Simple Network Management Protocol aka SNMP is used to monitor and manage devices over the computer networks. SNMP is popularly used to monitor network devices. SNMP protocol communication is done over the SNMP ports which can be different according to operation and security.
SNMP uses UDP 161 by default. UDP is an alternative transmission protocol that has some advantages and disadvantages according to the TCP protocol. UDP provides low operation overhead and simplicity according to the TCP. But there are no sessions and transmission control over the packets. This feature makes UDP a perfect SNMP protocol.
- `SNMP` uses UDP 161 port.
- `SNMP Trap/Inform` uses UDP 162 port.
Secure SNMP Ports
Security is important for today’s protocols. When SNMP is created the security was not an important topic and SNMP is created without any security mechanism. With the advancement of security, SNMP added some security extensions like encryption. Secure SNMP is defined with the RFC 3114 and RFC 3826. Also, this Secure SNMP uses different ports UDP 10161 and UDP 10162. As we can see they are similar to the UDP 161 and UDP 162.
Change SNMP Port On Ubuntu, Debian, Mint, Kali
On Debian based systems like Ubuntu, Debian, Mint, Kali the SNMP service configuration is stored in the
/etc/snmp/snmpd.conf. We can set and change the new port for the SNMP service from this
snmpd.conf file. As it is an administrative level configuration we need to edit this file with root privileges by using the
nano text editor with
The following line specifies that listen for the only localhost for port number 161.
We can change this to listen to all interfaces for the port 5678 .
After saving the new configuration in order to make it effective we will restart the
snmpd service with the
systemctl command like below.
$ sudo systemctl restart snmpd
Check SNMP Port Status
We can also check if it is restarted properly like below. If there is a configuration error it will stop but not start.
$ sudo systemctl status snmpd
We can also use
netstat command in order to check whether the new SNMP port is opened like below.
-ul simply means list listening UDP ports.
$ netstat -ul
Scan SNMP Ports with Nmap
nmap is a powerful tool that is used to scan networks. We can use nmap in order to identify SNMP services on the given network or hosts. In this example, we will scan two hosts with IP addresses 192.168.142.150 and 192.168.122.1 but we can also use 192.168.142.0/24 in order to scan the whole network.
$ sudo nmap -sU -p 161 192.168.142.150 192.168.122.1
From the nmap result, we can see that SNMP ports are open which means the SNMP service is running.
Capture SNMP Port Traffic with Wireshark
Wireshark is used to capture network traffic. We can use Wireshark in order to capture SNMP traffic in the local system. We will use the following filter in order to filter SNMP in the captured traffic. We will use the
snmp filter like below.
Capture SNMP Port Traffic with Tcpdump
We can use
tcpdump command-line tool in order to capture the SNMP port traffic. We will use the
-i option in order to specify the port name which wi
lo in this case. We will also provide the port number by using
port 161 parameter.
$ sudo tcpdump -i lo port 161