SNMP Community strings – how it works

SNMP community strings
4 min

What Are SNMP Community strings?

Simple Network Management Protocol (SNMP) lets network admins hierarchically manage devices on a network. SNMP uses a simple password system to control access to devices, and the passwords involved are known as SNMP community strings.

If you’re just getting familiar with SNMP, then head over to our article on How SNMP Works.

SNMP Community strings get sent from one device to another alongside a specially formatted GET request known as a protocol data unit, or PDU: If the community string is correct, the polled device responds with the relevant information in the form of a Response PDU. 

Of course, that’s just a high-level overview. Here’s how it all works in detail.

Different Types of SNMP Community Strings

Community strings come in two primary flavors: read-only and read-write. Read-only strings allow a user to view information about a device but not make any changes. Read-write strings will enable a user to view and change information on a device. 

Community strings can be anywhere from 1 to 32 characters long. Like most passwords, they’re case-sensitive and can include any combination of letters, numbers, and symbols.

SNMP Versions

SNMP has undergone a few iterations since its introduction just before the turn of the century. Although the earliest versions, SNMPv1 and SNMPv2, used community strings, they weren’t as secure as the latest SNMPv3. Long story short, their lack of encryption made transmissions more vulnerable despite community strings – so it’s best to stick to SNMPv3 and follow safe password practices.

How to Find SNMP Credentials

The first step in finding SNMP credentials is to check with the hardware manufacturer. They should have documentation that includes the default community strings for their devices. 

If you can’t find the information from the manufacturer, you can try looking for it online. There are a few different ways to do this:

  • Use a search engine like Google or Bing. Try searching for “[device name] SNMP community string.”
  • Check online forums for your device. People often post community strings they’ve used for different devices.

Next, we’ll cover some OS-specific strategies:

Linux

You can store SNMP community strings in the “/etc/snmp/snmpd.conf” file. If you’re on an OS that isn’t configured this way for some reason, you can open a terminal and enter the following command:

find /etc -name snmpd.conf

This will search your entire system for the snmpd.conf file. Once you’ve found the file, open it in a text editor – or view it on the command line using the cat command – and look for a line that starts with “rocommunity”. This line will have the read-only community string for your device. To find the read-write community string, look for a line that starts with “rwcommunity.”

Windows

Click the appropriate taskbar item to enable the Server Manager. Next, choose the Server Manager tile from the start screen, pick “add Roles and Features,” and navigate to the Features section. 

After installing the SNMP service, run the services.msc task after logging in as an administrator. You should see an SNMP Service Properties window pop up – navigate to the Security tab to check the current community string settings under “Accepted community names.”

This should work for Windows 10, Server 2016, and Server 2019, but if you’re using an older version, you’ll have to go through the Windows Key and then navigate to Administrative Tools. From there, you’ll need to select the Services option to find the SNMP Service Properties window. 

How to Create and Configure SNMP Community Strings

How to Configure SNMP Community Strings in Windows

To configure an SNMP community string in Windows, follow the previous instructions to navigate to the SNMP Service Properties window for your OS version. From the Security tab, click the Add button to enter a new community string and choose the appropriate access rights – like READ ONLY or READ WRITE.

How to Configure SNMP Community Strings in Linux

Use your preferred editor to modify the “/etc/snmp/snmpd.conf” file. 

To create a new community string, add a line that starts with the appropriate read-only or read-write prefix followed by the community string. For example, to create a read-only community string called “public,” you would add the following line to the snmpd.conf file:

rocommunity public

To create a read-write community string, use the “rwcommunity” line instead:

rwcommunity private

On Red Hat this would be it, but with Ubuntu, you should also modify the “/etc/default/snmpd” file by replacing the following line:

SNMPSDOPTS=‘ -lsd -Lf dev/null -u snmp -p /var/run/snmpd.pid’

With:

SNMPDOPTS=‘ -Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd/pid -c /etc/snmp/snmpd/conf’

After saving and closing the file, restart the SNMP daemon and enable the service with the following commands:

/etc/init.d/snmpd restart

sysv-rc-conf snmpd on

Tip: When you check the snmpd.conf file, you might also notice some commented-out sections (preceded by the ‘#’ character). These comments include quite a few examples, so they’re worth a read.

SNMP String Best Practices

When creating an SNMP community string, there are a few best practices to keep in mind:

  • Make the string long and complex. The longer the password is, the more difficult it is to guess. 
  • Avoid using easily guessed words like “public” or “private.”
  • Use a mix of letters, numbers, and symbols. 
  • Store the string securely, and do not share it with others. 

How to Confirm an SMMP Community String Is Working

The easiest way to confirm that an SNMP community string is to try to use it to manage the device. If the string is working, you should be able to view information about the device. If not, you’ll get an error message.

Further reading:

Share via Social Networks

You might also like…

Read more top posts in this category

Want more tips on Network Monitoring?

Ready to get started with Domotz?

  • Powerful
  • Automated
  • Simple
  • Affordable
Start Your Free Trial Contact Sales