Since the introduction of the Simple Network Management Protocol (SNMP) data, SNMP has played an important role in measuring network performance. Modern manufacturers create SNMP-enabled devices of all shapes and sizes that enterprises can use to monitor IT systems.
One of the ways to collect information from SNMP-enabled devices is with a snmpwalk command. In this article, we’re going to look at how to use snmpwalk, but first, let’s look at what SNMP is.
What is SNMP and How Does It Work?
SNMP is an application-layer protocol that provides a framework for different devices to share information. A component called an SNMP Manager polls SNMP agents (SNMP-enabled devices on the network) to obtain performance data from the device’s Management Information Database (MIB).
The MIB is essentially a database that records information about the hardware and contains MIB files, which the SNMP manager can query. When using SNMP, a manager sends a request for information to the SNMP agent, which collects information from the local MIB and sends it to the manager.
Once the information reaches the manager, it is then converted and sent to a Network Management System (NMS), a software agent such as a network monitoring tool that enables a human user to analyze performance trends.
There are multiple types of queries managers can use to poll SNMP agents for information but the most common ones are the GET or GET-NEXT commands. A GET request includes the hostname of the agent and one or more Object Identifiers (OID) to collect specific information from the MIB. The GET-Next command does the same but collects data from the next OID in the tree.
What is snmpwalk?
snmpwalk is an SNMP application or command that issues multiple GET-NEXT commands to OIDs. Essentially, a user issues the snmpwalk command to the root node of the sub-tree and then the manager starts collecting data from all the OIDs in that sub-tree.
Knowing how to use the snmpwalk command is useful because you can collect data from many different OIDs, which all tell you something different about the performance of a device.
Some network administrators use snmpwalk to collect data from lots of different OIDs efficiently with a single command, rather than having to poll all OIDs manually with the GET command.
How to Install snmpwalk on Windows
Before we look at snmpwalk examples we must first install snmpwalk. The process is different depending on what OS you’re using. On Windows you can install snmpwalk by following these steps:
- Download the tool.
- Now extract the SNMPwalk software from the archive.
- Open the command prompt.
- Find the snmpwalk.exe file and drag it into the command prompt window.
Snmpwalk Examples
To use the snmpwalk command all you have to do is enter the command alongside your chosen parameters. For example, you can specify what version of SNMP you want to use to poll a device. Below, we’re going to look at some of the snmpwalk parameters you can use:
Some of the parameters we’re going to use in our snmpwalk examples are as follows:
- -Os shows the last symbolic element of the OID.
- -c sets the community string.
- -v determines what SNMP version is used.
The range of parameters available means there are many ways to use the command. The simplest option would be to specify the SNMP version, community string (whether public or private), and IP address you want to poll. You can run an snmpwalk with those parameters by entering the following:
snmpwalk -v 2c -c public localhost
The command will start walking and will list all existing OIDs on the network. Once you have a list of all OIDs you can use an alternative command to filter and search for particular OIDs. Simply add the OID you want to monitor to the command below:
snmpwalk -v 2c -c public localhost iso.3.6.1.2.1.1.6.0
Alternatively, you can use the SNMP walk command to filter by IP address and verify an individual device’s availability. To test a device’s availability you would enter the following (changing the IP address for the address of the device you want to reach):
Snmpwalk -Os -c public -v 2c 177.145.1.1
Snmpwalk Examples: Output or Timeout
Once you’ve entered a snmpwalk command the output you get depends on whether the connection was successful. If the connection was successful you will see lots of OID output generated, but if there was a problem you will see a timeout message like the one shown below:
Timeout: No Response from 177.145.1.1
If that message comes up it will be because of a timeout, a firewall/ACL blocking the connection or an incorrect community string. Whenever you receive an error message double-check to make sure the community string you entered was correct before investigating further to identify the root cause.
It’s important to note that the snmpwalk command can fail if there’s latency on the network. There are two main ways to combat this: by setting a new timeout (-t) and default retry count (-r).
Setting a new timeout will change the default value to determine how long the snmpwalk command will wait for a response from the polled systems. Similarly, setting a retry count will resend the request once a specific timeout value is reached.
You can use the timeout and default retry settings together. Setting a timeout of 10 seconds, and then a retry count of 1, will instruct the command to try again after 10 seconds without a response, leading to a total timeout of 20 seconds. You can set a new timeout and retry count with the -t and -r option shown below:
snmpwalk -r 1 -t 10 -v 2c -c public localhost iso.3.6.1.2.1.1.6.0
How to Read OIDs
As mentioned above, SNMP-enabled devices store performance data in a MIB, which contains a tree of nodes, each denoted by an OID. The typical format of an OID is shown below:
1.3.6.1.4.1.2682.1.4.5.1.1.99.1.1.6
While exact OID formats vary, most OIDs share a common format of starting with 1.3.6.1.4.1. These numbers refer to:
1 – iso – International Organization for Standardization (ISO)
.3 – org – Organizations according to ISO/IEC 6523-2
.6 – dod – US Department of Defense (DOD)
.1 – internet – Internet protocol
.4 -private – Device manufactured by a private company
.1 enterprise – Device manufacturer is an enterprise
The longer number 2682 is the device manufacturer number, which denotes a particular device manufacturer. After that, the rest of the numbers denote individual objects. The first half of the OID is taken from the RFC MIB standard, and the second half is supplied by the manufacturer.
snmpwalk vs SNMP Monitors
If you want to check up on the status of SNMP devices then using the Snmpwalk command is a good place to start. The snmpwalk examples we’ve used above are basic but they give you an idea of some of the ways you can use the command to collect data from your network.
The command will walk you through sub-trees so that you can take information from devices without having to enter lots of Get-Next requests, but the command line’s text dump output isn’t the most convenient way to monitor lots of devices.
In many cases, it is much more convenient to use an SNMP monitoring tool like SNMP Tester from Paessler to monitor performance as you have access to visual displays like tables, graphs, and charts, which make it easier to make sense of the information you’ve collected with a GUI.
Snmpwalk: Useful, but not always convenient!
Snmpwalk is a useful tool for collecting OID data from network devices. Reading up on some of the basic command parameters and how OIDs work will help you to navigate the snmpwalk output more easily, particularly if your device vendor doesn’t provide the necessary MIB data.
At the same time, it’s’ worth remembering that you can always simplify the process of running snmpwalk by using an SNMP monitoring tool like Paessler PRTG Network Monitor. SNMP monitoring software provides a convenient alternative to users who prefer monitoring through a GUI.