How Does SNMP Work?
The snmpwalk command is a shorthand way to use multiple GETNEXT requests without having to type lots of different commands, fire off lots of different GETNEXT and view your infrastructure health. We look at some snmpwalk examples on Windows and Linux.
However, before we look at the snmpwalk command, we first need to look at how SNMP works. On SNMP-enabled devices, an SNMP agent collects information from the device and stores it within a Management Information Base (MIB) where this data is stored so that it can be accessed whenever the SNMP manager polls the SNMP agent.
When the SNMP Manager queries the SNMP agent, data is taken from the MIB and sent to the SNMP Manager where it can be viewed with a network monitoring tool. There are many different commands that you can use to query an SNMP agent. The most common ways are through the use of the GET or the GET-Next command.
The GET command is used to take an Object Identifier (OID) from the MIB. The GET-Next command is a little more advanced and goes through a MIB tree from OID to OID pulling information. This is where snmpwalk comes in.
What is snmpwalk?
The name, snmpwalk, is given to an SNMP application that runs multiple GETNEXT requests automatically. The SNMP GETNEXT request is used to query an enabled device and take SNMP data from a device. The snmpwalk command is used because it allows the user to chain GETNEXT requests together without having to enter unique commands for each and every OID or node within a sub-tree.
The snmpwalk is issued to the root node of the sub-tree so that system information is gathered from every connected node. This provides you with an efficient way to collect information from a range of devices like routers and switches. The information you collect arrives in the form of OIDs. An OID is an object which is part of the MIB within an SNMP-enabled device.
Installing snmpwalk in Windows
Windows users can get a version of snmpwalk from EZ5 Systems.
- Download a zip file from https://ezfive.com/snmpsoft-tools/snmp-walk/
- Unzip the README and executable file into an easy-to-reach location, such as your Desktop
- Locate the README file and open it with Notepad. This file shows the parameters for the command.
- Type cmd in the Start search bar and select Command Prompt – Run as Administrator
While the Linux command is snmpwalk, this version for Windows is capitalized as SnmpWalk. However, don’t worry about capitalization when running the program in Windows because the system is not case sensitive. You will see examples of usage that specifies the command SnmpWalk.exe. However, you don’t need to type the .exe part.
Parameters and Options for snmpwalk in Windows
The SnmpWalk command runs in a Command Prompt window and it has its own parameter invoking format. The takes the form of a dash, an identifier, a colon, and then a value. For example, -r:192.168.2.1 gives the IP address of a device to query. Some variables are switches and don’t need a value.
Here is a list of the variables for SnmpWalk:
Parameter | Description | Default |
---|---|---|
-q | Quiet mode (suppress header; print variable values only) | |
-r:host | Name or network address (IPv4/IPv6) of remote host | |
-p:port | SNMP port number on remote host | 161 |
-t:timeout | SNMP timeout in seconds (1-600) | 5 |
-v:version | SNMP version. Supported version: 1, 2c or 3 | 1 |
-c:community | SNMP community string for SNMP v1/v2c | public |
-ei:engine_id | Engine ID. Format: hexadecimal string. (SNMPv3) | |
-sn:sec_name | SNMP security name for SNMPv3 | |
-ap:auth_proto | Authentication protocol. Supported: MD5, SHA (SNMPv3) | |
-aw:auth_passwd | Authentication password (SNMPv3) | |
-pp:priv_proto | Privacy protocol. Supported: DES, IDEA, AES128, AES192, AES256, 3DES (SNMPv3) | |
-pw:priv_passwd | Privacy password (SNMPv3) | |
-cn:cont_name | Context name. (SNMPv3) | |
-ce:cont_engine | Context engine. Format: hexadecimal string (SNMPv3) | |
-os:start_oid | Object ID (OID) of first SNMP variable to walk | 0.1 |
-op:stop_oid | Object ID (OID) of last SNMP variable to walk | Walk to the very last variable |
-csv | Output in CSV (Comma Separated Values) format |
Some of the parameters can only be used with SNMP version 3. This requirement is noted in the entries for the relevant parameters in the above table.
Installing snmpwalk in Linux
On Linux devices, snmpwalk is available as a package for you to install. The process of doing this depends on your Linux distribution. However, you can install Linux by entering the following commands:
- Redhat/Fedora/CentOs:
yum install net-snmp-utils
- Ubuntu:
apt-get install snmp
Parameters and Options for snmpwalk in Linux
The snmpwalk command has has a range of different parameters that you can use. These include the following:
hostname | The SNMP agent name |
community | The type of read community |
object_id | Specify an object ID to return all SNMP objects below it. If NULL then the root of the SNMP object is taken as the object_id |
timeout | Number of microseconds before the first timeout |
retries | How many times to retry the connection in the event of a timeout |
-Os | Shows the last symbolic element of an OID |
-c | Sets a community string |
-v | Specifies the SNMP version you want to use |
How to Minimize the Information You See With snmpwalk
One of the first things you’ll notice when running snmpwalk is that there are too many results for you to read. You can easily end up with thousands of different results. To get around this vendors help you by providing you with a MIB file. The MIB file is used to specify which OIDs are available on a device. Many vendors provide you with a MIB file for each device you have. Having a MIB file allows you to run a query that is specific to that file, rather than walking through everything.
See also: SMNP tools
A note about the SNMP MIB structure
The MIB has a tree structure and there is no set width of branching at each node. The OID is a dot-notation system that shows the trail from the root node to the current node. Each node is represented by a number that has a meaning but you need a reference document to work out what each value means. The OID for a node includes the numbers of all the parent nodes above it. So, the OID shows a path down to a specific point on the MIB tree.
Not every node will be present because in some cases, a node has a series of possible child nodes, each of which represents a value option, for example, 1=Yes and 2=No, so that level of the tree wouldn’t have both the 1 and 2 nodes present because they are mutually exclusive.
How snmpwalk operates
The snmpwalk function is like a crawler that steps down each branch of the tree as far as values are available. When it reaches the end of the line, it looks up one level to see whether there are other nodes available apart from the one that was just visited. Each of the nodes can have a variable extent – it is possible that one leads down several levels, another has only one node below it, and another is the end node of a line.
The root node has no number and all of the useful SNMP values are found below just one of the three nodes beneath root. This is the iso node, which is numbered 1. There is only one node beneath iso, which is the org node and it is numbered 3. Beneath the org node is only one node, which is dod (6). There is only one node beneath dod, which is called internet and it is numbered 1. The next level has four nodes, but if you are working with a LAN, all of your meaningful data will appear under private, which is number 4. Below this, you will find only one node: enterprise (number 1).
The top part of the MIB tree means that all useful MIB OIDs start with .1.3.6.1.4.1. If you are a regular investigator of SNMP data, you will remember .1.3.6.1.4.1 like your bank card PIN.
There is one more factor that you need to know about the numbers in the OID. This relates to the manufacturer of the device that hosts the SNMP agent. The SNMP agent is pre-installed on all network devices. This courtesy has become an industry standard. So, before shipping each device, the producer installs firmware and a number of utilities, including the SNMP agent. This provides the manufacturer with an opportunity to mark its territory because the enterprise node can be followed by an identifier that denotes the supplier.
So, the industry has got together and assigned a number to each manufacturer. These are called Private Enterprise Numbers PENs) and the list is maintained by the Internet Assigned Numbers Authority (IANA). You can search the List of Private Enterprise Numbers at the IANA website.
So, if you are looking for data in a MIB from a switch created by Cisco Systems, the OIDs you will be looking at will all start with .1.3.6.1.4.1.9. For a device from APC, the OIDs with interesting information will all start with .1.3.6.1.4.1.318.
Using snmpwalk
The exact syntax for the snmpwalk command depends on the implementation that you are using. So, with the examples that you were advised to download above, the format of the command would be:
For Linux –
$ snmpwalk -v1 -c public 192.168.8.1
This uses SNMP v1 with the community string “public” and looks at the device with the IP address 192.168.8.1.
For Windows, that same query would be written as –
C:\Users\Laptop> snmpwalk -v:1 -r:192.168.8.1 -c:”public”
In that Windows version, you wouldn’t need to put in the -v:1 or -c:”public” parameters because these give the default values. So, if you missed those out, the command would use those values anyway.
Knowing that you are only going to get interesting information from a specific branch of the MIB tree, you can cut the scan short to skip directly to that part of the MIB.
On Linux, try:
$ snmpwalk -v1 -c public 192.168.8.1 .1.3.6.1.4.1.318
On Windows, you would type:
C:\Users\Laptop> snmpwalk -r:192.168.8.1 -os:.1.3.6.1.4.1.318
These two examples are for querying an APC device that has the IP address 192.168.8.1, so alter those numbers for your network.
Save Time with snmpwalk
The concept of snmpwalk seems complicated, but it isn’t in reality. The snmpwalk command is simply a shorthand way to use multiple GETNEXT requests without having to type lots of different commands. With one snmpwalk command, you can fire off lots of different GETNEXT and view your infrastructure health.
If you’re using the snmpwalk command then it’s important to remember to cut down the amount of information you receive as much as possible. Specifying a MIB will allow you to see specific information rather than data collected from an entire database of object IDs!
By drawing SNMP data from devices throughout your network this way, you can make sure that you don’t miss anything important happening on your network. After all the snmpwalk command is there to help you pull SNMP data from devices in your network as efficiently as possible.
An easier way to read an SNMP MIB
Command line steps through the MIB tree can be difficult to implement and if you are like most system administrators, you will soon start to build up your own scripts to automate the process. You will probably find that there is a limited number of fields that really interest you on a regular basis and you will get to know these OIDs pretty well. However, this is a lot of work that you could skip by just getting a pre-written tool. Such a utility is called a MIB browser.
An SNMP MIB browser is a tool that allows network administrators, security professionals, or systems integrators to interact with SNMP-enabled devices and explore their Management Information Bases (MIBs). It serves as a graphical or command-line interface to query, retrieve, and manipulate data from SNMP agents running on network devices (routers, switches, servers, etc.) by accessing MIB objects, which represent the device’s various parameters and statistics.
Our methodology for selecting MIB analyzers like snmpwalk
We reviewed the market for MIB analyzers like snmpwalk and assessed the options based on the following criteria:
- An interpreter for the OID structure of SNMP
- A tool that includes a visual layout of the OID tree
- A view that shows the OID value plus a description for each active node
- A display of whether an OID node has a value or not
- A graphical user interface that is easy to use
- A free trial for a no-risk assessment
- Value for money represented by useful functionality at a good price
You can get an SNMP MIB browser for free and we have two recommendations that are provided by two of the top system monitoring producers: ManageEngine and Paessler.
ManageEngine SNMP MIB Browser
The SNMP MIB Browser from ManageEngine is a visual snmpwalk tool that will run in Windows and Linux.
Key Features:
- MIB File Support and Loading: Supports loading custom MIB files to map OIDs to human-readable names.
- SNMP Get, Set, and Walk: Allows SNMP GET requests to retrieve device data, SNMP SET requests to modify device configurations, and SNMP.
WALK to retrieve entire branches of MIB data for comprehensive monitoring. - Bulk SNMP Operations: Facilitates bulk SNMP GET/SET operations, enabling users to retrieve or modify large sets of data quickly.
- Real-Time Monitoring: Enables real-time querying of SNMP agents to monitor device statistics.
- Trap Monitoring and Capture: Captures and displays SNMP traps, which are unsolicited alerts from devices that notify of critical events.
This is a great free alternative to the big network monitoring systems like PRTG if you just want to see the details in the MIB returned by a specific device. The MIB Browser can also query a series of devices and summarize their MIBs.
Pros:
- Support for SNMP Versions (v1, v2c, v3): Allows interaction with devices using all three major SNMP versions.
- Customizable Interface and OID Search: A customizable GUI with an OID search feature that helps users quickly locate and interact with specific SNMP objects.
- Multiple Platforms: Available for Windows, Linux, and macOS.
- Automated Reports: Supports automated report generation in various formats (HTML, PDF, CSV, XML).
- Email Alerts: Can be set up to notify a technician by email if specific events are detected.
Cons:
- Not a full network monitor: Upgrade to ManageEngine OpManager to get a complete monitoring system.
Download the free SNMP MIB Browser from ManageEngine.
PRTG MIB Agent
PRTG MIB Agent excels in its SNMP monitoring capabilities, allowing for comprehensive oversight of network devices through efficient SNMP polling. It supports SNMP walk, enabling users to retrieve large amounts of data from network devices, which is crucial for in-depth network analysis and troubleshooting.
Key Features:
- SNMP Monitoring: Monitors network devices using SNMP to ensure efficient performance.
- MIB Import: Allows easy import of MIB files to extend monitoring capabilities.
- Custom Alerts: Offers customizable alert settings for proactive issue resolution.
- Scalable Architecture: Supports a range of network sizes, from small businesses to large enterprises.
- Intuitive Interface: Features a user-friendly interface for easy setup and navigation.
With the ability to import custom MIB files, PRTG enhances its SNMP functionalities, ensuring it can monitor a wide range of devices and parameters. This makes it a versatile tool for network administrators aiming for detailed and proactive network management.
Pros:
- Comprehensive SNMP Support: Provides extensive SNMP monitoring for detailed network insights.
- Ease of Use: The intuitive interface makes configuration and operation straightforward.
- Customizable Alerts: Enables personalized alert settings to fit specific network requirements.
- Scalability: Suitable for various network sizes, accommodating growth and changes.
- MIB File Import: Easily extend monitoring by importing MIB files.
Cons:
- Complex Initial Setup: Initial configuration may be challenging for users without prior experience.
- Resource Intensive: Can be demanding on system resources, especially in larger networks.
- Learning Curve: Users might face a steep learning curve to fully utilize advanced features.
Download the free PRTG MIB browser from Paessler.
FAQs for snmpwalk
What is a MIB walk?
A MIB is the SNMP Management Information Base. This is created through a reference code structure with each item having sub-nodes that are identified by the parent ID plus an extension. So, the MIB has a tree structure. A MIB walk is the process of working through a received MIB report and checking every code defined in the SNMP standard to see if it has an associated value.
Are there any alternatives to SNMP?
SNMP is the only reporting standard that is universally implemented by network device manufacturers. There are some other reporting standards that some of the major device producers install as well. These include Netconf, which is available on Cisco devices – some other manufacturers install this as well. WMI is another option, but this is only available on devices that run Windows.
What is snmpwalk OID?
OID stands for “object identifier.” This is the code that identifies each node on the MIB tree. Therefore, a snmpwalk on OIDs is the same as a MIB walk.
How do you use SNMP GET command in Linux?
The snmpget command in Linux has a number of switches that modify the behavior of the utility. You can see these options by entering snmpget -h Here are the results that you will see:
-H display configuration file directives understood
-v 1|2c|3 specifies SNMP version to use
-V, –version display package version number
For example, you would type in snmpget -V to see the version number of your SNMP implementation
How can I tell if SNMP is running in Linux?
Issue any standard SNMP command at the command line to see if the SNMP service is running. For example, use the snmpget -v command.
How can I tell if SNMP is working in Windows?
To see if SNMP is running on a Windows computer:
- Go to the Start Menu, expand Windows Administrative Tools, and click on Services.
- Scroll down the displayed list of services to find the SNMP entry. Its Status should be Running if it is working.
See also: Best SNMP Monitoring Tools