What Are SNMP Community Strings?
What is the SNMP community string? SNMP community strings leverage a user ID or password to access the router or other device information. SNMP community strings are only available with SNMPv1 and SNMPv2c protocols. SNMPv3 requires username/password authentication as well as an encryption key. Many SNMPv1 and v2c devices are shipped with a “public” read-only community string. Most network administrators customize the community strings in the device settings as a best practice.
SNMP Community strings get sent from one device to another alongside a specially formatted GET request known as a protocol data unit, or PDU. If the community string is correct, the polled device responds with the relevant information as a Response PDU.
SNMP community strings are integral to the security of the Simple Network Management Protocol (SNMP) protocol. Moreover, it helps you to hierarchically manage devices on a network. SNMP uses a simple password system to control access to devices, and the passwords involved are known as SNMP community strings.
If you’re just getting familiar with SNMP, then head over to our article on How SNMP Works.
Of course, that’s just a high-level overview. Here’s how it all works in detail.
- Different types of SNMP community strings
- SNMP versions
- How to Find SNMP Credentials
- How to create and configure SNMP community strings
- SNMP string best practices
- How to Confirm an SMMP Community String Is Working
Different Types of SNMP Community Strings
Community strings come in two primary flavors: read-only and read-write.
- Read-only SNMP community strings: These allow you to view information about a device but not make any changes.
- Read-write SNMP community strings: These enable you to view and change information on a device.
SNMP community strings can be anywhere from 1 to 32 characters long. Like most passwords, they’re case-sensitive and can include any combination of letters, numbers, and symbols.
SNMP has undergone a few iterations since its introduction just before the turn of the century. Although the earliest versions, SNMPv1 and SNMPv2, used community strings, they weren’t as secure as the latest SNMPv3. Long story short, their lack of encryption made transmissions more vulnerable despite community strings – so it’s best to stick to SNMPv3 and follow safe password practices.
How to Find SNMP Credentials
The first step in finding SNMP credentials is to check with the hardware manufacturer. They should have documentation that includes the default community strings for their devices.
If you can’t find the information from the manufacturer, you can try looking for it online. There are a few different ways to do this:
- Use a search engine like Google or Bing. Try searching for “[device name] SNMP community string.”
- Check online forums for your device. People often post community strings they’ve used for different devices.
Next, we’ll cover some OS-specific strategies:
You can store SNMP community strings in the “/etc/snmp/snmpd.conf” file. If you’re on an OS that isn’t configured this way for some reason, you can open a terminal and enter the following command:
find /etc -name snmpd.conf
This will search your entire system for the snmpd.conf file. Once you’ve found the file, open it in a text editor – or view it on the command line using the cat command – and look for a line that starts with “rocommunity”. This line will have the read-only community string for your device. To find the read-write community string, look for a line that starts with “rwcommunity.”
Click the appropriate taskbar item to enable the Server Manager. Next, choose the Server Manager tile from the start screen, pick “add Roles and Features,” and navigate to the Features section.
After installing the SNMP service, run the services.msc task after logging in as an administrator. You should see an SNMP Service Properties window pop up – navigate to the Security tab to check the current community string settings under “Accepted community names.”
This should work for Windows 10, Server 2016, and Server 2019, but if you’re using an older version, you’ll have to go through the Windows Key and then navigate to Administrative Tools. You must select the Services option from there to find the SNMP Service Properties window.
How to Create and Configure SNMP Community Strings
How to Configure SNMP Community Strings in Windows
To configure an SNMP community string in Windows, follow the previous instructions to navigate to the SNMP Service Properties window for your OS version. From the Security tab, click the Add button to enter a new community string and choose the appropriate access rights – like READ ONLY or READ WRITE.
How to Configure SNMP Community Strings in Linux
Use your preferred editor to modify the “/etc/snmp/snmpd.conf” file.
To create a new community string, add a line that starts with the appropriate read-only or read-write prefix followed by the community string. For example, to create a read-only community string called “public,” you would add the following line to the snmpd.conf file:
To create a read-write community string, use the “rwcommunity” line instead:
On Red Hat this would be it, but with Ubuntu, you should also modify the “/etc/default/snmpd” file by replacing the following line:
SNMPSDOPTS=‘ -lsd -Lf dev/null -u snmp -p /var/run/snmpd.pid’
SNMPDOPTS=‘ -Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd/pid -c /etc/snmp/snmpd/conf’
After saving and closing the file, restart the SNMP daemon and enable the service with the following commands:
sysv-rc-conf snmpd on
Tip: When you check the snmpd.conf file, you might also notice some commented-out sections (preceded by the ‘#’ character). These comments include several examples, so they’re worth a read.
SNMP String Best Practices
When creating an SNMP community string, there are a few best practices to keep in mind:
- Make the string long and complex. The longer the password is, the more difficult it is to guess.
- Avoid using easily guessed words like “public” or “private.”
- Use a mix of letters, numbers, and symbols.
- Store the string securely, and do not share it with others.
How to Confirm an SMMP Community String Is Working
The easiest way to confirm that an SNMP community string is to try to use it to manage the device. If the string is working, you should be able to view information about the device. If not, you’ll get an error message.