SNMP

Last updated on 16 October 2025

SNMP (Simple Network Management Protocol) is a lightweight protocol used for managing and monitoring network equipment and industrial systems. SNMP is often seen in IT networks, but also in industrial environments for monitoring switches, routers, firewalls, industrial PCs (IPCs), and sometimes even PLCs or I/O equipment.

What is SNMP

SNMP is an application protocol that runs on top of UDP (typically port 161 for queries and port 162 for traps). It operates with two roles: managers (e.g., monitoring software, SCADA, or NMS systems) and agents (the devices that provide information). The manager retrieves or writes values; the agent responds or sends asynchronous notifications when something changes.

Key Characteristics

Key characteristics of SNMP you should know:

  1. Lightweight and efficient — suitable for large networks and industrial installations.
  2. Based on UDP (connectionless; fast, simple exchange).
  3. Data is organized in a hierarchical MIB (Management Information Base).
  4. Supports polling (active querying) and traps (asynchronous notifications).
  5. Widely supported by network and industrial equipment.
  6. Multiple versions with increasing security: SNMPv1, SNMPv2c, and SNMPv3.

SNMP Architecture

The SNMP architecture consists of three fundamental components that together form the basis for monitoring:

  1. Manager: software that periodically retrieves data (polling) and listens for traps.
  2. Agent: runs on the device and provides information via the standard MIB.
  3. MIB (Management Information Base): a hierarchical data tree with objects identified by OIDs.

Managers include Nagios, Zabbix, or PRTG; in industrial environments, SNMP is often integrated into SCADA or NMS systems.

MIB and OIDs — Tree Structure

SNMP data is organized as a tree. Each node has a unique numerical path (OID) that refers to a specific data point. Examples of OIDs include:

  1. 1.3.6.1.2.1.1.1 = sysDescr
  2. 1.3.6.1.2.1.2.2.1.10 = incoming bytes of interface 1

In addition to standard MIBs, vendors often publish their own MIBs for specific devices or functions, which is useful for reading vendor-specific statuses.

SNMP Message Types

SNMP defines multiple message types for manager-agent communication. The main types are:

  1. GET – requests the value of one or more OIDs.
  2. GETNEXT – browses the MIB structure (useful for tables).
  3. GETBULK – (v2c/v3) retrieves multiple rows/tables at once.
  4. SET – modifies a value on the agent (if permitted).
  5. TRAP – asynchronous notification from agent to manager (port 162).
  6. INFORM – (v2c/v3) similar to TRAP but requires acknowledgment.

SNMP Authentication and Security

Security differs significantly between versions. In industrial networks, SNMPv1 and v2c are still often seen, but they have clear limitations.

SNMPv1 & V2c — Community Strings

In SNMPv1 and v2c, authentication occurs via simple community strings (e.g., public or private). These strings are transmitted in plain text, and there is no source authentication. Commonly used conventions:

  1. public → read-only
  2. private → read-write

Use v1/v2c only on well-shielded networks when absolutely necessary.

SNMPv3 — Modern Security

SNMPv3 adds a complete security layer with authentication and optional encryption via the User-based Security Model (USM). The three security levels are:

  1. NoAuthNoPriv — no authentication, no encryption (comparable to v2c within the v3 framework).
  2. AuthNoPriv — authentication with username and HMAC (MD5 or SHA), no encryption.
  3. AuthPriv — authentication + encryption (e.g., DES, AES); the most secure form.

Administrators must configure users with a username, authentication protocol + password, and optionally an encryption protocol + password.

Practical Application in Industrial Networks

In practice, SNMP is used for multiple OT/industrial applications:

  1. Monitoring of industrial switches and routers: bandwidth, link status, and port statistics.
  2. Status and temperature of industrial PCs (IPCs) and hardware monitoring.
  3. PLCs that publish basic statistics via SNMP (often read-only).
  4. Centralized logging via traps: consider power outages, link failures, or other alarm signals.
  5. Integration into SCADA or NMS tools such as Nagios, Zabbix, and PRTG for centralized monitoring.

For remote access, SNMP can be used as part of your monitoring strategy, but always pay attention to segmentation, firewall rules (UDP port 161/162), and choosing SNMPv3 where possible.

Summary

SNMP is a lightweight, widely used protocol for monitoring and management with a hierarchical MIB structure and unique OIDs per data point. SNMPv1/v2c are simple but insecure; SNMPv3 offers true authentication and encryption and is highly recommended for production environments in industrial networks.

In this article