. Thanks to this feature, it is possible to automate a lot of investigation and resolution tasks when well-known alert conditions arise.

Other features of Kaseya VSA include patch management and specialized server monitoring. Kaseya VSA installs on Windows and you can get it on a 14-day free trial.

5. OpManager

OpManager Network Map

ManageEngine’s OpManager is a highly-regarded network performance monitor and is probably in the top three in the market. Like the SolarWinds Network Performance Monitor, and WhatsUp Gold, OpManager is the base monitoring product of its inventory and there are a lot of other modules that you can add on to it to extend your system monitoring capabilities. However, it is OpManager that uses SNMP to gather its data. This software will install on Windows or Linux. When it is run for the first time, it will start sending out SNMP requests and compiling a device inventory from the MIB responses that it receives. OpManager also has a nice network mapping module that will give you different views on your network equipment and how it connects together.

The SNMP traps that the OpManager processor receives get displayed in the dashboard. If you are out of the office, you can check in with the network by viewing the dashboard remotely on your mobile device. The dashboard is customizable and so are the actions that should be performed when alerts arise. You can get notifications sent out to nominated team members by email or SMS messages.

OpManager is capable of processing 300 trap messages per second — yes, per second. That processing volume capability shows that OpManager is capable of delivering speeds and performance that are needed by very large networks. However, this system is also suitable for middle-sized networks. The operators of small networks might find all of the functionality of OpManager a bit too much to cope with. However, the company offers the tool for free to those who have up to 10 devices to monitor. The owners of larger networks can get OpManager on a 30-day free trial.

6. Atera


Atera Networks offers a 30-day free trial of its monitoring system, which is integrated into an MSP support environment. So, you get monitoring functions that can exchange data and triggers with a full Help Desk system when you choose Atera. Another great feature of this option is its staff time tracking and invoicing system. Therefore, you would be able to cut out a lot of your admin work with Atera if your IT department is run as a cost center.

Atera’s network monitoring system uses SNMP to track the statuses of network devices and the console manages SNMP traps. You will receive traps in the console as alerts and it is possible to feed actions to the Help Desk system on receipt of an error condition warning.

Atera includes a scripting support module that enables you to create your own automation scripts to deal with errors. The dashboard can be reached from mobile devices and you can get notifications set up as support tickets that will trigger notification messages to you and to nominated team members. Atera is a cloud-based service, so you don’t have to worry about installing or managing the application. Other features of the full system include remote management facilities, configuration control, and a patch manager.

7. Spiceworks Network Monitor

Spiceworks screenshot

Spiceworks is a free, ad-supported utility that you can install on premises or choose to access as a cloud service. The on-premises version of the tool installs on Windows.

The network monitor relies on SNMP to provide its information sources and it starts its service life with a scan of the network to compile a device inventory. SNMP traps get shown in the dashboard on a headline strip as alerts and you can also get alert notifications sent to you by email. The dashboard features stackable graphs that show your device statuses alongside environment, data flow, and application performance information.

The Spiceworks network management system includes configuration management and user device tracking, which will beef up your security monitoring. Support for Spiceworks is delivered through a community forum.

8. Pulseway IT Management Software


Pulseway RMM includes system monitoring modules and the network performance monitor section relies on SNMP procedures. The regular SNMP manager-to-agent communications provide the system with an inventory of devices on your network, which is continually updated. SNMP traps are interpreted as alarms in the console, which can be sent as notifications by phone, email, or SMS message. You can also access the dashboard from a mobile device over the internet.

The network monitoring software acts as the SNMP manager and gives you a dashboard to view data and manage the functions of the monitor. This software can be installed on Windows, Linux, or Mac OS. You can specify how alerts will be dealt with. This includes the ability to set priorities for traps that arrive from specific devices or to drop alerts of less importance. The console includes a scripting language in which you can set up procedures and workflows that will kick in automatically when defined triggering events arise.

Other facilities in the Pulseway IT Management package include configuration and patch management. A key element of the tool is remote access, so you can fix problems on devices that are located on other sites. The rest of the monitor extends to server and applications, including services provided from the cloud.

You can access Pulseway IT Management software as a cloud service. In this case, the monitor is free perpetually to monitor two endpoints. The paid-for service can be installed or used as a cloud service. It starts with a unit that can monitor 25 endpoints. Pulseway offers a 14-day free trial of the paid version.

9. LogicMonitor


Logic Monitor is a cloud-based service, but you have to install collectors on site. These collectors will run on Windows, Mac OS, and Linux. The LogicMonitor will also monitor any cloud servers that you employ as long as you install a collector on each of them.

This service monitors networks, servers, and applications, and it’s also possible to track user experience, which involves stack displays of every utility on your system that get triggered by individual user visits. The network monitoring section of this service relies on SNMP to gather data about network devices.

The collector operates as the SNMP manager and polls devices for their statuses. The information that the collector gathers is then forwarded to the cloud server of LogicMonitor. The dashboard for the service is hosted at the cloud server, so it can be accessed from any device with a browser and the company also provides apps for mobile devices.

Communications over the internet are protected by encryption. As LogicMonitor operates off-site, it can integrate all the sites of a WAN as long as you install a collector at each location.

SNMP traps appear in the dashboard as alerts. You can customize the dashboard, so it is possible to create a view that only shows alerts. The ability to create individual screens means that it is possible to tailor access to different team members and it is also possible to create a reporting account to which business managers can be given access.

Live data from the SNMP MIBs are interpreted in graphical content, such as histograms, charts, and line graphs. The visualization of your network extends to a map, which is imposed on a real-world map. Device data and network connections are updated automatically, to make adjustments to the network map. The system will also retain data for trend analysis.

You can get a 14-day free trial of LogicMonitor.

10. Event Sentry


EventSentry is specifically a security utility, but it also tracks your network performance while it is keeping your business safe from hackers and intruders. One problem with modern IT service security is that genuine users can be duped into performing malicious acts through phishing and masquerading. So, in order to prevent data disclosure and system damage, you need to track the behavior of authorized users as well as look out for unauthorized access. This is what EventSentry does.

The network monitoring sections of this service use SNMP to gather device data. This covers the regular SNMP services that include compiling a device inventory and keeping it up to date. EventSentry generates alarms from a range of sources, including SNMP traps and log messages.

Extra utilities of EventSentry include configuration and patch management. The monitor covers network traffic, server and environment performance, application delivery as well as network device statuses. The security checks examine events on email, databases, log files, and data transfers.

You can use EventSentry for free by accessing EventSentry Light. This version is limited to monitoring up to five devices, so it would only be suitable for very small networks. The full-featured EventSentry can be experienced on a 30-day free trial. The software installs on Windows and Windows Server.

11. WhatsUp Gold

WhatsUp Gold is a network monitoring system that is produced by Ipswitch. The monitor’s functions are based on SNMP processes. The software that you install acts as an SNMP manager. The WhatsUp Gold utility installs on Windows Server environments and it will perform an initial system sweep once you have the tool running.

This scan of your network enables the program to compile a registry of all of your devices and then build network maps from that information. Both the registry and the maps get updated automatically whenever your network hardware changes. This is because the monitor continues to poll the network from SNMP messages, thus noticing when devices are added or removed. The device register can be accessed in the dashboard where a data viewer allows you to sort and filter records of your hardware inventory.

SNMP traps arrive at the dashboard as alerts and you can get them sent to you as emails or SMS messages. You can also get alerts fed to chat apps, including Slack. The dashboard is customizable so you can create user accounts and user roles to allow different team members to access data and management functions without giving junior staff access to all of the controls.

WhatsUp Gold can be expanded by add-on modules to include more monitoring and network management capabilities. This utility is suitable for small and middle-sized networks and you can get a 30-day trial of WhatsUp Gold and any of its add-ons.

Using SNMP traps

The benefit of SNMP traps is that they report device failure very quickly. However, they don’t give a complete picture of your network. You will notice that most of the tools in this list of recommended SNMP tools also blend in other information sources, such as NetFlow for traffic data and Syslog for system events.

As all of these tools offer free trials or free versions, you will be able to try out a candidate without risk. You might even try a couple of those SNMP tools that tempt you most.

Do you use an SNMP tool right now? Do you find that you focus more on the alerts raised by SNMP traps, or are Syslog messages more relevant to your network administration responsibilities? Leave a message in the Comments section below to share your experience.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.