SNMP- Simple Network Management Protocol (Information Gathering)

SNMP stands for Simple Network Management Protocol.

It is a network protocol that is native to IP networks and compatible with most network devices. It is mainly used to gather information about networking equipment, and helps ensure that a company’s network is running smoothly. Network monitoring tools such as routers, switches, and firewalls often rely on SNMP to gain visibility into network infrastructure to facilitate proper communication and maintain homeostasis.

The SNMP Agent comes pre-installed on most network devices. To start collecting device information, you would enable SNMP on the device, and configure an SNMP Manager to begin communicating with the device.

Monitoring Tools for SNMP protocol.

Network engineers and admins are responsible for ensuring that their organization’s network is continuously available and performing as expected. In order to help ensure network health and performance, you need visibility into the performance of all your network devices.

Datadog Network Device Monitoring (NDM) leverages SNMP to automatically discover and monitor network devices at any scale and across multiple vendors. You can aggregate metrics across all devices or use tags to filter down to a specific subset when you are investigating a network outage or incident. With machine-learning based alerts, you can get notified automatically when bandwidth utilization or another metric approaches a critical threshold. Most importantly, a single pane of glass unifies network device metrics with infrastructure, application, and security metrics. Thanks to this unified view, engineers and administrators across an organization can work together to monitor and improve the delivery of the company’s services over the network.

Since, like a normal person. I don’t have such a huge network running in my home, I took some help from articles on SNMP analysis. If you are really interested in SNMP analysis. Check out this article.

In our Kali Machine, there are two tools available for analysis purpose of SNMP protocol. However, I would also suggest you to check out the watchdog tool mentioned above.

Let’s learn about these two tools now.

1. onesixtyone

onesixtyone is a simple SNMP scanner which sends SNMP requests for the sysDescr value asynchronously with user-adjustable sending times and then logs the responses which gives the description of the software running on the device.

root@notebook:~# onesixtyone -h
onesixtyone 0.3.3 [options] <host> <community>
  -c <communityfile> file with community names to try
  -i <inputfile>     file with target hosts
  -o <outputfile>    output log
  -p                 specify an alternate destination SNMP port
  -d                 debug mode, use twice for more information

  -s                 short mode, only print IP addresses

  -w n               wait n milliseconds (1/1000 of a second) between sending packets (default 10)
  -q                 quiet mode, do not print log to stdout, use with -l
host is either an IPv4 address or an IPv4 address and a netmask
default community names are: public private

Max number of hosts :   65535
Max community length:   32
Max number of communities:  16384


examples: onesixtyone 192.168.4.0/24 public
          onesixtyone -c dict.txt -i hosts -o my.log -w 100

Again, I am not connected to such a huge network now. It’s just me any my lonely phone. So, can’t exactly perform a SNMP analysis. But basically, this is how you do it. You can also perform it from a text file. It is already mentioned in the example section of onesixtyone.

2. snmpcheck

snmpcheck allows you to enumerate the SNMP devices and places the output in a very human readable friendly format. It could be useful for penetration testing or systems monitoring.

$ snmp-check -h
snmp-check v1.9 - SNMP enumerator
Copyright (c) 2005-2015 by Matteo Cantoni (www.nothink.org)

 Usage: snmp-check [OPTIONS] <target IP address>

  -p --port        : SNMP port. Default port is 161;
  -c --community   : SNMP community. Default is public;
  -v --version     : SNMP version (1,2c). Default is 1;

  -w --write       : detect write access (separate action by enumeration);

  -d --disable_tcp : disable TCP connections enumeration!
  -t --timeout     : timeout in seconds. Default is 5;
  -r --retries     : request retries. Default is 1; 
  -i --info        : show script version;
  -h --help        : show help menu;

This is me performing an snmp enumeration :)

I would also suggest you read this article, if you want to learn more about SNMP enumeration.

Alas, we have talked about SNMP analysis. IN my next article we will talk about SSL analysis (It has got a lot more tools!), and we will be finishing our Information gathering tab and moving on to vulnerability analysis.

Like always…

Be safe, be secure and happy hacking :)