Searching the knowledge base
Inhaltsverzeichnis
< Alle Themen

Short abstract on SNMP

Aktualisiert

SNMP is the successor to the Simple Gateway Management Protocol (SGMP). Its specification was adopted by the Internet Engineering Task Force (IETF) in 1990 and has been revised several times since then. The third version is now available. In contrast to its predecessors, SNMPv3 offers encrypted communication and secure authentication. However, many devices available today still only support SNMPv1 or SNMPv2.

SNMP uses UDP port 161 as standard. Communication takes place via agents and managers, with the agents running on the individual devices and waiting for queries or instructions from the manager (s). There are also the SNMP traps, in which a device actively sends a message to a manager when certain events occur. This usually comes in on port 162 of the manager.

SNMP reads values ​​from various network components, the managed objects. Such a managed object can be the status of a network interface, CPU or the memory of a device. The SNMP Management Information Base (MIB) was developed to establish a standard here. The properties of numerous managed objects are described in the tree-like MIB. The descriptions contain the exact name or the OID (Object Identifier) ​​as well as the permitted data types of an object. The OID can be numeric or human readable – according to .iso.org.dod.internet.mgmt and .1.3.6.1.2 are the same object and can accordingly be used later for queries.

SNMPv1 and SNMPv2 use the so-called communities to establish connections that managers and agents trust. There are also community names for read-only, read and write and trap. The community names replace the password. However, since they are transmitted as clear text, an attacker can intercept them relatively easily. Various activities can be carried out with the community names.

With the read-only community string, which most manufacturers preset with public, you are only allowed to query data on the device. The read-write community string, which is usually private on devices in the delivery state, also allows changes to be made to the device. You can reset counters or change the router configuration.

The trap community string is ultimately necessary for managers to receive trap messages from agents. However, the final two community strings are not as common on end-user devices. SNMPv3 can be found even more rarely, in which all communication is encrypted, and the participants must authenticate themselves regularly.