When computer information is sent in TCP/IP networks, it is first decompressed into individual data frames. In this way, you can transfer data of nearly unlimited size. The frames also contain the target system’s MAC address, without which a transmission would not be possible. If the physical address is not known, the sender must first be determined using the ARP Address Resolution Protocol. Here,...
Devices of all kinds are combined in a network – from computers, servers, switches, or routers to printers, and so on. The higher the number of participants, the more effort and difficulties the administrator has in managing them. For this reason, the use of management tools is vital if the functionality and security of all systems is to be guaranteed in the long run. One protocol used by many of these software solutions is the “Simple Network Management Protocol” – or just SNMP, which is one of the most important standard protocols supported by almost all terminal devices today.
What is SNMP?
After two years of development, the first official version of SNMP was published in RFC 1157 in May 1990. The IETF (Internet Engineering Task Force) working group is responsible for the network protocol, which is part of the internet protocol family and is now also available in SNMPv2 and SNMPv3.The core function of the SNMP protocol is to enable central monitoring and control of all components of a computer network. For this purpose, it describes the structure of the required communication packages and the communication flow between the central station and the individual devices.
The connectionless UDP protocol is used to transport the packages. The transported data and information is stored in a tree structure in the management information base (MIB).
SNMP explanation: how SNMP works
Network management via SNMP is based on an agent manager model. The central management station is the system from which the administrator monitors and controls the various network participants. For this purpose, management software is installed that enables SNMP data retrieval and the initiation of certain actions. The agents, which are also applications, are the counterpart on the side of the individual network components. You enter the relevant data on the target host and pass it on to the management station, but you can also make settings yourself and trigger certain actions. These kinds of agent applications are already in use by default in most popular Windows and Linux systems, for example in the form of the snmpd daemon (Linux only).
The SNMP protocol specifies seven possible message types for communication between manager and agent:
- GET request: GET requests are the default messages for retrieving a specific record on the intended network device.
- GETNEXT request: This message format is required if subsequent data records need to be queried, e.g. for tables.
- GETBULK request: If a defined number of data records are to be retrieved with a single request, the manager application can send a GETBULK request (from SNMPv2). Such a request is comparable to several successive GETNEXT requests.
- SET request: SET requests allow the manager to change one or more data records of the intended network device or to trigger certain actions. An example situation in which several adjustments are necessary is configuring an IP address, which also requires the specification of a network mask at the same time.
- GET response: If the manager has requested one or more data records or initiated changes or actions, the agent responds with GET responses. These response packages contain either the requested data, a confirmation of the adjustments, or an error message if the requests could not be answered correctly.
- SNMP trap: SNMP traps are agent messages sent without prompts from the manager station. This might happen if something unexpected occurs. The SNMP traps can communicate the event in two ways. The first option is to add a unique identification number, the meaning of which the manager can look up in the information database (MIB). If option number two is selected, the SNMP traps not only inform about the event, but also contain the corresponding data without displaying a specific identification number.
- INFORM request: INFORM requests basically fulfill the same function as SNMP traps. In contrast to these, however, the INFORM packages are characterized by the fact that their receipt is acknowledged by the manager. As a result, the agent can resend the message if it has not reached the manager in the first attempt.
As already mentioned, the Simple Network Management Protocol prescribes the use of the connectionless transport protocol UDP for the transmission of the listed message packets. SNMP uses UDP port 161 for the various GET queries to the agents (including replies), while the automatically sent SNMP traps are sent via UDP port 162.
Comparison of the different versions of the SNMP protocol
Originally, SNMP did not provide a way for managers to communicate with each other, nor for agents to send messages that are acknowledged. Also, the support of many applications only partially worked in the beginning, despite the approach as an open standard. Therefore, the protocol revisions of the following years were in particular focused on integrating corresponding mechanisms into the Simple Network Management Protocol. Another important goal of the responsible IETF working group, which is reflected in particular in the third protocol version, was to make the administration procedure more secure. These and other optimization steps of the SNMP protocol are discussed in more detail in the following portraits of the individual versions SNMPv1, SNMPv2, and SNMPv3.
SNMPv1 is the first version of the network management protocol to provide the underlying manager-agent model, and is the basis for communication between the manager station and the individual agents. The Simple Network Management Protocol is described as a simple protocol that operates at the application level and can be based on UDP (User Datagram Protocol) and Internet Protocol (IP), but also on comparable network protocols such as AppleTalk's Datagram Delivery Protocol (DDP) or Internet Packet Exchange (IPX). The only built-in security mechanism is the exchange of a so-called community string, which is sent with the respective requests.
A major problem with the first version of the SNMP protocol is that the security community string is only transmitted in plain text. For this reason, the developers quickly worked on a new variant called secure SNMP, in which this string is transmitted in encrypted form. However, this version was never released because it was directly replaced by SNMPv2. Further improvements over the original protocol variant include optimized error handling, the possibility of manager-to-manager communication, and more functional SET commands. However, the biggest advantage over SNMPv1 was the newly implemented message types GETBULK (for querying multiple data in a single request) and INFORM (for reply confirmations to agent responses).
After the first, smaller step in the second protocol version, the IETF focused completely on security in SNMPv3, and replaced the community string with a username and password. In addition, the third protocol execution contains functions to encrypt the transmission of SNMP packets, unlike the predecessors. In total, SNMPv3 offers three different types of authentication and encryption:
If the manager station supports the third version of the SNMP protocol, it should always be preferred to the older protocol versions. It also makes sense to use the highest possible SNMPv3 security level (authPriv) if the device allows it.