snmpwalk

Query the system information of a remote host using SNMPv1 and a community string

$ snmpwalk -v 1 -c [community] [ip]

$ snmpwalk -v 2c -c [community] [ip]:[port] [oid]

$ snmpwalk -v 3 -l [authNoPriv] -u [username] -a [MD5|SHA] -A [passphrase] [ip] [oid]

$ snmpwalk -v 3 -l [authPriv] -u [username] -a [MD5|SHA] -A [auth_passphrase] -x [DES|AES] -X [enc_passphrase] [ip] [oid]

$ snmpwalk -v 3 -l [noAuthNoPriv] -u [username] [ip] [oid]

$ snmpwalk [[-h|--help]]

snmpwalk [COMMON OPTIONS] AGENT [OID]

AGENT: The hostname or IP address of the target SNMP agent.
OID: The starting Object Identifier (e.g., 1.3.6.1.2.1.1 for system information). If omitted, the entire MIB tree (iso) is walked.

-v <1|2c|3>
    Specifies the SNMP protocol version to use (v1, v2c, or v3).

-c <COMMUNITY>
    Sets the community string for SNMPv1 or SNMPv2c requests (e.g., 'public', 'private').

-u <USER>
    Specifies the security name (username) for SNMPv3 authenticated requests.

-l <LEVEL>
    Sets the security level for SNMPv3 (noAuthNoPriv, authNoPriv, authPriv).

-a <PROTOCOL>
    Defines the authentication protocol for SNMPv3 (MD5 or SHA).

-x <PROTOCOL>
    Defines the privacy (encryption) protocol for SNMPv3 (DES or AES).

-A <PASSPHRASE>
    Sets the authentication passphrase for SNMPv3.

-X <PASSPHRASE>
    Sets the privacy (encryption) passphrase for SNMPv3.

-t <TIMEOUT>
    Sets the timeout in seconds before retransmitting a request (default: 1 second).

-r <RETRIES>
    Sets the number of retries before giving up on the request (default: 5 retries).

-On
    Displays OIDs numerically (e.g., .1.3.6.1.2.1.1.1.0).

-Os
    Displays OIDs symbolically (e.g., .iso.org.dod.internet.mgmt.mib-2.system.sysDescr.0).

-M <MIBSPEC>
    Specifies additional MIB modules to load for symbolic name resolution.

The snmpwalk command is a powerful diagnostic and exploration tool within the Net-SNMP suite. It is used to query an SNMP (Simple Network Management Protocol) agent running on a network device (e.g., router, switch, server) and retrieve information by traversing a Management Information Base (MIB) tree or a specific sub-tree.

Unlike snmpget which retrieves a single variable, snmpwalk performs a series of SNMP GETNEXT requests. It starts at a specified Object Identifier (OID) or the root of the MIB tree (if no OID is given) and walks through all subsequent OIDs, retrieving and displaying each variable name and its corresponding value until the end of the MIB sub-tree is reached or an error occurs. This makes it invaluable for discovering what information an agent provides and for auditing network device configurations and states.

• Ensure the target device's SNMP agent is running and accessible (default UDP port 161).
• Firewall rules must permit SNMP traffic between the host running snmpwalk and the target agent.
• Correct community strings (for SNMPv1/v2c) or SNMPv3 credentials (username, security level, passphrases) are critical for successful queries.
• Walking large MIB trees can be time-consuming and resource-intensive on both the client and the agent.
• If MIB files are not configured or available, OIDs may be displayed numerically instead of symbolically, making the output harder to interpret.

SNMP uses a hierarchical naming scheme called Object Identifiers (OIDs), which are numerical sequences representing managed objects in a tree structure (e.g., 1.3.6.1.2.1 for mib-2). A MIB (Management Information Base) is a collection of definitions for managed objects. For snmpwalk to display meaningful symbolic names (like sysDescr.0 instead of 1.3.6.1.2.1.1.1.0), it relies on loaded MIB files that map OIDs to human-readable names. Without appropriate MIB files, output will be purely numeric.

SNMPv1 and SNMPv2c rely on 'community strings' for basic authentication, which are essentially clear-text passwords transmitted over the network. This offers no encryption or strong authentication and is considered insecure for sensitive data.

SNMPv3 significantly enhances security by introducing user-based security models. It supports authentication (using MD5 or SHA) to verify the sender's identity and encryption (using DES or AES) to protect data confidentiality during transit. This makes snmpwalk queries much more secure when using SNMPv3.

SNMP (Simple Network Management Protocol) was initially defined in the late 1980s as a standard for managing devices on IP networks. The snmpwalk command is a fundamental utility that emerged with the development of SNMP implementations. It is a core part of the Net-SNMP project (formerly UCD-SNMP), which has been a widely adopted open-source toolkit for SNMP.

Over time, SNMP evolved through versions: SNMPv1, SNMPv2c (introducing improvements like bulk retrieval and enhanced error handling), and SNMPv3 (adding crucial security features such as authentication and encryption). The snmpwalk command has adapted to support all these versions, reflecting the protocol's development and its continued importance in network management and monitoring.

snmpget(1), snmpset(1), snmptrap(1), snmpd(8), snmpconf(1)