SNMP Port Number Tutorial with Examples – POFTUT
SNMP Port Number Tutorial with Examples

SNMP Port Number Tutorial with Examples

by

Simple Network Management Protocol aka SNMP is used to monitor and manage devices over the computer networks. SNMP is popularly used to monitor network devices. SNMP protocol communication is done over the SNMP ports which can be different according to operation and security.

SNMP Ports

SNMP uses UDP 161 by default. UDP is an alternative transmission protocol that has some advantages and disadvantages according to the TCP protocol. UDP provides low operation overhead and simplicity according to the TCP. But there are no sessions and transmission control over the packets. This feature makes UDP a perfect SNMP protocol.

  • `SNMP` uses UDP 161 port.
  • `SNMP Trap/Inform` uses UDP 162 port.

Secure SNMP Ports

Security is important for today’s protocols. When SNMP is created the security was not an important topic and SNMP is created without any security mechanism. With the advancement of security, SNMP added some security extensions like encryption. Secure SNMP is defined with the RFC 3114 and RFC 3826. Also, this Secure SNMP uses different ports UDP 10161 and UDP 10162. As we can see they are similar to the UDP 161 and UDP 162.

Change SNMP Port On Ubuntu, Debian, Mint, Kali

On Debian based systems like Ubuntu, Debian, Mint, Kali the SNMP service configuration is stored in the /etc/snmp/snmpd.conf. We can set and change the new port for the SNMP service from this snmpd.conf file. As it is an administrative level configuration we need to edit this file with root privileges by using the nano text editor with sudo command.

LEARN MORE  Windows Netstat Command Tutorial
Change SNMP Port On Ubuntu, Debian, Mint, Kali
Change SNMP Port On Ubuntu, Debian, Mint, Kali

The following line specifies that listen for the only localhost for port number 161.

agentAddress udp:127.0.0.1:161

We can change this to listen to all interfaces for the port 5678 .

agentAddress udp:0.0.0.0:5678

After saving the new configuration in order to make it effective we will restart the snmpd service with the systemctl command like below.

$ sudo systemctl restart snmpd

Check SNMP Port Status

We can also check if it is restarted properly like below. If there is a configuration error it will stop but not start.

$ sudo systemctl status snmpd

We can also use netstat command in order to check whether the new SNMP port is opened like below. -ul simply means list listening UDP ports.

$ netstat -ul

Scan SNMP Ports with Nmap

nmap is a powerful tool that is used to scan networks. We can use nmap in order to identify SNMP services on the given network or hosts. In this example, we will scan two hosts with IP addresses 192.168.142.150 and 192.168.122.1 but we can also use  192.168.142.0/24 in order to scan the whole network.

$ sudo nmap -sU -p 161 192.168.142.150 192.168.122.1
Scan SNMP Ports with Nmap
Scan SNMP Ports with Nmap

From the nmap result, we can see that SNMP ports are open which means the SNMP service is running.

Capture SNMP Port Traffic with Wireshark

Wireshark is used to capture network traffic. We can use Wireshark in order to capture SNMP traffic in the local system. We will use the following filter in order to filter SNMP in the captured traffic. We will use the snmp filter like below.

LEARN MORE  How To Scan Top Ports with Masscan?
Capture SNMP Port Traffic with Wireshark
Capture SNMP Port Traffic with Wireshark

Capture SNMP Port Traffic with Tcpdump

We can use tcpdump command-line tool in order to capture the SNMP port traffic. We will use the -i option in order to specify the port name which wi lo in this case. We will also provide the port number by using port 161 parameter.

$ sudo tcpdump -i lo port 161
Capture SNMP Port Traffic with Tcpdump
Capture SNMP Port Traffic with Tcpdump

Leave a Comment