Awesome Netcat test: nc -zvu xx.xx.xx.xx 161 Doesn't work with some devices that are serving SNMP successfully :(. Similarly with nmap: nmap -sU -pU:161 xxx.xxx.xxx.xxx Requires root to run. Fri Feb 3 10:00:48 EST 2012 http://www.dpstele.com/layers/l2/snmp_l2_tut_part1.php http://www.dpstele.com/white-papers/snmp-mib/ Reference: http://www.oidview.com/mibs/ Transport LAYERS (shown as Layer: Protocol) Application: SNMP Transport: UDP Internet: IP Network Interface: Physical SNMP Operations/PDUs (Programming Datagram Unit) { GET / GetRequest (from manager) GET-NEXT / GetNext (from manager) SET / SetRequest GET-RESPONSE / GetResponse (from agent in response to either of previous) Sends either requested-info/success indication or error indication. TRAP / Trap (notify) (from agent) INFORM (notification ack) [not in some lists] } Components { Manager, Agent } Basically, Agents are the servers that reside with managed devices; Managers are client applications. MIB = SNMP Management Information Base OIDs distinguish each variable/object uniquely in the MIB ???? Half the time they begin with dot and half the time not. Each OID has a "readable label" + ... MIB FILE: -- a comment newObjCatName OBJECT IDENTIFIER ::= {parentObjName 123} # 123 is new int newObjName OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESRIPTION "y" ::= {parentObjName 123} # 123 is new int trapSet TRAP-TYPE blab blab Net-SNMP (for network addr 'colorlj') GENERAL EXCEPTIONS (from which you can infer the normal defaults) snmptranslate works locally and does not default to -IR snmpwalk honors only the first specified OID and ignores the rest. Several ways to load additional MIB definition files. See http://www.net-snmp.org/wiki/index.php/TUT:Using_and_loading_MIBS With v3, often need to add switch: -l authpriv snmptranslate is the standalone program that reads mib files. N.b. resource specification is an expression not a literal. snmptranslate .1.3.6.1.2.1.1.3.0 snmptranslate -On SNMPv2-MIB::sysUpTime snmptranslate -IR -On sysUpTime # -IR default for all other programs snmptranslate -TB -On sysUpTime # Lists all matches. Safer than -IR. snmptranslate -Tp -IR sysUpTime # Display a tree snmpwalk -Os -c public -v 2c colorlj Default OID root for snmpwalk is SNMPv2-SMI::mib-2 == 1.3.6.1.2.1 OID root of ".oid" "would typically retrieve *all*. For v3, at least, sometimes need the -Cc switch. snmpget -c public -v 2c colorlj sysUpTime.0 snmptable works only on tables like snmpwalk, but displays row-first and with headers. (I can't get this to list any prt* table). snmpbulk* are just a more efficient version of snmpget, snmpwalk. snmptrap obviously To run normal agent, set v. 2c listen addr + comm string in /etc/snmp/snmp.conf and start /etc/init.d/snmpd. This listens on 161/udp. The trap agent runs on 162/udp. See with "netstat -nlu". The "rocommunity" args are source restrictions. "agentaddress" sets the listen addrs. snmpconf is a wizard for /etc/snmp/snmp.conf (and maybe other files). snmptrapd obviously... Scalars vs. Tables GUESS! Distinction between *Table/Column and *Entry non-leaf nodes: If a leaf name *Index with OID ending in .1, then .1 has no accessible value, but the .2 and other values are columns with values accessible like ...2.1.1, ...2.1.2,.... You always need to work with leafs MIBs and I know of no way to tell if a leaf MIB is a Table/Column or a Scalar. Scalar MIB values are obtained like: s.0 Table MIB values are obtained from column OID like: c.1.1, c.1.2 Table example: prtInputTable is 1.3.6.2.1.43.8.2 prtInputTableEntry is 1.3.6.2.1.43.8.2.1 ATTRIBUTE LEVEL prtInputTableIndex is 1.3.6.2.1.43.8.2.1.1 prtInputTableType is 1.3.6.2.1.43.8.2.1.2 Some level below Attr Lvl are tuples for each attr, one for each element. If there are 4 prtInputs, then there will be four 1.3.6.2.1.43.8.2.1.2 and four 1.3.6.2.1.43.8.2.1.3 often like 1.3.6.2.1.43.8.2.1.3.1.1, 1.3.6.2.1.43.8.2.1.3.1.2 (often start with .1 like here but also start with 0.0.0.0.80.0.0.0.0.0) prtInputTableType is 1.3.6.2.1.43.8.2.1.2 EMPIRICALLY If the MIB list lists X, then ether X.1.1 retrieves the TYPE: VALUE Example: snmpget -c public -v 2c colorlj 1.3.6.1.2.1.43.8.2.1.13.1.1 OR X.0 retrieves the TYPE:VALUE Example: snmpget -c public -v 2c colorlj 1.3.6.1.2.1.1.3.0 But for unknown reason I get "No Such Instance" when I attempt to pull index objects. GENERIC Mib Object Identifiers sysDescr 1.3.6.1.2.1.1.1 DO an snmpget on 1.3.6.1.2.1.1.1.0 sysObjectID 1.3.6.1.2.1.1.2 DO an snmpget on 1.3.6.1.2.1.1.2.0 ID should begin with 1.3.6.1.4.1.. sysName 1.3.6.1.2.1.1.5 DO an snmpget on 1.3.6.1.2.1.1.5.0 Sys stuff (walk it) 1.3.6.1.2.1 1.3.6.1.2.1.2.2.1.6.2 (2.2.1 is the Entry, .6 is Mac, .1 must be index?, .2 is real???) # Working example: snmpWalk 10.64.102.233 1.3.6.1.2.1.2.2.2.1.6 -v 1 -S Linux To open up v2 requests from everywhere, change the "rocommunity public" line in /etc/snmp/snmp.conf to: rocommunity public default (I added a "rocommunity ext" line that I thought worked before, but it ain't working now). SNMPv2-SMI::enterprises == 1.3.6.1.4.1 is parent of all vendor branches. E.g., a Cisco bfanch is 1.3.6.1.4.1.9.9.156. NO NO NO 'cause contains 1.3.6.1.4.1.14179.2.2.1.1.