SNMP
Exploring the SNMP protocol
Starting with a number of Wiresharc traces of the SNMP frames, we explore the details
A GET Request:
The request for two OID items 1.3.6.1.4.253.8.51.9.2.1.5.10.1 and 1.3.6.1.4.253.8.51.9.2.1.6.10.1. since this is a GET the values are empty (Null)
A GET Response:
The response from the agent for the previous OID. Each OID returns an Int32 value of 0.
A SET Request:
The set request to the OID 1.3.6.1.4.253.8.51.9.2.1.2.10.1 to set an Int32 value of 6.
A SET Response:
The response from the agent for the previous OID showing that indeed the value has been changed to an Int32 value 6.
The base protocol
Obviously as the above has shown the SNMP frame is of variable length. In fact it can size up to the UDP maximum (65536 bytes) but the parts are common:
| IP Header | UDP Header | Version | Community | PDU Type | request-id | error-status | error-index | variable-binds |
|---|
The headers are well known, so only the remaining items will be looked at.
Version:
There are three version of SNMP i) version 1 (obsolete) ii) version 2, 2a, 2c, 2u, iii) version 3, the same as 2 but with encryption. for the moment only 2c will be used to present implementation details
Community:
The communities were introduced in version 2 to give a slight measure of security in that the community name needs to be known to attain end to end communication. There can be three distinct communities read (GET), write (SET) and for traps (sort of).
PDU Type:
There 7 PDU (Protocol Data Unit) types. In brief these are the types of data that can be sent in the SNMP frames:| PDU Type | Description | |||||
|---|---|---|---|---|---|---|
| GET Request | A manager-to-agent request to retrieve the value of a variable or list of variables. Desired variables are specified in variable bindings. | |||||
| SET Request | A manager-to-agent request to change the value of a variable or list of variables. Variable bindings are specified in the body of the request. | |||||
| GET Next | A manager-to-agent request to discover available variables and their values. Returns a Response with variable binding for the lexicographically next variable in the MIB. | |||||
| GET Bulk | A manager-to-agent request for multiple iterations of GetNextRequest.Returns a Response with multiple variable bindings walked from the variable binding or bindings in the request. | |||||
| RESPONSE | ||||||
| TRAP | Asynchronous notification from agent to manager.SNMP traps enable an agent to notify the management station of significant events by way of an unsolicited SNMP message. | |||||
| INFORM Request | Acknowledged asynchronous notification.A SNMPv2 addition. | |||||
request-id
A rolling identifier number or counter. Can be used to identify a response to a request or missing frames (UDP is lossy)
error-status
An error code eg: "BAD_VALUE", "NO_SUCH_VALUE", "WRONG_ENCODING" etc.....
error-index
An index nmumber to an error table.
variable-binds
A number of information sets linking the values of the various requests in a get or set. Can be numerous.The Encoding
In order to neutralise the effect that the internal number-string encodings used in different SO could have on inter-communication, the SNMP protocol uses a neutral encoding scheme ASN.1 (Abstract Syntax Notation One). The originator changes the internal data format to ASN.1 and the receiver reverts from ASN.1 to the SO format.