Skip to main content

SNMP Scanner Reference

This document provides a comprehensive reference for the Simple Network Management Protocol (SNMP) scanner used in NopeSight v3 network discovery. The SNMP scanner discovers and monitors network devices such as routers, switches, firewalls, printers, and other SNMP-enabled equipment.

Overview

The SNMP scanner (snmp_scanner.py) is the primary method for discovering network infrastructure devices that support SNMP. It uses SNMP protocol to gather comprehensive information about network devices, their configurations, interfaces, and relationships. The scanner supports SNMP v1, v2c, and v3 with full security features.

Network Ports and Protocols

SNMP Communication

  • Port 161 (UDP) - SNMP agent (required)
  • Port 162 (UDP) - SNMP trap notifications (optional)
  • Protocol - Simple Network Management Protocol over UDP
  • Versions - SNMPv1, SNMPv2c, SNMPv3

Discovery Trigger

The SNMP scanner is automatically triggered when:

  • Port 161 (UDP) is detected as open during network scanning
  • Manual SNMP target is configured with credentials
  • Device responds to SNMP community string probes

Authentication Requirements

SNMP v1 and v2c

Simple community-based authentication:

Community Strings

  • Read Community - For read-only access (default: "public")
  • Write Community - For read-write access (if needed)
  • Security Level - Community string transmitted in clear text

Best Practices

  • Change default community strings
  • Use complex community strings
  • Restrict SNMP access by IP address
  • Consider upgrading to SNMPv3 for security

SNMP v3

Enhanced security with user-based authentication:

Security Levels

  • noAuthNoPriv - No authentication, no encryption
  • authNoPriv - Authentication, no encryption
  • authPriv - Authentication and encryption (recommended)

Authentication Protocols

  • MD5 - Message Digest 5 (128-bit)
  • SHA - Secure Hash Algorithm (160-bit)
  • SHA-224 - SHA-2 (224-bit)
  • SHA-256 - SHA-2 (256-bit)
  • SHA-384 - SHA-2 (384-bit)
  • SHA-512 - SHA-2 (512-bit)

Privacy (Encryption) Protocols

  • DES - Data Encryption Standard (56-bit)
  • 3DES - Triple DES (168-bit)
  • AES - Advanced Encryption Standard (128-bit)
  • AES-192 - AES (192-bit)
  • AES-256 - AES (256-bit)

Authentication Flow

  1. Discovery - Detect SNMP-enabled devices
  2. Version Negotiation - Determine supported SNMP version
  3. Authentication - Validate credentials
  4. Data Collection - Query device MIBs
  5. Session Closure - Clean up connection

Data Collection Overview

Standard MIB-II Information

The scanner collects data from standard Management Information Bases (MIBs):

System Information (MIB-II)
├── System Description
├── System Object ID
├── System Uptime
├── System Contact
├── System Name
└── System Location

Interfaces (IF-MIB)
├── Interface Index
├── Interface Description
├── Interface Type
├── Interface Speed
├── Interface Status
└── IP Addresses

Network Tables
├── ARP Table
├── Routing Table
└── Connection Table

System Information

Basic System Data

  • System Description (sysDescr)

    • Hardware and software description
    • Operating system version
    • Firmware information

  • System Object ID (sysObjectID)

    • Unique vendor/device identifier
    • Used for device type detection

  • System Uptime (sysUpTime)

    • Time since last reboot
    • In hundredths of seconds

  • Administrative Information

    • System contact person
    • System name (hostname)
    • Physical location

Device Classification

The scanner automatically classifies devices based on:

  • System Object ID patterns
  • System description keywords
  • Vendor-specific identifiers

Supported Device Types

  • Network Devices

    • Routers
    • Switches (Layer 2/3)
    • Firewalls
    • Load balancers
    • Wireless access points

  • Infrastructure Devices

    • UPS systems
    • Environmental monitors
    • Power distribution units

  • End Devices

    • Printers and MFPs
    • IP phones
    • Storage systems
    • Servers with SNMP agents

Interface Discovery

Interface Properties

  • Interface Identification

    • Interface index number
    • Interface description/name
    • Interface type (Ethernet, Serial, etc.)
    • MAC address (if applicable)

  • Interface Configuration

    • MTU (Maximum Transmission Unit)
    • Speed (bits per second)
    • Duplex mode
    • VLAN assignments

Interface Status

  • Administrative Status

    • Up - Enabled by administrator
    • Down - Disabled by administrator
    • Testing - In test mode

  • Operational Status

    • Up - Functioning normally
    • Down - Not operational
    • Unknown - Status cannot be determined

IP Address Information

  • IPv4 Addresses

    • IP address
    • Subnet mask
    • Interface association

  • IPv6 Addresses (if supported)

    • IPv6 address
    • Prefix length
    • Address type

Network Relationship Discovery

ARP Table Analysis

Discovers directly connected devices:

  • ARP Entries
    • Neighbor IP addresses
    • MAC addresses
    • Interface associations
    • Entry types (dynamic/static)

Routing Table Analysis

Maps network paths and gateways:

  • Route Entries
    • Destination networks
    • Next hop gateways
    • Route metrics
    • Route types (direct/indirect)

Relationship Types Created

  • Connected To - Direct layer 2 adjacency
  • Routes To - Layer 3 routing relationship
  • Member Of - VLAN/subnet membership

Vendor-Specific Information

Cisco Devices

When Cisco equipment is detected:

  • Additional OIDs
    • CPU utilization (5-minute average)
    • Memory usage statistics
    • Temperature readings
    • Power supply status
    • Model and serial numbers

HP/Aruba Devices

  • Switch stack information
  • PoE (Power over Ethernet) status
  • Port security violations

Printer Devices

  • Toner/ink levels
  • Page counters
  • Error conditions
  • Supply status

OID Catalog System

Catalog Overview

NopeSight maintains a centralized OID catalog that:

  • Defines thousands of standard and vendor OIDs
  • Maps numeric OIDs to human-readable names
  • Provides device-specific profiles
  • Updates automatically via scheduled sync

Catalog Synchronization

  • Frequency - Daily automatic sync
  • Storage Location - %LOCALAPPDATA%\NopesightScanner\cache\
  • Fallback - Uses cached catalog if sync fails
  • Shared Resource - All agents share the same catalog

Unknown Devices

When encountering devices without catalog entries:

Discovery Behavior

  1. Basic Collection - Gathers standard MIB-II data
  2. Pattern Matching - Attempts device type detection
  3. Generic Profile - Uses default network device profile
  4. Full OID Walk - Optionally walks entire MIB tree

Backend Processing

  • Creates "Unknown Network Device" CI type
  • Stores raw OID data for analysis
  • Flags for manual classification
  • AI attempts to identify device type

Adding Device Support

Automatic Pending Device Creation

When an unknown device is discovered:

  1. Automatic Recording - Device information saved to pending queue
  2. Occurrence Tracking - System tracks how many times device type seen
  3. Priority Calculation - More occurrences = higher review priority
  4. OID Collection - All discovered OIDs stored for analysis

Manual Profile Creation

  1. Navigate to Settings → Discovery → SNMP Pending Devices
  2. Review devices sorted by priority (occurrence count)
  3. Select device to view discovered OIDs
  4. Approve and create profile with:
    • Device type classification
    • Vendor and model information
    • Supported OIDs selection
    • Detection rules (sysObjectID patterns)
  5. Bulk approve similar devices with same sysObjectID

API Endpoints for Pending Devices

  • GET /api/snmp/pending-devices - List pending devices
  • GET /api/snmp/pending-devices/stats - Statistics and top vendors
  • GET /api/snmp/pending-devices/{id} - Get specific device details
  • POST /api/snmp/pending-devices/{id}/approve - Approve and create profile
  • POST /api/snmp/pending-devices/{id}/reject - Reject device
  • POST /api/snmp/pending-devices/bulk-approve - Approve multiple devices

Performance Considerations

Scan Performance Metrics

  • Typical Scan Time - 5-30 seconds per device
  • Timeout Settings - 5 seconds default (configurable)
  • Retry Attempts - 2 retries on timeout
  • Bulk Operations - Uses SNMP GETBULK when supported

Best Practices

  • Community String Security - Use SNMPv3 when possible
  • Access Control Lists - Restrict SNMP by source IP
  • Timeout Tuning - Adjust for slow networks
  • Selective OID Queries - Only query needed OIDs
  • Bulk Scanning - Group devices by location

Network Impact

  • Bandwidth Usage - Minimal (typically < 100KB per device)
  • UDP Traffic - Small packets, no connection overhead
  • Device CPU Impact - Negligible on modern devices
  • Polling Frequency - Respect device capabilities

Security Considerations

SNMP v1/v2c Risks

  • Clear Text - Community strings transmitted unencrypted
  • No Authentication - Only community string validation
  • Replay Attacks - No protection against packet replay
  • Spoofing - Source address can be forged

SNMP v3 Security Features

  • User Authentication - Username/password with hashing
  • Message Encryption - Protects data confidentiality
  • Message Integrity - Prevents tampering
  • Timeliness Checks - Prevents replay attacks

Security Best Practices

  • Use SNMPv3 - Whenever device supports it
  • Strong Passwords - Complex authentication passwords
  • Encryption - Enable privacy protocols
  • Read-Only Access - Scanner only needs read access
  • Firewall Rules - Restrict SNMP to management network
  • Disable Unused - Turn off SNMP on non-managed devices

Error Handling

Common Error Scenarios

No Response

  • Cause - Device unreachable or SNMP disabled
  • Solution - Verify network connectivity and SNMP configuration
  • Logging - Marked as "No SNMP response"

Authentication Failed

  • SNMPv1/v2c - Incorrect community string
  • SNMPv3 - Wrong username/password or protocols
  • Solution - Verify credentials in device configuration

Timeout Errors

  • Cause - Network latency or device overload
  • Solution - Increase timeout value or reduce query frequency
  • Adaptive - Scanner adjusts timeouts automatically

Partial Data Collection

  • Cause - Some OIDs not supported by device
  • Behavior - Continues with available data
  • Result - Creates CI with partial information

Integration with NopeSight

Data Processing Pipeline

  1. Discovery Trigger - Port 161 UDP detected or manual config
  2. SNMP Connection - Establish SNMP session
  3. Data Collection - Query device MIBs
  4. Data Upload - Send to NopeSight platform
  5. Processing - SNMP processor creates CIs
  6. Classification - AI determines device role
  7. Relationship Mapping - Build network topology

CI Types Created

  • Router - Layer 3 routing devices
  • Switch - Layer 2/3 switching devices
  • Firewall - Security appliances
  • Printer - Network printers and MFPs
  • UPS - Uninterruptible power supplies
  • Network Device - Generic/unknown devices
  • Wireless AP - Wireless access points
  • Load Balancer - Application delivery controllers

Custom Fields Added

  • SNMP Version - v1, v2c, or v3 used
  • System OID - Vendor device identifier
  • Uptime - Device availability tracking
  • Interface Count - Number of interfaces
  • Device Type - Classified device category

Relationship Discovery

  • Network Topology - Layer 2 and 3 connectivity
  • Dependency Mapping - Device interdependencies
  • Traffic Paths - Routing relationships
  • Redundancy Detection - Backup path identification

Managing Device Profiles

OID Management Interface

Access via NopeSight web interface:

  • Path - Settings → Discovery → SNMP OIDs
  • Features - Add, edit, delete OID definitions
  • Bulk Import - Upload MIB files

Device Profile Management

  • Path - Settings → Discovery → SNMP Device Profiles
  • Profile Contents
    • Device detection rules
    • Custom OID collections
    • Relationship discovery OIDs
    • Performance thresholds

Creating Custom Profiles

  1. Identify device sysObjectID
  2. Document vendor-specific OIDs
  3. Define detection rules
  4. Map OIDs to CI attributes
  5. Test with actual device

Benefits

Network Visibility

  • Complete Topology - Discover all SNMP devices
  • Real-time Status - Current device state
  • Interface Mapping - Port-level visibility
  • Relationship Discovery - Understand connections

Operational Benefits

  • Automated Discovery - No manual documentation
  • Change Detection - Track configuration changes
  • Capacity Planning - Monitor resource usage
  • Troubleshooting - Quickly identify issues

Compliance and Security

  • Asset Inventory - Complete device listing
  • Configuration Tracking - Detect unauthorized changes
  • Network Segmentation - Verify security zones
  • Access Control - Monitor device accessibility

Integration Benefits

  • Unified Platform - Single source of truth
  • AI Analysis - Intelligent insights
  • Automated Workflows - Trigger actions on changes
  • Reporting - Comprehensive network reports

This comprehensive reference provides the information needed to understand and utilize SNMP scanning for complete network infrastructure discovery and management.