Dashboard
Courses
Logout

NAME

Course Overview

/

SNMP

SNMP

SNMP



SimpleNetwork Management Protocol (SNMP – UDP/161) is a protocol used formanaging and monitoring network devices, such as routers, switches,and servers. It enables network administrators to gather information,configure settings, and receive notifications about the status andperformance of network devices.

SNMPutilizes a client-server model where network devices act as SNMPagents and a central management system functions as the SNMP manager.The SNMP manager can send requests to SNMP agents to retrieveinformation or perform specific operations on managed devices.

SNMPis used for various purposes, including:

  • Monitoring: SNMP allows network administrators to monitor the status and performance metrics of network devices, such as CPU usage, memory utilization, network traffic, and interface status.
  • Configuration: SNMP provides a mechanism to remotely configure settings on network devices, such as enabling or disabling features, modifying network parameters, or updating firmware.
  • Fault Management: SNMP enables the detection and reporting of network faults, errors, and abnormal conditions. It allows administrators to receive notifications (traps) when specific events occur, aiding in proactive troubleshooting.



There aremultiple different versions of SNMP

  • Version 1 – plaintext, uses community strings for authentication
  • Version 2c – plaintext, uses community strings for authentication
  • Version 3 – encrypted, uses username and password for authentication



Inthe context of SNMP (Simple Network Management Protocol), a communitystring is a basic form of authentication used to control access toSNMP-enabled devices. It acts as a password or a shared secretbetween the SNMP manager and agent, allowing them to communicate andexchange information.

Thecommunity string is essentially a text string that serves as acredential for SNMP authentication. It is sent in SNMP messages toidentify and verify the legitimacy of the SNMP manager or agent. SNMPsupports two types of community strings: read-only (also known as"public") and read/write (also known as "private").

Read-OnlyCommunity String:

  • The read-only community string allows SNMP managers to retrieve information and perform read-only operations on SNMP-enabled devices.
  • With a read-only community string, SNMP managers can query devices to gather information such as system status, performance metrics, and configuration details.
  • However, they are not allowed to modify or change any settings or configurations on the SNMP agent.

Read/WriteCommunity String:

  • The read/write community string provides SNMP managers with more privileges, allowing them not only to retrieve information but also to modify and update SNMP-enabled devices' settings and configurations.
  • With a read/write community string, SNMP managers can perform read and write operations, enabling them to modify parameters, change configurations, or even reset devices if necessary.
  • It is important to note that using a read/write community string grants more control and should be carefully managed to prevent unauthorized modifications.





When testing forSNMP weaknesses there are multiple tools that can be used.



SNMPWalk:

  • Syntax: snmpwalk -c community_string -v version target_host
  • Example: snmpwalk -c public -v2c 192.168.0.1

SNMPCheck:

  • Syntax: snmpcheck -t target_host -c community_string
  • Example: snmpcheck -t 192.168.0.1 -c public

Nmapwith SNMP Brute-Force Script:

  • Syntax: nmap -p 161 --script=snmp-brute --script-args='snmp-brute.communities=community_list' target_host
  • Example: nmap -p 161 --script=snmp-brute --script-args='snmp-brute.communities=public, private' 192.168.0.1