SNMP (SNMP)
SNMP is how network monitoring software silently listens to the heartbeat of your network gear. Every router and switch has thousands of internal counters, like how many packets it has forwarded, how hot it is, or how full its memory is. SNMP lets a central monitoring server read those counters remotely and graph them over time, so you know a switch is struggling before it crashes, not after.
Simple Network Management Protocol (SNMP) is an application-layer protocol (UDP port 161 for queries, port 162 for traps) used to monitor and manage network devices. It follows a manager-agent architecture: the NMS (Network Management System) polls agents running on managed devices.
Data model: Every piece of manageable data is identified by an Object Identifier (OID), a dotted numeric string representing a node in the globally registered Management Information Base (MIB) tree.
1.3.6.1.2.1.1.1.0 -- sysDescr (system description)
1.3.6.1.2.1.1.3.0 -- sysUpTime (ticks since last restart)
1.3.6.1.2.1.2.2.1.10.2 -- ifInOctets for interface index 2SNMP versions:
| Version | Authentication | Encryption | Status |
|---|---|---|---|
| v1 | Community string (plaintext) | None | Legacy, avoid |
| v2c | Community string (plaintext) | None | Still common but insecure |
| v3 | Username + MD5/SHA | DES/AES | Required for production |
SNMP operations:
| Operation | Direction | Description |
|---|---|---|
GET | Manager to Agent | Retrieve a single OID value |
GETNEXT | Manager to Agent | Retrieve the next OID in the tree |
GETBULK | Manager to Agent | Retrieve multiple OIDs in one request (v2+) |
SET | Manager to Agent | Write a value to a writable OID |
TRAP | Agent to Manager | Unsolicited alert on a significant event |
INFORM | Agent to Manager | Acknowledged trap (manager sends a response) |
SNMPv3 security model: Configures per-user: authentication protocol (SHA-256 recommended), privacy protocol (AES-256 recommended), and access control via VACM (View-based Access Control Model). Each user is scoped to an engineID tied to the specific device.
SNMP polling and trap inspection
# SNMPv2c: get system description from a device
$ snmpget -v2c -c public 192.168.1.1 sysDescr.0
SNMPv2-MIB::sysDescr.0 = STRING: Cisco IOS Software, Version 15.9
# SNMPv2c: walk the interface table (all interfaces and their counters)
$ snmpwalk -v2c -c public 192.168.1.1 IF-MIB::ifTable
IF-MIB::ifIndex.1 = INTEGER: 1
IF-MIB::ifDescr.1 = STRING: GigabitEthernet0/0
IF-MIB::ifOperStatus.1 = INTEGER: up(1)
IF-MIB::ifInOctets.1 = Counter32: 1234567890
IF-MIB::ifOutOctets.1 = Counter32: 987654321
# SNMPv3: authenticated and encrypted query (production-safe)
$ snmpget -v3 \
-l authPriv \
-u monitoring_user \
-a SHA \
-A "$SNMP_AUTH_PASS" \
-x AES \
-X "$SNMP_PRIV_PASS" \
192.168.1.1 sysUpTime.0
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (432000) 1:12:00:00.00
# Listen for incoming SNMP traps
$ snmptrapd -f -Lo -c /etc/snmp/snmptrapd.conf
2026-04-21 10:00:00 192.168.1.1 [UDP: [192.168.1.1]:49123->[::]]:
TRAP, SNMP v1, community public
linkDown TRAP, cpu1, uptime: 1:00:00SNMP is the backbone of network monitoring tools like Zabbix, Nagios, PRTG, LibreNMS, and Observium. Every enterprise-grade router, switch, UPS, and server out-of-band management card (iDRAC, iLO) supports SNMP. The most critical production lesson: never use SNMPv1 or v2c with public as the community string on an internet-reachable interface. SNMP v2c community strings are transmitted in cleartext, so anyone sniffing the wire can read all your device metrics and potentially reconfigure devices via SET operations. Always use SNMPv3 with authPriv mode for production gear. For datacenter environments, SNMP is how you monitor power draw per PDU outlet, temperature per rack, and link utilization on every port, feeding the time-series data into Grafana dashboards. The rise of streaming telemetry (gNMI/gRPC on modern Cisco, Juniper, and Arista gear) is gradually replacing SNMP polling for high-frequency metrics, but SNMP remains dominant for breadth of device support.