Test if SNMP devices are responding correctly to SNMP queries

Installing a SNMP tool

Debug and troubleshooting SNMP is notoriously awkward. Use this guide and you'll soon master the tools needed, get a better understanding of how SNMP works and most importantly ensure that a device correctly replies to your queries.

Several applications exists for executing an SNMP query - some with a GUI others as a command-line tool. We recommend the command-line tool SnmpWalk and if you're using Microsoft Windows consider downloading this ready to use package otherwise install a version matching your type of operating system (packages exists for Mac OS X and different flavours of Linux/Unix).

After downloading and installing SnmpWalk open a "command prompt" and navigate to the folder where SnmpWalk is located.


prompt.png 

Create a SNMP query

The following is a simple SNMP query using SnmpWalk:

snmpwalk -Os -c [community string] -v [SNMP version] [IP] [OID]

  • [community string]: By default most SNMP enabled devices uses "public". You may have changed it through the administration tool used to configure the device.
  • [SNMP version]: SNMP protocol version, "1" or "2c". Most devices supports "2c".
  • [IP]: IP address of the device.
  • [OID]: SNMP OID value(s) that you wish to read (optional, but if omitted expect a very long response).

Example:

If community string is "public", SNMP protocol version is "2c", the IP address of the device is "192.168.20.113" and you wish to read the "sysDescr" object (OID: iso.3.6.1.2.1.1.1) - then the command will look like this:

snmpwalk -Os -c public -v 2c 192.168.20.113 iso.3.6.1.2.1.1.1

 

Response from a SNMP enabled device (in this example from a Hewlett Packard network attached printer):

iso.3.6.1.2.1.1.1.0 = STRING: "HP ETHERNET MULTI-ENVIRONMENT,SN:CNFTB69GN4,FN:PT51A2J,SVCID:20222,PID:HP Color LaserJet CM2320nf MFP"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.11.2.3.9.1 
iso.3.6.1.2.1.1.3.0 = Timeticks: (526523774) 60 days, 22:33:57.74 
iso.3.6.1.2.1.1.4.0 = "" 
iso.3.6.1.2.1.1.5.0 = STRING: "NPI10BE5A" 
iso.3.6.1.2.1.1.6.0 = STRING: "HP Color LaserJet CM2320nf MFP" 
iso.3.6.1.2.1.1.7.0 = INTEGER: 72 
iso.3.6.1.2.1.1.8.0 = Timeticks: (0) 0:00:00.00

 

Response from a device not supporting SNMP: 

Timeout: No Response from 172.16.132.133

If you get a result like the one above, please verify that the SNMP community string, protocol version and IP address is correct. If the command has been entered correctly you can assume that the device does not respond to SNMP queries. Please see vendor documentation for further troubleshooting. 

OID to read values from

You got a valid reply from a SNMP enabled device, now you need to figure out which values that are of interest. Depending on the documentation available this may prove the most tedious part.

SNMP stores values in a tree like structure similar to how files and folders are organized on your hard drive. Each vendor may implement a private branch with specific information about the hardware or use the more generic structure defined by e.g RFC 1156

Anything under iso.1.3.6.1.2 should be well documented as is follows an agreed standard, but don't be surprised if your device just doesn't comply and produces odd output. Iso.1.3.6.1.4 is vendor specific and typically requires some sort of documentation from the vendor to interpret. 

Alternative you can run the snmpwalk example above, but just omit the OID. This will return every information the device is able to display through SNMP. The returned data may be a very long list of OIDs and values. 

Tools that can help you to understand what you're looking at:

About us

Panorama9 instantly gives you the full picture of your IT environment and provide you with the tools needed to quickly respond when issues are detected. Patch management, remote control, network discovery, all built into one beautiful and easy-to-use solution.

Try it today, get your free account here.

Last updated:

Comments

  • Avatar
    palavesamuthu

    Hi... I am a new one to SNMP, I followed the above way, it work well.
    But I want to find the device details of another machine, which is connected in my network,how can I do??
    If I give another machine's IP ,instead of mine, It cause time out..
    anyone give an idea regarding this...

  • Avatar
    IT-Man

    Hello,

    Thanks for your comment.

    In most cases when you get an SNMP timeout is because the target machine doesn't have SNMP enabled or doesn't allow SNMP request from your machine.

    Check your SNMP configuration on the target IP address to make sure SNMP is supported.

    Best regards

    Claus Tjoerndal
    Panorama9

  • Avatar
    palavesamuthu

    Thanks for your reply. yes I done a mistake, now it works.
    I have two more questions, will you please help me..
    1.Is it possible to find the connection mode of the target machine(wired or wireless)?
    2.In a single command,can I list all SNMP enabled machines in my network??
    Thanks in advance..

  • Avatar
    IT-Man

    Hello,

    1. It depends on what type MIB the SNMP device supports, but you might be able to collect interfaces information from OID .1.3.6.1.2.1.2.1

    2. You can do it with this command, this will scan all ip addresses IP range 172.16.132.0 otherwise you need to create a powershell to do it for you.

    for i in $(seq 1 254); do echo 172.16.132.$i ; sudo nmap -sU -p 161 --script=snmp-interfaces.nse 172.16.132.$i | grep "open"; done

    I can recommend you to try Panorama9 for 30days free, we will automatically start scanning your network for devices with SNMP enabled and monitor NAS, Switches, Printers and UPS.

    You can sigh up here for a free trail - http://www.panorama9.com/free-trial

  • Avatar
    palavesamuthu

    Thanks again, actually I need this through java program.
    I am going with snmp4j.jar.
    Its really helpful.
    Can I get the mac os machine details from windows??

  • Avatar
    palavesamuthu

    Hi... Is there any OID to find the login user name of the machine..

  • Avatar
    IT-Man

    Hello,

    Sorry I didn't see your last two replies..

    You might be able to find machine/user information from the OID .1.3.6.1.2.1.25.1.1
    http://www.oidview.com/mibs/0/HOST-RESOURCES-V2-MIB.html

    Best regards

    Claus Tjoerndal

  • Avatar
    palavesamuthu

    I tried but can't get the details..... here is my output

    1.3.6.1.2.1.25.1.1 =4.43.00(system uptime)
    1.3.6.1.2.1.25.1.2= 07:df:02:11:0f:02:11:00
    1.3.6.1.2.1.25.1.3=0
    1.3.6.1.2.1.25.1.4=(no output)
    1.3.6.1.2.1.25.1.5=7
    1.3.6.1.2.1.25.1.6=60
    1.3.6.1.2.1.25.1.7=0

    Is there any version mismatch, i tried version 1 only...

  • Avatar
    IT-Man

    That might be that I copied a specific OID from the Host-Resources MIB, if you run it against .1.3.6.1.2.1.25 you should get the full MIB returned, it should't matter what version you are using.

    But the MIB .1.3.6.1.2.1.25 will only contain data about the host and number of users, I can't find any MIBs containing user information, but you might be able to find the information some other MIBs

    I'll suggest you run a SNMPwalk against a machine where you know the username etc and ask for OID .1.3. and pass the result to a txt file, where you easily cam search for the specific username. This output will contain a massive numbers of lines, so therefore pass it to a file.

    Hope that helps.

    Best regards

    Claus Tjoerndal

  • Avatar
    palavesamuthu

    Thanks, I tried the following command...
    snmpwalk -Os -c public -v 2c 192.168.0.104 >wow.txt

    It gives 1400 lines of output...

    It doesn't have user name but it was what i am searching..

    so these are the maximum information, I can get from the SNMP...
    I am correct..???

  • Avatar
    IT-Man

    It depends on the device type, switches with +48 ports might have even more information, there isn't a limit on SNMP it depends on the MIBs loaded to the device.

  • Avatar
    palavesamuthu

    Thanks a lot for your comments..

  • Avatar
    Meroyaghmour

    Hi, i am a new in windows server and SNMP and i'm facing a critical alarm on my Nagios system from the Windows server 2008 ( Domain Controller)
    DC01
    C:\ Drive Space
    CRITICAL 07-10-2015 01:20:34 5d 9h 36m 1s 2/2 CRITICAL - Socket timeout after 10 seconds
    D:\ Drive Space
    CRITICAL 07-10-2015 01:20:34 5d 9h 36m 1s 2/2 CRITICAL - Socket timeout after 10 seconds
    Memory Usage
    CRITICAL 07-10-2015 01:20:34 5d 9h 36m 1s 2/2 CRITICAL - Socket timeout after 10 seconds

    i tried to restart the SNMP service but that didn't change anything..

    please help ASAP

  • Avatar
    IT-Man

    Hello,

    Thank you for your comment.

    The error message you're receiving sounds like your Nagios server isn't able to create a connection to your Windows server.
    The problem can be that your Windows server is simply not replying on the SNMP request.
    I will suggest that you start with a simple check from the Nagios server and e.g. your own machine just to make sure that your Windows server is replying on SNMP.
    This can be done by running a program called SNMPwalk, you can find the program in the article on top.
    snmpwalk -Os -c pulic -v 2c 192.168.20.113 iso.3.6.1.2.1.1.1

    If either of those test replies back with a result, the problem is located on your DC01, then try run the same cmd on the server, if you get a reply running the cmd locally, you might have a firewall problem.

    And just for the sake of it, Panorama9 have a 30-day free trial for our cloud based monitoring tool, and with our product you don't need to worry about how to setup specific rules to monitor e.g. your disk drive, memory rules etc. http://panorama9.com/free-trial

  • Avatar
    ShawnM

    The format you have an example for the command snmpwalk -Os -c [community string] -v [SNMP version] [IP] [OID], doesn't work for me. I have to use the following format example:
    SnmpWalk.exe -r:MainRouter -csv
    SnmpWalk.exe -r:10.0.0.1 -t:10 -c:"admin_rw" -os:.1.3.6.1.2.1.1
    SnmpWalk.exe -r:"::1" -v:3 -sn:SomeName -ap:MD5 -aw:SomeAuthPass -pp:DES -pw:SomePrivPass -os:.1.3.6.1.2.1 -op:.1.3.6.1.2.65535 -q

  • Avatar
    IT-Man

    Hi ShawnM,

    The reason is that our examples are based on the package "ready to use package", I will take a look at the guide and see if we can update it to one standard.

    Best regards

    Claus Tjoerndal

  • Avatar
    aman sahay

    Hi,
    I am going through same instuction in command prompt.
    But I am getting error like this:- 'snmpwalk' is not recognized as an internal or external command, Operable program and Batch file.
    can you suggest me....what mistake I am doing?

    Regards
    aman