The Simple Network Management Protocol, or SNMP, started in the late ‘80s as a simple solution to managing network nodes easier. SNMP data has been used in network security ever since to measure the performance of devices across a variety of different vendors.
SNMP is among the most popular networking protocols, with snmpwalk becoming one of the most common methods for scanning more than one node simultaneously.
What Makes SNMP Tick?
Before we start working with the snmpwalk command, let’s examine precisely how SNMP works in the first place.
SNMP uses agents to collect information from devices on which it is enabled. This data is then stored in a MIB(Management Information Base), where it is left for easy access when the SNMP manager polls the agent to find it.
Whenever the SNMP Manager queries the agent, the agent will take the data from the MIB and send it to the manager; at this point, you’ll be able to see the data through a network monitoring tool.
Although different commands will let you query an SNMP agent, the GET and GET-Next commands most often; the GET command’s purpose is to take an OID or Object Identifier from the Management Information Database. The GET-Next command can be a bit harder to wrap your head around, as it goes through a MIB tree going from Object Identifier to Object Identifier to pull information. However, this is the process that snmpwalk makes a lot simpler.
What Is snmpwalk?
An SNMP application tasked with running multiple simultaneous GET-Next requests automatically is referred to as a snmpwalk. The most significant advantage of snmpwalk is that it lets you query Get-Next enabled devices simultaneously and pull data from them at once. Making a chain of Get-Next requests like this is extremely useful when you don’t have to write out a unique command for every single Object Identifier or node within a given sub-tree.
Snmpwalk starts its work at the root node of a sub-tree, this way, and it makes sure that it’ll gather information from all nodes connected to it. This makes collecting information from multiple devices(such as multiple switches or routers) a breeze. The data then gets to you as a set of Object Identifiers.
Install snmpwalk on Windows
If you’re on Windows, installing snmpwalk will be a walk in the park.
- First of all, you’ll need to download the snmpwalk.exe file here.
- Then, once you’ve got the file on your PC, press Start and search for cmd. This opens up the command line on Windows, and you can use Powershell or the like if you prefer.
Install snmpwalk on Linux
Snmpwalk isn’t difficult to install on Linux either, although it is a bit harder than Windows. The specifics of the process depend on quite a bit on what Linux distribution you’re using, so we’ll be covering a few of the main ones here. You’ll need to enter different commands depending on your distro, and then you’ll get the snmpwalk package ready to install.
For Fedora/CentOS or the like, type:
yum install net-snmp-utils
If you’re on Ubuntu, type:
apt-get install snmp
What Parameters and Options Are There?
Snmpwalk provides you with a variety of different options and parameters you can take advantage of, such as:
- Hostname: Gives you the SNMP agent name
- Community: Tells you what type of read community it is
- Object_id: This lets you specify a given object ID to return any SNMP objects under it. If NULL, that will lead to the root of the object being treated as the object_id.
- Timeout: Set a number(expressed in microseconds) before a timeout
- Retries: How many times a connection should be retried if it times out
- -Os: Displays the last symbolic element of an Object Identifier
- -c: Sets up a community string
- -v: Lets you specify what SNMP version you’d like to use
Making snmpwalk Information Parseable
Most people notice when they first run snmpwalk because it outputs way too many results for a person to reasonably read. So it wouldn’t be surprising if you netted thousands of results the first time.
To circumvent needing to read thousands of lines of text, many vendors will give you a MIB file. The purpose of which is to specify which Object Identifiers are available within the device. Usually, you’ll be given a MIB file for every device you’ve got. This lets you run queries specific to one of those files instead of having to sift through everything.
Most network monitoring tools will also have features to help you parse snmpwalk outputs.
What Does snmpwalk Look Like?
When you’re running snmpwalk on a device, you’ll get a range of different values from the SNMP agent. You’ll need to parse from the starting Object Identifier onwards. Once you’ve entered the snmpwalk command, you should see a result similar to this sample output:
$snmpwalk -v 1 -c public123 localhost .126.96.36.199
sysDescr.0 = STRING: Software: Whistler Version 5.1 Service Pack 2 (Build 2600)
sysObjectID.0 = OID: win32
sysUpTimeInstance = Timeticks: (15535) 0:02:35.35
sysContact.0 = STRING: unknown
sysName.0 = STRING: UDLDEV
sysLocation.0 = STRING: unknown
sysServices.0 = INTEGER: 72
sysORID.4 = OID: snmpMPDCompliance
Now that’s a lot of information to get from just one command. So most of what you see up there is made up of the info given to it by the MIB.
What If We Exclude The MIB?
In the following example, we’ll exclude the MIB. This means that we’ll ignore all of the data coming directly from it. The 2nd number in the 1st like, or .188.8.131.52.4.1.423 is the Object Identifier we’re starting from
$ snmpwalk -v1 -c public 10.10.1.224 .184.108.40.206.4.1.423
SNMPv2-SMI::enterprises.4220.127.116.11.18.104.22.168 = STRING: “Sicon DP850E”
SNMPv2-SMI::enterprises.422.214.171.124.126.96.36.199 = STRING: “IPS_EDEN”
SNMPv2-SMI::enterprises.4188.8.131.52.184.108.40.206 = STRING: “313.40.D
Pulling Specifically From The MIB
If you’re looking to pull data specifically from a MIB, then you can get in-depth info about the specific objects you’re interested in. In the following example, we use the -m command to tell snmpwalk what MIB it should query.
$ snmpwalk -v1 -c public -m “./IPS-POWERNET.txt” 10.10.1.224 apc
PowerNet-MIB::upsBasicIdentModel.0 = STRING: “Sicon DP850E”
PowerNet-MIB::upsBasicIdentName.0 = STRING: “IPS_EDEN”
PowerNet-MIB::upsAdvIdentFirmwareRevision.0 = STRING: “423.10.D”
How To Do It On Linux?
Snmpwalk functions quite similarly across Linux and Windows. As you can see in the example below, snmpwalk still goes through the Object Identifiers until it finds the system data that it’s looking for and then displays it.
# % snmpwalk-v 1 localhost public system # system.sysDescr.o = “SunOS name wildc”
# system.sysObjectID.o = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
# system.sys.UpTime.o = Timeticks (93242143) 85 days, 21:31:52
# system.sysContact.o = “email@example.com>”
# system.sysName.o = “Wistari, MSA”
# system.sysLocation.o = “Wistari, MSA”
# system.sysServices.o = 82
Using snmpwalk To Increase Efficiency
Although snmpwalk can seem difficult and daunting at first, it’s a relatively simple concept. A snmpwalk command is a simple shorthand used to put out multiple GET-Next requests without forcing you to write dozens of commands. A single snmpwalk command can sometimes save you up to hours of writing commands and help you take a better look at the health of your infrastructure.
When using snmpwalk, you should remember that; you’ll get the most out of it; you’ll want to specialize the output it gives you and cut out all but the information you’re looking for. Specifying a given MIB lets you see more specific data rather than seeing information gathered from a whole database of Object_IDs.
Getting SNMP data like this from your network helps you ensure that you don’t gloss over any crucial aspects. Remember that the whole purpose of the snmpwalk command is to help you get SNMP data from your network devices while spending as little time on it as possible.
What’s The Best Tool To Use To Analyze MIB and snmpwalk?
We’ve gone over a variety of tools on the market, looking at MIB analyzers, and we’ve assembled some criteria based on which we’ve determined the best one:
- It needs to give a visualization of the entire OID tree
- There needs to be a view showing the OID value as well as a descriptor for any active nodes
- A graphical sign of whether or not an OID node has a value
- Intuitive GUI that doesn’t take long to learn
- A free trial so that you can decide if you like the tool before you purchase it
- Accurately priced for its functionality
Paessler SNMP, MIBs, and OIDs monitoring with PRTG
Paessler isn’t one of the biggest companies in network security for no reason. Using this tool, you can deploy SNMP, OIDs, and MIBS from one place. In addition, it has an excellent dashboard, showing you everything you need to know intuitively.
The PRTG takes advantage of SNMP to pay close attention to your entire network. From the moment you set the tool up, you’re ready to collect all of the data you need about your network devices.
It stores the information found within a tree with a branch structure, with one vendor being assigned one branch. This helps with troubleshooting, as you don’t need to guess to see what’s causing issues.
snmpwalk Frequently Asked Questions
Are There Any Good SNMP Alternatives?
Unfortunately, if you’re looking for a universally implemented reporting standard that isn’t SNMP, you’re out of luck. Although there are other reporting standards, like Netconf, which comes preinstalled on all Cisco devices, none are anywhere near as standard. There’s also WMI as a Windows-only option. So if you’re just looking for a reporting system, chances are your device manufacturer might have one of their own. On the other hand, if universal acceptance means something to you, you’re better off using SNMP.
What Is An OID?
An OID, or Object Identifier, is the code specific to a single node within the MIB tree.
How Do I Tell If SNMP Is Running On Linux?
To check if SNMP is currently running on Linux, you need to issue a standard SNMP command in the command line. For example, write “snmpget -v,” and if it shows you your SNMP version, it’s running.
How Do I Tell If SNMP Is Running On Windows?
To check if SNMP is running on your Windows device, go to your Start Menu and expand Windows Administrative Tools. After pressing “Services,” you should be able to scroll down the list to find your SNMP entry. In the “status” column, it should say “Running” if it is.
SNMP has drastically changed the network security landscape in the over 30 years it has been around. Today, there are various tools out there made to help you make your snmpwalk commands more efficient. Out of all of those, we think the Paessler PRTG shows the most promise with its modular approach to monitoring.
Although snmpwalk can seem quite daunting at first, it’s not so bad at all once you’ve got to grips with it.
Try it out yourself!
What is your favorite thing you’ve accomplished with snmpwalk?
Do you think there’ll be a true competitor to SNMP in the future?
Let us know in the comments below!