How to Analyze Network Protocols, Learn More >>

Being able to support more than 300 protocols in the latest version, Capsa Network Sniffer make it easy to analyze protocols in network and understand what is happening.

Recommend Network Analysis Software >>


RFC 1157 http://tools.ietf.org/html/rfc1157

SNMP Protocol Overview: http://service.baltnet.ru/info/CIE/Topics/108.htm

IETF RFCs 1155, 1156, and 1157 define the Simple Network Management Protocol (SNMP). The Internet community developed SNMP to allow diverse network objects to participate in a global network management architecture. Network managing systems can poll network entities implementing SNMP for information relevant to a particular network management implementation. Network management systems learn of problems by receiving traps or change notices from network devices implementing SNMP.

SNMP Message Format

SNMP is a session protocol which is encapsulated in UDP. The SNMP message format is shown below:

Version Community PDU
SNMP message format

Version
SNMP version number. Both the manager and agent must use the same version of SNMP. Messages containing different version numbers are discarded without further processing.

Community
Community name used for authenticating the manager before allowing access to the agent.

PDU
There are five different PDU types: GetRequest, GetNextRequest, GetResponse, SetRequest, and Trap. A general description of each of these is given in the next section.

PDU Format

The format for GetRequest, GetNext Request, GetResponse and SetRequest PDUs is shown here.

PDU type Request ID Error status Error index Object 1, value 1 Object 2, value 2 Ö
SNMP PDU format

PDU type
Specifies the type of PDU:

0 GetRequest.
1 GetNextRequest.
2 GetResponse.
3 SetRequest.

Request ID
Integer field which correlates the managerís request to the agentís response.

Error status
Enumerated integer type that indicates normal operation or one of five error conditions. The possible values are:

0 noError: Proper manager/agent operation.
1 tooBig: Size of the required GetResponse PDU exceeds a local limitation
2 noSuchName: The requested object name does not match the names available in the relevant MIB View.
3 badValue: A SetRequest contains an inconsistent type, length and value for the variable.
4 readOnly: Not defined in RFC1157.
5 genErr: Other errors, which are not explicitly defined, have occurred.

Error index
Identifies the entry within the variable bindings list that caused the error.

Object/value
Variable binding pair of a variable name with its value.

Trap PDU Format

The format of the Trap PDU is shown below:

PDU type

Enterp

Agent

addr

 

Gen

trap

 

Spec

trap

 

Time

stamp

 

Obj 1,

Val 1

 

Obj 1,

Val 1

 

Ö

SNMP trap PDU

PDU type
Specifies the type of PDU (4=Trap).

Enterprise
Identifies the management enterprise under whose registration authority the trap was defined.

Agent address
IP address of the agent, used for further identification.

Generic trap type
Field describing the event being reported. The following seven values are defined:

0 coldStart: Sending protocol entity has reinitialized, indicating that the agentís configuration or entity implementation may be altered.
1 warmStart: Sending protocol has reinitialized, but neither the agentís configuration nor the protocol entity implementation has been altered.
2 linkDown: A communication link has failed.
3 linkUp: A communication link has come up.
4 authenticationFailure: The agent has received an improperly authenticated SNMP message from the manager, i.e., community name was incorrect.
5 egpNeighborLoss: An EGP peer neighbor is down.
6 enterpriseSpecific: A non-generic trap has occurred which is further identified by the Specific Trap Type and Enterprise fields.

Specific trap type
Used to identify a non-generic trap when the Generic Trap Type is enterpriseSpecific.

Timestamp
Value of the sysUpTime object, representing the amount of time elapsed between the last (re-)initialization and the generation of that Trap.

Object/value
Variable binding pair of a variable name with its value.

Vulnerabilities for this protocol (from CVE)

CVE ID Protocol Source Port Targetport
CVE-2000-0221udpany161
Description: The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port.

TCP/IP Protocols:

AHARP/RARPATMPBGP-4COPSDCAPDHCPDNS
DVMRPEGPEIGRPESPFANPFingerFTPHSRP
HTTPICMPICMPv6IGMPIGRPIMAP4IPIPDC
IPv6ISAKMPL2FL2TPLDAPMARSMobile IPNARP
NetBIOS/IPNHRPNTPOSPFPIMPOP3PPTPRadius
RIP2RIPng for IPv6RLOGINRSVPRTSPRUDPS-HTTPSCTP
SLPSMTPSNMPSOCKS V5TACACSTALITCPTELNET
TFTPUDPVan JacobsonVRRPWCCPX-WindowXOT