SNMP (Simple Network Management Protocol) belongs to the suite of protocols defined by the IETF (Internet Engineering Task Force) in 1989 and operates at layer 7 of the OSI model. This protocol allows network administrators to measure of network devices operating parameters in order to do anomalies detection or statistics creation.
How does it work
To operate the SNMP requires three elements, the managed system, the agent and the manager.
The managed system can be a router, a printer, a switch, or any other device that has an administrative agent that measure and stores data in a hierarchical database called MIB (Management Information Base).
The Manager is the management system, typically a monitoring system able to query the MIB.
In practice this protocol is an implementation of the client-server model where the client is the monitoring device (on which run Manager module) and the server is the device to be monitored (on which runs the application agent). The agent gathers data and stores them in the MIB and listens on UDP port 162 to answer Manager’s questions.
MIB Structure
MIB is a hierarchical database (tree) that allows you to identify your own objects using an object identifier (OID) according to the notation '. A.b.c.d.e.f. ...', where instead of letters appear alphanumeric characters.
The MIB tree has a standard structure and each manufacturer may enter their branch in fact under the branch iso.org.dod.internet.private.enterprises are inserted records of specific objects of different manufacturers.
To be able to measure it is necessary to know the OID that contains the value to be measured. For example, if we want to measure the incoming traffic to a network interface on a router (parameter defined ifInOctets) we find the following OID:
.1.3.6.1.2.1.2.2.1.10.
To find the OID of our interest should refer to the manufacturer's documentation.
OID actions
Basically the actions you can perform on the OID are three: a) Read b) Write c) Submit a trap
Limiting ourselves to the protocol SNMPv1 the main operations are the following:
1. GET: used by the Manager to read
2. GET-NEXT: used by the manager to read the MIB tree recursively.
3. SET: used by the Manager to write
4. TRAP: used by the agent to send messages to the Manager
In this article we will refer to commands belonging to the Net-SNMP package, available on both Unix and Windows.
The command you use to read a snmpget is the OID.
Once you have identified the IP address of the router to be monitored, his community and the OID of our interest (in this case ifInOctects) we proceed as follows:
$ snmpget iprouter community ifInOctects
Where: iprouter is the IP address of the router, community is the community ifInOctects is .1.3.6.1.2.1.2.2.1.10.
Measurable parameters
In addition to the ifInOctects is possible to identify many other parameters:
Parametro |
OID |
Descrizione |
ifOutOctects |
.1.3.6.1.2.1.2.2.1.16 |
Incoming octects |
ifSpeed |
.1.3.6.1.2.1.2.2.1.5 |
Maximum Bandwidth , if not mesurable Nominal Bandwidth |
ifInErrors |
.1.3.6.1.2.1.2.2.1.14 |
Number of incoming octects with error |
ifOutErrors |
.1.3.6.1.2.1.2.2.1.20 |
Number of outcoming octects with error |
ifInDiscards |
.1.3.6.1.2.1.2.2.1.13 |
Number of discarded objects with no error |
ifPhysAddress |
.1.3.6.1.2.1.2.2.1.6 |
MAC address |
ifOutQlen |
.1.3.6.1.2.1.2.2.1.21 |
Output queue length |
The table above is just a small list of parameters monitored.
Calculated parameters
In addition to directly monitoring, there are parameters that can be calculated, for example, the percentage of the occupied bandwidth.
We have seen that the maximum bandwidth used is measured by the parameter ifSpeed. Two other important parameters are those that would indicate traffic as ifInOctects and ifOutOctects.
In order to calculate bandwidth we need to measure the values and IfInOctects ifOutOctects at two different times T1 and T2 and find the Δ ifInOctects and Δ ifOutOctects.
In practice we have to subtract from the measured value at time T2 that measured at time T1 (AT) . The occupied bandwidth will be:
ΔifInOctects + Δ ifOutOctects) x 8 x 100/ΔT x ifSpeed
Naturally this is a calculated parameter whose accuracy depends on the accuracy of the measurement of ifSpeed.