Today we will see the simple network management protocol. We will see all about SNMP.
It was developed in 1988 to monitor and remotely modify the changes on the devices and switches.
It was initially developed for routers and switches but it extended to many things such as Linux, Windows, printers, etc.
SNMP works on an agent and manager basis. This means that there will be many many agents, and all of those will be sending traps to the manager node.
Basics in SNMP
There are two things which you need to remember in SNMP, that is OID and MIB. Let’s see a detailed explanation of it.
OID ( Object Identifier)
OID is an object identifier, It is basically a bunch of numbers separated by dots. for example, 1.3.6.1.2.1.2.2.1.8 so each device you need to monitor has an OID. Basically each setting or component will be having an OID. If you get the value of an OID attached to HTTP and you will get to know the status of the HTTP service.
MIB ( Management Information Base )
It translates OID from numerical OID to text base, as shown in the image below.
Technically, you don’t have to use MIBs at all, you can live with only OID but MIBs will make your life easier.
Monitoring in SNMP
There are two methods to monitor SNMP, i.e. Polling & Traps.
Polling
As the name suggests, it’s a polling method. This means, your monitor server will query the SNMP to ask for the information of OID and then your will device will respond with the status. Your monitoring device will query on port 161.
Your SNMP manager node will keep asking for the status of the agent every x number of seconds. If the agent node is offline, the manager will know immediately.
Notifying
This simply means your device sends OID related message to monitor the system on port 162. These messages are called traps, notifications, or informs. The good thing is that the manager node doesn’t have to do anything here, the agent will keep sending messages. But there is also a problem, that manager will node will never ask for the information which means even if the agent is offline manager won’t know anything.
SNMP Versions
There are three versions of SNMP
- Version 1
- Version 2c
- Version 3
So there is a basic difference between this version, that version 3 is more secure than versions 1 and 2c. If you see versions 1 & 2c, you don’t have to supply a username. You just have to supply a community string however with version 3 it has got rid of the community string and you have to supply with Username and password.
Version 1 & 2c don’t offer any encryption. however, version 3 offers encryption.
These two changes are very important because, with SNMP you can change device settings, so if the attacker gains access it would be a disaster.
Finding Community String
The default community string is public. It’s highly recommended to change this. You can follow this link to change the community string.
To find the current string, navigate to /etc/snmpd/snmp.conf
$ cat snmpd.conf | grep com2sec com2sec notConfigUser default public
Previous post Copy command examples.