The snmpwalk command is one of the most used tools on Linux and Windows for testing SNMP on the network devices. In this tutorial, I will show you how to use that command using various snmpwalk examples (v3 and v2c), and also examples of other commands from the Net-SNMP toolkit: SnmpGet, SnmpSet, and SnmpTrap.
Are you familiar with the SNMP protocol? No? Don’t worry, I got you covered with my post – What is SNMP protocol? How does it work? Learn with examples. However, if you have a basic understanding of SNMP then continue with reading.
On Ubuntu/Debian/Rasbian you can install Net-SNMP tools with one simple command: “apt-get install snmp“, or if you have CentOS/RHEL/Oracle Linux/Fedora you can use “yum install net-snmp net-snmp-utils“.
On Windows, download and install net-snmp-5.5.0-2.x64.exe, leave default directory “C:\usr“, then run the CMD tool and when calling snmpwalk tool use a full path like this “C:\usr\bin\snmpwalk.exe -v2c -c public localhost 1.3.6.1.2.1.1“
If you prefer the GUI version of SNMPwalk on Windows please check out SnmpB MIB browser instead to test SNMP and manage MIB files on Windows.
Before you continue, make sure that the host or network firewall is not blocking UDP port 161.
SNMPWALK command
Snmpwalk uses the “SNMP GETNEXT” message type to collect multiple information from a network device in a single SNMP query.
snmpwalk v3 example
Examples
# snmpwalk v3 example with authentication and encryption snmpwalk -v3 -l authPriv -u UserMe -a SHA -A AuthPass1 -x AES -X PrivPass2 192.168.1.1 1.3.6.1.2.1.1 # snmpwalk v3 example with authentication, but no encryption snmpwalk -v3 -l authnoPriv -u UserMe -a SHA -A AuthPass1 192.168.1.1:161 1.3.6.1.2.1.1 # snmpwalk v3 example with no authentication and no encryption but you still needs a username snmpwalk -v3 -l noAuthNoPriv -u UserMe 192.168.1.1:161 1.3.6.1.2.1.1 # Using OID dot1dTpFdbAddress and SNMPv3 context name to get mac addresses in VLAN 32 snmpwalk -v3 -l authNoPriv -u UserMe -a MD5 -A AuthPass1 -n vlan-32 192.168.1.1 dot1dTpFdbAddress
Syntax
snmpwalk -v3 -l <noAuthNoPriv|authNoPriv|authPriv> -u <username> [-a <MD5|SHA>] [-A <authphrase>]
[-x <DES|AES>] [-X <privaphrase>] <ipaddress>[:<dest_port>] [oid]
snmpwalk v2c example
Examples
# snmpwalk v2 example with OID System to get basic system information about the host snmpwalk -v2c -c public 192.168.1.1 1.3.6.1.2.1.1 # snmpwalk v2 example with OID ifDescr to get the description of all interfaces on the host snmpwalk -v2c -c public 192.168.1.1:161 1.3.6.1.2.1.2.2.1.2
Syntax
snmpwalk -v2c -c <community> <ipaddress>[:<dest_port>] [oid]
SNMPGET command
A snmpget command for v3 and v2 is similar to the snmpwalk, just replace “snmpwalk” with “snmpget” when you run the command like this:
# Using OID sysDescr (1.3.6.1.2.1.1.1) to get system description snmpget -v3 -l authPriv -u UserMe -a SHA -A AuthPass1 -x AES -X PrivPass2 10.1.1.1 1.3.6.1.2.1.1.0
Just remember that “snmpget” is for getting only one value, while snmpwalk can “walk” down the MIB hierarchy and get all the values at once. Also, snmpget needs full OID to get data from the device.
SNMPSET command
Snmpset uses the “SNMP SET” message type to remotely configure a network device over SNMP protocol.
snmpset v3 example
Examples
# Using OID ifAdminStatus (1.3.6.1.2.1.2.2.1.7) to administratively shutdown interface with index 10105 snmpset -v3 -l authPriv -u UserMe -a SHA -A AuthPass1 -x AES -X PrivPass2 192.168.1.1 1.3.6.1.2.1.2.2.1.7.10105 i 2
Syntax
snmpset -v3 -l <noAuthNoPriv|authNoPriv|authPriv> -u <username> [-a <MD5|SHA>] [-A <authphrase>]
[-x <DES|AES>] [-X <privaphrase>] <ipaddress>[:<dest_port>] [oid] [type] [value]
[type] can be one of i, u, t, a, o, s, x, d, b
i: INTEGER, u: unsigned INTEGER, t: TIMETICKS, a: IPADDRESS
o: OBJID, s: STRING, x: HEX STRING, d: DECIMAL STRING, b: BITS
U: unsigned int64, I: signed int64, F: float, D: double
Need more examples? You can find more detailed examples in my step by step tutorial about SNMP under section SNMP testing tools.
snmpset v2c example
Examples
# Using OID ifAdminStatus (1.3.6.1.2.1.2.2.1.7) to administratively shutdown interface with index 10105 snmpset -v2c -c private 192.168.1.1 1.3.6.1.2.1.2.2.1.7.10105 i 2
Syntax
snmpset -v2c -c <community> <ipaddress>[:<dest_port>] [oid] [type] [value]
[type] can be one of i, u, t, a, o, s, x, d, b
i: INTEGER, u: unsigned INTEGER, t: TIMETICKS, a: IPADDRESS
o: OBJID, s: STRING, x: HEX STRING, d: DECIMAL STRING, b: BITS
U: unsigned int64, I: signed int64, F: float, D: double
SNMPTRAP command
Snmptrap uses SNMP TRAP operation to send information to a network manager (NMS) via UDP port 162, so make sure that the host or the network firewall is not blocking that port.
snmptrap v3 example
Examples
# Using OID netSnmpExampleHeartbeatRate (1.3.6.1.4.1.8072.2.3.2.1) to send a trap using numeric OID snmptrap -v3 -e 0x090807060504030201 -l authPriv -u UserMe -a SHA -A AuthPass1 -x AES -X PrivPass2 127.0.0.1:161 '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 60 # Using OID netSnmpExampleHeartbeatRate (1.3.6.1.4.1.8072.2.3.2.1) to send a trap using MIB snmptrap -v3 -e 0x090807060504030201 -l authPriv -u UserMe -a SHA -A AuthPass1 -x AES -X PrivPass2 127.0.0.1:161 '' NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 60
Syntax
snmptrap -v3 -e <engine_id> -l <noAuthNoPriv|authNoPriv|authPriv> -u <username> [-a <MD5|SHA>] [-A <authphrase>]
[-x <DES|AES>] [-X <privaphrase>] <ipaddress>[:<dest_port>] <uptime> <OID|MIB> [<oid> <type> <value>...]
<uptime> must be in unix timestamp format or empty string if you need to set current time on trap
<type> can be one of i, u, t, a, o, s, x, d, b
i: INTEGER, u: unsigned INTEGER, t: TIMETICKS, a: IPADDRESS
o: OBJID, s: STRING, x: HEX STRING, d: DECIMAL STRING, b: BITS
U: unsigned int64, I: signed int64, F: float, D: double
snmptrap v2c example
Examples
# Using OID netSnmpExampleHeartbeatRate (1.3.6.1.4.1.8072.2.3.2.1) to send a trap using MIB snmptrap -v2c -c public 127.0.0.1 '' NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 6 # Using OID linkUp (1.3.6.1.6.3.1.1.5.4) to send a trap that notifies that eth0 is in UP state snmptrap -v2c -c public 127.0.0.1 '' '.1.3.6.1.6.3.1.1.5.4' .1.3.6.1.6.3.1.1.5.4 s "eth0"
Syntax
snmptrap -v2c -c <community> <destination_host> <uptime> <OID|MIB> [<oid> <type> <value>...]
<uptime> must be in unix timestamp format or empty string if you need to set current time on trap
<type> can be one of i, u, t, a, o, s, x, d, b
i: INTEGER, u: unsigned INTEGER, t: TIMETICKS, a: IPADDRESS
o: OBJID, s: STRING, x: HEX STRING, d: DECIMAL STRING, b: BITS
U: unsigned int64, I: signed int64, F: float, D: double
snmptrap v1 example
It is important to note that snmptrap v1 have different syntax, and because of that you can’t use snmptrap v2 or v3 examples.
Examples
snmptrap -v 1 -c public 10.1.1.160 .1.3.6.1.4.1.28116.20 10.0.1.250 6 "" "" 1.3.6.1.4.1.28116.20.1 s "Test Trap"
Syntax
snmptrap -v1 -c <community> <destination_host> <OID|MIB> <sender_ip_address> <trap-type> <trap-id> <uptime> [<oid> <type> <value>...]
<trap-type> can be 0=coldStart, 1=warmStart, 2=linkDown, 3=linkUp, 4=authentication Failure, 5=egpNeighborLoss, Generic=6
<trap-id> can be anything, even blank
<uptime> must be in unix timestamp format or a empty string if you need to set current time on trap
<type> can be one of i, u, t, a, o, s, x, d, b
i: INTEGER, u: unsigned INTEGER, t: TIMETICKS, a: IPADDRESS
o: OBJID, s: STRING, x: HEX STRING, d: DECIMAL STRING, b: BITS
U: unsigned int64, I: signed int64, F: float, D: double
Configuring and testing traps can be a slow process, as sometimes you depend on another department/customer to confirm the trap arrivals. To resolve that problem, I recommend using SnmpB (100% free MIB browser) that can be installed on your computer and configured to receive SNMP traps – check out my step-by-step guide for SnmpB MIB browser.
Thank you for reading.
The tool is unable to receive trap for authPriv while authNoPriv and noAuthNoPriv works fine.
Please find the logs with IP and EngineId as – XXXX
20220120.01:22:45: 3272: (1)DEBUG : ++ SNMP++: data received from 10.197.XXX.XXX/123456.
20220120.01:22:45: 3272: (3)DEBUG : mp is parsing incoming message:
20220120.01:22:45: 3272: (3)DEBUG : Parsed length(a1), version(0x3)
20220120.01:22:45: 3272: (3)DEBUG : Parsed HeaderData: globalDataLength(0x0), msg_id(0x71e1101a), msg_max_size(0xffe3), msg_flags(0x3), msg_security_model(0x3)
20220120.01:22:45: 3272: (3)DEBUG : Parsed msgdata length(0x53), msgSecurityParameters length(0x39)
20220120.01:22:45: 3272: (3)DEBUG : Parsed securityParametersLength = 0x37
20220120.01:22:45: 3272: (3)DEBUG : Parsed securityEngineID, length = 0xd
20220120.01:22:45: 3272: (3)DEBUG : Parsed engineBoots(0x0), engineTime(0x0)
20220120.01:22:45: 3272: (5)DEBUG : Parsed usmUserName length(0x8) msgAuthenticationParameters length(0xc) msgPrivacyParameters length(0x8)
20220120.01:22:45: 3272: (9)INFO : USMUserNameTable: Translated (user name) to (security name): (traptest), (traptest)
20220120.01:22:45: 3272: (7)DEBUG : USM::get_user: user (traptest) engine_id ( xxxxxxxxx 61 …..N..#d..a
)
20220120.01:22:45: 3272: (4)DEBUG : SHA authentication OK.
20220120.01:22:45: 3272: (9)DEBUG : USMTimeTable: Check time ok, not authoritative, updated (id): ( xxxxxxxxx 61 …..N..#d..a
)
20220120.01:22:45: 3272: (0)DEBUG : Decryption error detected
20220120.01:22:45: 3272: (0)DEBUG : mp: error while executing USM::process_msg
20220120.01:22:45: 3272: (1)DEBUG : ErrorCode is 1406
Thanks for your post
Not sure if you are replying. But somehow I am not able to receive trap for authPriv. Do we need anyother setting or 3rd party files for the this?
This is important, awaiting your reply.
Hi,
where are you supposed to receive trap – on what tool?
Regards
Hi thanks for your post :
I, however have a small remark for
# snmpwalk v3 example with authentication, but no encryption
snmpwalk -v3 -l authPriv -u UserMe -a SHA -A AuthPass1 192.168.1.1:161 1.3.6.1.2.1.1
it should be
snmpwalk -v3 -l authnoPriv -u UserMe -a SHA -A AuthPass1 192.168.1.1:161 1.3.6.1.2.1.1
Thx for information. I just updated the tutorial.