SNMP GETNEXT command#
The snmpwalk.py tool implements SNMP GETNEXT command generator. Its usage is tightly aligned with its Net-SNMP prototype.
Command line syntax is as follows:
snmpwalk.py [options] <peer-address> <mib-object [mib-object […]]>
Options always start with dash (-), other parameters are positional.
Options can be categorized by the part they are tackling e.g.
SNMP GETNEXT command specifics
Past these named options, mandatory positional parameters follow:
Protocol options#
The following options have direct influence on SNMP engine operation.
SNMP version#
The -v option specifies SNMP version to be used:
1 - SNMP version 1
2c - SNMP version 2c
3 - SNMP version 3
SNMP community#
The -c option sets SNMP v1/v2c community name. It serves like a shared secret and identification token between SNMP parties.
Note
The community name is never encrypted on the wire so it’s highly insecure. This is the sole reason why SNMP is sometimes jokingly referred to as Security – Not My Problem.
SNMPv3 USM security name#
The -u option sets SNMP user name to the User Security Module subsystem. This is a string from 1 to 32 octets of length. Should be configured in the same way at both SNMP entities trying to communicate.
SNMPv3 USM security level#
The -l option configures authentication and encryption features to be used. In SNMP parlance this is known as Security Level. Valid values are:
noAuthNoPriv - no authentication and no encryption
authNoPriv - use authentication but no encryption
authPriv - use both authentication and encryption
SNMPv3 authentication protocol#
SNMPv3 messages can be authenticated. The following authentication protocols can be chosen via the -a option:
ID |
Algorithm |
Reference |
NONE |
RFC3414 |
|
MD5 |
HMAC MD5 |
RFC3414 |
SHA |
HMAC SHA-1 128 |
RFC3414 |
SHA224 |
HMAC SHA-2 224 |
RFC7860 |
SHA256 |
HMAC SHA-2 256 |
RFC7860 |
SHA384 |
HMAC SHA-2 384 |
RFC7860 |
SHA512 |
HMAC SHA-2 512 |
RFC7860 |
SNMPv3 authentication key#
SNMPv3 message authentication involves a shared secret key known to both SNMP parties engaged in message exchange. This secret authentication key (AKA as passphrase) can be conveyed via the -A option.
Note
SNMP authentication key must be at least eight octets long.
SNMPv3 encryption protocol#
SNMPv3 messages can be encrypted (AKA as privacy). The following encryption protocols can be chosen via the -x option:
ID |
Algorithm |
Reference |
NONE |
RFC3414 |
|
DES |
DES |
RFC3414 |
AES |
AES CFB 128 |
RFC3826 |
AES192 |
AES CFB 192 |
RFC Draft |
AES256 |
AES CFB 256 |
RFC Draft |
AES192BLMT |
AES CFB 192 Blumenthal |
RFC Draft |
AES256BLMT |
AES CFB 256 Blumenthal |
RFC Draft |
3DES |
Triple DES EDE |
RFC Draft |
SNMPv3 encryption key#
SNMPv3 message encryption involves a shared secret key known to both SNMP parties engaged in message exchange. This secret encryption key (AKA as passphrase) can be conveyed via the -A option.
Note
SNMP encryption (e.g. privacy) key must be at least eight octets long.
SNMPv3 context engine ID#
The -E option sets the context engineID used for SNMPv3 REQUEST messages scopedPdu, given as a hexadecimal string. If not specified, this will default to the authoritative engineID.
SNMPv3 security engine ID#
The -e option sets the authoritative (security) engineID used for SNMPv3 REQUEST messages, given as a hexadecimal string. It is typically not necessary to specify engine ID, as it will usually be discovered automatically, unless master or localized USM keys are used.
SNMPv3 context name#
The -n option sets the SNMPv3 context name to SNMPv3 REQUEST messages. The default is the empty string. SNMP context name is used to address a specific instance of SNMP managed objects behind a single SNMP agent.
SNMPv3 engine boots and time#
The -Z option sets SNMP engine boot counter and its timeline values to SNMPv3 REQUEST message. These values are used for message authentication. It is typically not necessary to specify this option, as these values will usually be discovered automatically.
SNMPv3 USM master and localized keys#
The -3[MmKk] set of options allow for specifying master or localized keys for given USM user instead of pass phrase (via -A and -X options respectively).
-3m key - adds master authentication key (hashed passphrase or password) for USM security name
-3M key - adds master privacy key (hashed passphrase) for USM security name
-3k key - adds localized authentication key (passphrase hashed with security SNMP engine ID) for USM security name and SNMP security engine ID
-3K key - adds localized privacy key (passphrase hashed with security SNMP engine ID) for USM security name and SNMP security engine ID
The key argument could be an ASCII string or a hexadecimal string (if it starts with 0x prefix).
Regular pass-phrase, master and localized keys can be used together in any combination.
See RFC 3414#section-2.6 for more information on key localization algorithm.
Note
Using any of -3[kKMm] options effectively inactivate USM key localization mechanism. As a consequence, local SNMP engine configuration won’t get automatically populated with remote SNMP engine’s securityEngineId.
Therefore authoritative security SNMP engine ID should be specified along with -3[kKMm] options (via -e option).
Otherwise, the magic securityEngineId value of five zeros (0x0000000000) will be added to local configuration automatically to refer to the localized keys that should be used with any unknown authoritative SNMP engine.
MIB options#
Pre-load MIBs#
You may want to pre-load some of the MIB modules to let the snmpwalk.py tool rendering SNMP responses in a more meaningful way.
The -m option specifies a colon separated list of MIB modules (not files) to load. The snmpwalk.py tool will first try to find pre-compiled pysnmp MIB files (by default in ~/.pysnmp/mibs in UNIX), then try to find required ASN.1 MIB file on local filesystem or on Web (by default it will look it up at https://mibs.pysnmp.com/asn1/). If ASN.1 MIB file is found, it will be compiled into pysnmp form and cached for future use.
The special keyword ALL is used to load all pre-compiled pysnmp MIB modules in the MIB directory search list.
MIB files search path#
The -M option specifies a colon separated list of local directories and/or URLs pointing to remote HTTP/FTP servers where to search for MIBs.
Note
Default MIB search path is https://mibs.pysnmp.com/asn1/
Input options#
The following one-letter options following the -I option modify the way how snmpwalk.py tool processes its input.
Interpret DISPLAY-HINT#
The -Ih option disables snmpwalk.py’s attempt to parse input value or index as a DISPLAY-HINT-rendered value.
Output options#
The following one-letter options following the -O option modify snmpwalk.py tool’s output.
Equal sign and type information#
The -Oq option removes the equal sign (=) and SNMP value type information from the variable-binding being reported on stdout.
$ snmpget -v2c -c public -Oq demo.pysnmp.com sysDescr.0
SNMPv2-MIB::sysDescr.0 Linux zeus 4.8.6.5-smp #2 SMP Sun Nov 13 14:58:11 CDT 2016 i686
$
$ snmpget -v2c -c public demo.pysnmp.com sysDescr.0
SNMPv2-MIB::sysDescr.0 = DisplayString: Linux zeus 4.8.6.5-smp #2 SMP Sun Nov 13 14:58:11 CDT 2016 i686
Type information#
The -OQ option removes the SNMP value type information from the variable-binding being reported on stdout.
$ snmpget -v2c -c public -OQ demo.pysnmp.com sysDescr.0
SNMPv2-MIB::sysDescr.0 = Linux zeus 4.8.6.5-smp #2 SMP Sun Nov 13 14:58:11 CDT 2016 i686
$
$ snmpget -v2c -c public demo.pysnmp.com sysDescr.0
SNMPv2-MIB::sysDescr.0 = DisplayString: Linux zeus 4.8.6.5-smp #2 SMP Sun Nov 13 14:58:11 CDT 2016 i686
Managed object path#
The -Of option prints out the full path of the managed object in the MIB tree rather than MIB name and MIB object name (the default).
$ snmpget -v2c -c public -Of demo.pysnmp.com sysDescr.0
iso.org.dod.internet.mgmt.mib-2.system.sysDescr.0 = DisplayString: Linux zeus 4.8.6.5-smp #2 SMP Sun Nov 13 14:58:11 CDT 2016 i686
Managed object name#
The -Os option prints out just managed object name (excluding MIB name) rather than MIB name and MIB object name (the default).
$ snmpget -v2c -c public -Os demo.pysnmp.com sysDescr.0
sysDescr.0 = DisplayString: Linux zeus 4.8.6.5-smp #2 SMP Sun Nov 13 14:58:11 CDT 2016 i686
Raw OID#
The -On option prints out the raw object identifier (OID) rather than human friendly MIB object name:
$ snmpget -v2c -c public -On demo.pysnmp.com sysDescr.0
1.3.6.1.2.1.1.1.0 = DisplayString: Linux zeus 4.8.6.5-smp #2 SMP Sun Nov 13 14:58:11 CDT 2016 i686
Numeric enumerations#
The -Oe option disables symbolic labels rendering for the enumeration values:
$ snmpget -v2c -c public -On demo.pysnmp.com IF-MIB::ifAdminStatus.1
1.3.6.1.2.1.2.2.1.7.1 = Integer32: 'up'
$
$ snmpget -v2c -c public -Oe demo.pysnmp.com IF-MIB::ifAdminStatus.1
IF-MIB::ifAdminStatus."1" = Integer32: 1
Break down table index#
The -Ob option disables interpreting SNMP table indices and renders just raw OID instead:
$ snmpget -v2c -c public -Ob demo.pysnmp.com TCP-MIB::tcpConnState."195.218.254.105"."45632"."10.105.41.179"."3389"
TCP-MIB::tcpConnState.195.218.254.105.45632.10.105.41.179.3389 = Integer32: 'established'
$
$ snmpget -v2c -c public demo.pysnmp.com TCP-MIB::tcpConnState."195.218.254.105"."45632"."10.105.41.179"."3389"
TCP-MIB::tcpConnState."195.218.254.105"."45632"."10.105.41.179"."3389" = Integer32: 'established'
Escape table index quotes#
The -OE includes extra escaped quotes surrounding SNMP table index parts. This can be useful when UNIX shell is in the processing pipeline.
$ snmpget -v2c -c public -OE demo.pysnmp.com TCP-MIB::tcpConnState."195.218.254.105"."45632"."10.105.41.179"."3389"
TCP-MIB::tcpConnState.\"195.218.254.105\".\"45632\".\"10.105.41.179\".\"3389\" = Integer32: 'established'
Brackets around table indices#
The -OX option surrounds SNMP table index parts with square brackets instead of quotes (default):
$ snmpget -v2c -c public -OX demo.pysnmp.com TCP-MIB::tcpConnState."195.218.254.105"."45632"."10.105.41.179"."3389"
TCP-MIB::tcpConnState.[195.218.254.105].[45632].[10.105.41.179].[3389] = Integer32: 'established'
Hexified values#
The -OT option ensures that rendered values are always in hex:
$ snmpget -v2c -c public -OT demo.pysnmp.com sysName.0
SNMPv2-MIB::sysName.0 = DisplayString: 6e 65 77 20 73 79 73 74 65 6d 20 6e 61 6d 65
$
$ snmpget -v2c -c public demo.pysnmp.com sysName.0
SNMPv2-MIB::sysName.0 = DisplayString: new system name
Rendering just values#
The -Ov option removes managed object name from the rendered output:
$ snmpget -v2c -c public -Ov demo.pysnmp.com sysName.0
DisplayString: new system name
Units rendering#
The -OU option disables units rendering:
$ snmpget -v2c -c public demo.pysnmp.com TCP-MIB::tcpRtoMin.0
TCP-MIB::tcpRtoMin.0 = Integer32: 200 milliseconds
$
$ snmpget -v2c -c public -OU demo.pysnmp.com TCP-MIB::tcpRtoMin.0
TCP-MIB::tcpRtoMin.0 = Integer32: 200
Raw timeticks#
The -Ot option disables TimeTicks values interpretation so that raw values get rendered:
$ snmpget -v2c -c public -Ot demo.pysnmp.com SNMPv2-MIB::sysORLastChange.0
SNMPv2-MIB::sysORLastChange.0 = TimeStamp: 143145968
$
$ snmpget -v2c -c public demo.pysnmp.com SNMPv2-MIB::sysORLastChange.0
SNMPv2-MIB::sysORLastChange.0 = TimeStamp: 16 days 13:37:44.82
Network options#
Maximum retries#
The -r option specifies how many times the snmpwalk.py tool should retry sending the same request packet till it gives up and reports failure. The value of zero means that just a single (initial) request will be send. The default value is 5.
Response timeout#
The -t option specifies how many seconds the snmpwalk.py tool should wait for the initial request and for each retry to produce any response. Once the timeout is reached, the snmpwalk.py tool will either send a retry or fail. Default is one second.
GETNEXT options#
The following one-letter options following the -C option modify the way how snmpwalk.py tool behaves. These options are mostly specific to snmpwalk.py’s operation logic.
Ensure increasing OIDs#
The -Cc option disables the built-in check for ever increasing response OIDs. SNMP agent returning an out-of-order OID may cause infinite loop between SNMP agent and SNMP manager walking it.
Report time taken#
The -Ct option makes snmpwalk.py reporting wall-clock time taken to complete SNMP agent walk.
Report responses count#
The -Cp option makes snmpwalk.py reporting the total count of fetched and reported MIB objects during its walk.
Debugging options#
Release information#
The -V flag reports version information for the snmpwalk.py tool and its underlying libraries.
Debug mode#
The -d option prints out raw SNMP packets in hex.
The -D option lets you debug one or more specific SNMP sub-systems. The required argument can be one or more (comma-separated) tokens:
io - report input/output activity and raw data being exchanged
dsp - report high-level SNMP engine operation
msgproc - report SNMP message processing subsystem operation
secmod - report SNMP security subsystem operation
mibbuild - report MIB files loading and processing
mibview - report MIB browser initialization and operation (manager role MIB use)
mibinstrum - report MIB instrumentation operation (agent role MIB use)
acl - report MIB access control subsystem operation
proxy - report built-in SNMP proxy operation
app - report SNMP standard application operation
all - all of the above (verbose!)
You can also negate the token by prepending it with the ! sign.
SNMP peer address#
The first positional parameter specifies SNMP peer address on the network and, optionally, network protocol to use.
The network protocol can be either udp for UDP-over-IPv4 or udp6 for UDP-over-IPv6.
The network address is either IPv4 or IPv6 address or a fully qualified domain name optionally followed by a colon-separated port number. The default for port is 161.
Note
Numeric IPv6 addresses should be surrounded by square brackets to be parsed correctly. The entire token (address in brackets) might need to be quored to avoid shell expansion. Example: ‘udpv6:[::1]:161’
MIB objects specification#
The rest of positional parameters specify SNMP managed objects to walk by. Each object can be either:
[MIB-name::]object-name[.index[.index]…]
MIB-name
object-identifier
Note
The MIB object(s) specified are interpreted as a starting point for “walking” the SNMP agent. The SNMP agent will return zero or one next object past the one you’ve asked for.
When MIB name or object-name is referenced, the snmpwalk.py tool will try to locate and load the corresponding MIB module. The OID specification does not require MIB access.
$ snmpwalk -v2c -c public demo.pysnmp.com TCP-MIB::tcpRtoMin
TCP-MIB::tcpRtoMin.0 = Integer32: 200 milliseconds
$
$ snmpwalk -v2c -c public demo.pysnmp.com 1.3.6.1.2.1.6.2
1.3.6.1.2.1.6.2.0 = Integer32: 200 milliseconds
$
$ snmpwalk -v2c -c public demo.pysnmp.com TCP-MIB::tcpConnState."195.218.254.105"."45632"."10.105.41.179"
TCP-MIB::tcpConnState."195.218.254.105"."45632"."10.105.41.179"."3389" = Integer32: 'established'
If only MIB name is given, the first MIB object in that MIB will be taken as object name
$ snmpwalk -v2c -c public demo.pysnmp.com TCP-MIB::
TCP-MIB::tcpRtoAlgorithm.0 = Integer32: 'other'
TCP-MIB::tcpRtoMin.0 = Integer32: 200 milliseconds
...
You can query many MIB objects by a single SNMP GETNEXT request by specifying them all at the command line.
$ snmpwalk -v2c -c public demo.pysnmp.com TCP-MIB:: IF-MIB::
TCP-MIB::tcpRtoAlgorithm.0 = Integer32: 'other'
IF-MIB::ifNumber.0 = Integer32: 2
TCP-MIB::tcpRtoMin.0 = Integer32: 200 milliseconds
IF-MIB::ifIndex."1" = InterfaceIndex: 1
...
The output MIB objects count is guaranteed to be a multiple of the requested MIB objects times the maximum number of response MIB objects for any of the request MIB objects that peer SNMP agent is able to serve.
SNMP GETNEXT examples#
SNMPv1 GETNEXT example#
The following command will send SNMP v1 GETNEXT message:
with SNMPv1, community ‘public’
to an Agent at demo.pysnmp.com:161
for MIB objects starting from SNMPv2-MIB::system and IF-MIB
snmpwalk -v1 -c public demo.pysnmp.com SNMPv2-MIB::system IF-MIB::
SNMPv2c GETNEXT example#
The following command will send SNMP v2c GETNEXT message:
with SNMPv1, community ‘public’
to an Agent at demo.pysnmp.com:161
for MIB objects starting from SNMPv2-MIB::system and IF-MIB
snmpwalk -v2c -c public demo.pysnmp.com SNMPv2-MIB::system IF-MIB::
SNMPv3 GETNEXT example#
The following command will send SNMP v3 GETNEXT message:
with SNMPv3, user ‘usr-md5-des’, MD5 authentication, DES encryption
to an Agent at demo.pysnmp.com:161
for MIB objects starting from SNMPv2-MIB::system and IF-MIB
snmpwalk -v3 -l authPriv -u usr-md5-des -A authkey1 -X privkey1 \
demo.pysnmp.com SNMPv2-MIB::system IF-MIB::