What are the Components of SNMP and How Does it Work?

In general, SNMP utilizes a client/server communication architecture. It consists of three main components:

1. SNMP Manager : The SNMP Manager acts as the server in this architecture. It is a software application responsible for managing and monitoring the network. Also known as the Network Management System (NMS), the SNMP Manager communicates and exchanges information with SNMP Agents active in network devices. Simply put, an SNMP Manager is a computer with network monitoring software, such as the Moein monitoring platform, installed to handle network monitoring tasks. This component uses UDP Port 161. The primary functions of an SNMP Manager include:
• Sending queries to Agents
• Receiving responses from Agents
• Setting variables on Agents
• Receiving Trap messages from Agents
2. SNMP Agent : The SNMP Agent is software that runs on network devices that need to be managed and monitored. The Agent's role is to collect information from the device and respond to requests sent by the SNMP Manager. When an SNMP Agent is activated on a device, it begins recording the device's metrics and information locally and makes this data available to the NMS (SNMP Manager). This component uses UDP Port 162. Additionally, it manages a database of variables known as the Management Information Base (MIB), which will be explained in detail in the next section. The primary functions of an SNMP Agent include:
• Collecting management information from the device it is installed on
• Maintaining and retrieving management information based on the corresponding MIB
• Sending signals to the network NMS
3. SNMP Managed Devices : An SNMP Managed Device is any network device that requires monitoring and management. These devices can include routers, switches, servers, and more.

How the SNMP Protocol Works

The purpose of using the SNMP protocol is to manage and monitor various devices connected to a network. As explained in the previous section, SNMP consists of components where, on one side, there are devices we want to monitor, and on the other side, there is an SNMP Manager responsible for receiving information from these devices. Each target device has an agent installed, which collects various metrics and information from the device. When the SNMP Manager requests specific information from the agent, the agent responds to the request. Requests from the SNMP Manager to the SNMP agent and the corresponding agent responses are sent through port 161. Additionally, each agent can send traps to the SNMP Manager during undesirable events, and these traps are sent through port 162. The SNMP Manager and SNMP agent share a common language defined by MIB files.

For example, in the figure below, a router and a switch are shown sending information to an SNMP Manager. This SNMP Manager can also connect to the agents installed on the devices through port 161 to receive information, a method known as polling.

Management Information Base (MIB) Structure

Each agent maintains a database of information describing various parameters of managed devices. This database is called the Management Information Base (MIB). This database is a hierarchical database of various information, features, and parameters related to different devices under the SNMP protocol, which can be retrieved in the form of data objects. MIB files are essentially ASCII text files that specify various network and device parameters as a list of data objects. It can be considered a dictionary for the SNMP protocol. Manufacturers of various network devices usually provide the MIB file related to their products for use.

As mentioned, the MIB is a database. This database is hierarchical, or tree-structured. In this tree structure, each entry is addressed using an Object Identifier (OID). The MIB contains a set of definitions that specify the attributes of manageable components of the device in question on the network.

For example, in the MIB for a printer, there is a definition for the amount of toner left in the cartridge. There are also other definitions, such as the number of pages printed or the number of sheets in the tray. In the MIB for a network switch, the packet loss rate might be defined as a value. Since the MIB structure is hierarchical, an OID is needed to specify the address for each definition to indicate the exact location of each object definition.

Each OID is an integer separated by dots. At the top of the tree, there's the ISO (1) node, indicating that all MIB variables are part of ISO. The next layer contains the Organization (3) node, abbreviated as Org, which is used for organizations or companies. Beneath this node are the Dod (6) and Internet (1) nodes, representing the Department of Defense and the Internet community, respectively. Under the Internet (1) node, several other nodes exist, used according to the parameter or variable you intend to access. Additionally, under the OID numbered 1.3.6.1.2.1, hierarchically represented as ISO-Organization-DOD-Internet-MGMT-MIB-2, there are several standard OIDs that might be applicable for many network devices, providing information such as sysDescr (a description of the device or entity), device ID, and sysUpTime (the duration the device has been running).

For example, to access information from a Cisco ASA firewall, you can use the MIB files provided by Cisco. You can retrieve various parameters using these MIB files. For instance, in a Cisco ASA, using the MIB file named ciscoMemoryPoolMIB provided by Cisco, you can retrieve parameters like the amount of free memory with the OID number 1.3.6.1.4.1.9.9.48.1.1.1.6. Other OIDs retrievable from Cisco MIB files include:

• 1.3.6.1.4.1.9.9.48.1.1.1.5 (used memory)
• 1.3.6.1.4.1.9.9.10.1.1.4.1.1.5 (free flash memory)
• 1.3.6.1.4.1.9.9.10.1.1.4.1.1.4 (total flash memory)
• 1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.6 (number of active firewall connections)
• 1.3.6.1.4.1.9.9.109.1.1.1.1.8 (CPU usage)

Types of SNMP Commands

Various commands, known as messages, are exchanged between the SNMP Manager and SNMP Agent in SNMP. An SNMP message comprises an SNMP protocol data unit (PDU) and the elements related to its header. An SNMP agent sends information to the SNMP manager at two times: 1) when responding to a request from the SNMP manager, and 2) when a trap event occurs. The types of commands exchanged between the SNMP Agent and SNMP Manager include:

• Get: This message is sent by the manager to the agent to access information about objects stored in the MIB file.
• GetResponse: This message responds to Get, GetNext, or Set messages.
• GetNext: This message allows you to retrieve the desired information from a selected column in the MIB file. Using this message, you can navigate through different nodes in the MIB file tree and receive the next parameters' information.
• Set: This message is sent by the manager to change the value of an object. This message can update the value of a parameter in the agent's MIB file, but the SNMP manager must have write access. Therefore, this command might not always be usable, as most MIB file objects are read-only by default.
• Trap: Traps are used when an event occurs locally on the agent, and the agent wants to notify the SNMP manager. For example, if the agent receives information from a manager with unknown credentials, it can inform the manager through trap messages.

 Useful links

source1/source2/source3/source4/source5/source6/source6