What is an SNMP port and how does it work?

April 17,2021 in  RMM & Networking
by Vanya Petrova

What is an SNMP port? This blog post covers how SNMP ports work including default SNMP port numbers, parameters, statistics of SNMP ports and benefits of SNMP monitoring.

What is SNMP port and how does it work?

What is SNMP?

Simple Network Management Protocol (SNMP) is a set of protocols for network management and monitoring. It is mostly used to monitor devices on a network like firewalls, routers, switches, servers, printers, bridges, NAS drives, UPS, and more. 

This protocol allows devices with different hardware or software to share information with one another. Almost every network device answers SNMP requests. Thanks to SNMP, network management tools have access to information from nearly every device connected to a network. 

In other words, SNMP is a widely used protocol and an essential piece of any network management strategy. As a result, IT administrators use SNMP monitoring to detect and manage devices, gain insights into performance and availability, and ensure the health of their network. 

You can find more information about how SNMP works on our blog.

Learn more about getting started with SNMP and take your MSP to the next level with SNMP.

What is an SNMP port number?

The default SNMP ports for sending commands and messages are:

  • UDP port 161
  • UDP port 162 

How do you know if an SNMP port number is 161 TCP or UDP?

Typically, SNMP uses User Datagram Protocol (UDP) as its transport protocol. 

SNMP ports are utilized via UDP 161 for SNMP Managers communicating with SNMP Agents (i.e. polling) and UDP 162 when agents send unsolicited SNMP traps to the SNMP Manager.

However, SNMP can also run over Transmission Control Protocol (TCP), Ethernet, IPX, and other protocols. 

In conclusion, SNMP can be implemented over both protocols, UDP and TCP, via LAN but SNMP packets are typically sent over UDP.

Let’s look at the differences between TCP and UDP:

Users can use both protocols, TCP and UDP, in combination with the Internet Protocol to facilitate the transmission of datagrams from one computer to applications on another computer.

  • TCP is a connection-oriented protocol that requires a logical connection to be established between the two processes before data is exchanged. This protocol guarantees delivery of data and that packets will be delivered in the same order in which they were sent. Guaranteed communication and delivery is the key difference between TCP and UDP.

Examples of services that use connection-oriented transport services are telnet, rlogin, ssh, and ftp.

  • UDP is a connectionless protocol that allows data to be exchanged without setting up a link between processes.  This protocol does not guarantee reliable communication because it assumes that error-checking and recovery services are not required. UDP may not have all the functionality of TCP but it’s faster and this makes it actually better for some applications.

Examples of applications that use connectionless transport services are broadcasting, time-sensitive applications, such as audio/video streaming, real time gaming, and tftp

Here is a full list of TCP and UDP port numbers

How do SNMP ports work?

All SNMP messages are sent and received between two entities: servers, called managers and clients, called agents

  • SNMP manager is a centralized system used to communicate with the SNMP agent implemented within network devices.
  • SNMP agent is any type of device or device component connected to the network such as computers, printers, phones, and network switches. 

Usually, the SNMP manager in the network is installed on the managing entity. The SNMP agents are typically installed on the managed devices.

Here is how the process works:

  • The SNMP manager at the head of your system sends commands down to a network device, or SNMP agent, using destination port 161.
  • When the agent wants to report something or respond to a command, the agent will send an SNMP trap on port 162 to the SNMP manager. 

How the SNMP process works

There are two methodologies of how the SNMP Manager can interact with the SNMP Agent:

1) Request/Response:

  • The Manager sends requests to Agent’s UDP Port 161.
  • Each of the requests sends one SNMP command (GET, GETNEXT, GETBULK, SET, etc) with the specified OID.

2) Trap (unsolicited events):

  • This communication is initiated by the SNMP Agent who sends events in the form of SNMP Command (TRAPS or INFORM) to the SNMP Manager’s port 162.
  • The SNMP Agent must be previously configured to let it know which is the SNMP Manager.

To sum up, SNMP uses the UDP port 161 of the SNMP Agent for sending and receiving requests, and port 162 of the SNMP Manager for receiving traps from managed devices. 

Every device that implements SNMP must use these port numbers as the defaults. These two ports are the same in all versions of SNMP, since SNMP v1. However, even though not very common, some vendors allow you to change the default ports in the agent’s configuration.

Why is SNMP monitoring important? 

The primary use of SNMP monitoring is to exchange management information between network devices. IT administrators usually use a variety of SNMP commands to monitor and configure devices, change settings and report back to the monitoring systems.

An SNMP monitoring and management system helps MSPs and service providers to:

  • Automatically discover, monitor, and manage network devices.
  • Monitor key performance metrics at the device and interface level.
  • Obtain complete visibility and granularity into the performance of network devices.
  • Configure threshold limits and generate alerts in case of anomalies.

Admins can track the availability and performance of SNMP network devices to maintain their network’s health, based on the insights provided by the SNMP monitoring.

How MSPs and service providers can benefit from SNMP service monitoring? 

SNMP can be used in any sized network, but it’s best for larger networks, where its benefits are most obvious.

Thanks to SNMP, MSPs can monitor important properties of the devices in their networks. A network monitoring system like Domotz can be exploited to continuously check these properties and provide features like historical data visualization and alerting.

With SNMP and TCP Service Monitoring, you can manage any SNMP (v1, v2, v3) OID values or availability of TCP Service on any port. 

Examples of how MSPs can use SNMP monitoring provided by Domotz:

  • SNMP Suggested OiD and MIB browsing/search

Domotz has stored more than 2300 different publicly available MIBs so that users can easily search for OiD to be monitored through SNMP. A simple to use search engine helps the Domotz user to identify all the available OiD sensors that can be monitored on every device supporting SNMP. The library of available MIBs is in continuous evolution, and every user can contribute to its growth.

  • SNMP OiD sensor history

Data collected through SNMP, are represented with historical values (either graphs for numbers or lists for text fields).

With SNMP, administrators of large networks don’t need to waste valuable time and resources manually logging into hundreds, or potentially thousands, of nodes. Combined with a network monitoring software, SNMP lets you view, monitor, and manage the nodes via one interface.  

Further reading:

Illustration from Markus Spiske