Note from archiver<at>cs.uu.nl:
This page is part of a big collection
of Usenet postings, archived here for your convenience.
For matters concerning the content of this page,
please contact its author(s); use the
source, if all else fails.
For matters concerning the archive as a whole, please refer to the
or contact the archiver.
Subject: comp.protocols.snmp SNMP FAQ Part 1 of 2
This article was archived around: Wed, 2 Jul 2003 19:10:30 +0000 (UTC)
Posting-Frequency: every few months or so
Last-Modified: 2 Jul 2003
PART 1 of 2
FAQ - Frequently Asked Questions - FAQ
Simple Network Management Protocol
This 2-part document is provided as a service by and for the readers
and droogs of Internet USENET news group comp.protocols.snmp and may be
used for research and educational purposes only. Any commercial
use of the text may be in violation of copyright laws under
the terms of the Berne Convention. My lawyer can whup your lawyer.
Anthology Edition Copyright 2002,2003 Thomas R. Cikoski, All Rights Reserved
Please feel free to EMail corrections, enhancements, and/or
additions to the Reply-To address, above. Your input will
receive full credit in this FAQ unless you request otherwise.
As a result of the abuses of EMail now taking place on the
Internet, we have a policy of NOT providing the EMail address
of individual contributors in these postings. We will continue
to provide EMail addresses of commercial contributors
unless requested not to.
A NOTE ON WEB SITES AND URLS: THEY MAY BE OBSOLETE!
Neither the contributors nor the editor of this FAQ are responsible
for the stability or accuracy of any URL, Web site address, or
EMail address listed herein. We take reasonable care to ensure that
these data are transcribed correctly and are always open to
correction. If, however, a particular URL disappears from the Web
there is not much we can do about it.
Please also visit our cousin newsgroup
New this month:
> More of the usual stuff
Note on host names and addresses: please email me with any changes
to URLs, host names or IP addresses. The MIT host rtfm has an autoresponder
which always replies to postings with an incorrect IP. It would be
nice if every host had that, but they don't, so I need your assistance.
SUBJECT: TABLE OF CONTENTS
1.00.00 FAQ PART 1 of 2: IN THIS DOCUMENT
1.01.01 What is the purpose of this FAQ?
1.01.02 Where can I Obtain This FAQ?
1.01.03 Parlez-vous francais?
1.01.04 Why is SNMP like golf?
1.01.05 What is a droog anyway?
1.01.50 HELP ME! MY SNMP PRODUCT IS DUE NEXT WEEK!
1.01.99 This FAQ Stinks!
1.10.00 --General Questions about SNMP and SNMPv1
1.10.01 What is SNMP?
1.10.02 How do I develop and use SNMP technology?
1.10.04 How does the Manager know that its SET arrived?
1.10.10 How does an Agent know where to send a Trap?
1.10.12 Which community string does the agent return?
1.10.15 How can I remotely manage community strings?
1.10.17 What is the largest SNMP message?
1.10.30 Are there security problems with SNMP?
1.11.01 What is an RFC?
1.11.02 Where can I get RFC text?
1.12.00 --SNMP Reference
1.12.01 What books are there which cover SNMP?
1.12.02 What periodicals are heavily oriented to SNMP?
1.12.03 What classes are available on the topic of SNMP?
1.12.04 What email discussion groups are available for SNMP?
1.12.05 What trade shows cater to SNMP?
1.12.06 What SNMP product User Groups are available?
1.12.07 Where can I find SNMP-related material on WWW?
1.12.08 What related mailing lists exist?
1.12.20 What related newsgroups exist?
1.12.21 Are there introductory materials?
1.13.01 SNMP and Autodiscovery
1.13.02 SNMP Traps and NOTIFICATION-TYPE
1.13.03 SNMP and/versus The Web
1.13.04 SNMP and Java
1.13.05 SNMP and CORBA
1.13.06 SNMP and Visual Basic
1.13.07 SNMP and IPv6
1.13.10 SNMP and C#
1.13.12 SNMP and Perl
1.20.00 --General Questions about SNMPv2
1.20.01 What is SNMPv2?
1.20.02 What is SNMPv2*/SNMPv1+/SNMPv1.5?
1.20.03 What is SNMPv2c?
1.20.04 What the heck other SNMPv's are there?
1.22.00 --General Questions about SNMPv3
1.22.01 What is SNMP V3?
1.30.01 What is RMON?
1.30.02 RMON Standardization Status
1.30.03 RMON Working Group.
1.30.04 Joining the RMON Working Group Mailing List
1.30.05 Historical RMON Records
1.30.06 RMON Documents
1.40.01 What is ISODE?
1.40.02 Where can I get ISODE?
1.40.03 Is there an ISODE/SNMP mailing list?
1.50.00 --Using SNMP to Monitor or Manage
1.50.01 How do I calculate utilization using SNMP?
1.50.02 What are Appropriate Operating Thresholds?
1.50.03 Are MIBs available to monitor application traffic?
1.50.04 How can I make sense of the Interfaces Group?
1.50.10 When do I use GETBULK versus GETNEXT?
1.50.12 What free products can be used to monitor?
1.75.00 -- SNMP Engineering and Consulting
1.75.01 SNMP Engineering and Consulting Firms
2.00.00 FAQ PART 2 of 2: NOT IN THIS DOCUMENT
2.01.01 What is CMIP?
2.01.02 What books should I read about CMIP?
2.01.03 A CMISE/GDMO Mailing List
2.01.04 What is OMNIPoint?
2.02.00 --Other Network Management Protocols
2.02.01 What alternatives exist to SNMP?
2.10.00 --SNMP Software and Related Products
2.10.01 Where can I get Public Domain SNMP software?
2.11.01 Where can I get Proprietary SNMP software?
2.12.01 Where can I get SNMP Shareware?
2.13.01 Miscellaneous FTP and WWW Sources
2.14.01 What CMIP software is available?
2.15.01 SNMP and Windows NT/95/98
2.16.01 More About CMU SNMP Software
2.17.01 Miscellaneous SNMP-related Products
2.18.01 SNMP and OS/2
2.18.02 SNMP and SCO Unix
2.18.03 SNMP and Linux
2.18.04 SNMP and AS/400
2.21.01 What is AgentX?
2.25.00 -- SNMP Engineering and Consulting
2.25.01 SNMP Engineering and Consulting Firms
2.30.00 --The SNMP MIB (Management Information Base)
2.30.01 What is a MIB?
2.30.02 What are MIB-I and MIB-II
2.30.03 How do I convert SNMP V1 to SNMP V2 MIBs?
2.30.04 How do I convert SNMP V2 to SNMP V1 MIBs?
2.30.05 What are enterprise MIBs?
2.30.06 Where can I get enterprise MIBs?
2.30.10 Can I mix SMIv1 and SMIv2 in one MIB?
2.31.01 MIB Compiler Topics
2.32.01 How can I get ______ from the _____ MIB?
2.35.01 How can I register an Enterprise MIB?
2.35.02 Where can I find Enterprise Number Assignments?
2.37.01 How Do I Create a Table Within a Table?
2.37.05 How Do I Reset MIB Counters via SNMP?
2.37.07 How can I change a published MIB?
2.38.01 How unique must MIB variable names be?
2.38.03 Explain MODULE-COMPLIANCE versus AGENT-CAPABILITIES
2.38.04 Which parts of my MIB are mandatory?
2.38.10 Can a CMIP MIB be converted to SNMP?
2.38.11 Can an SNMP MIB be converted to CMIP?
2.38.12 Can a table index value legally be zero?
2.38.14 Where can I find the _____ MIB?
2.38.20 How can I convert a MIB to XML Format?
2.38.22 What is the maximum number of entries in a table?
2.40.01 What is the SMI?
2.40.02 What is SMIv2?
2.40.03 Table Indexing and SMI
2.40.04 Floating Point Numbers in SMI?
2.40.05 SMIv1 versus SMIv2?
2.45.01 What is ASN.1?
2.45.02 Why is ASN.1 not definitive for SNMP?
2.45.05 Where can I find a free ASN.1 compiler?
2.50.01 How is the Integer value -1 encoded?
2.50.02 What is the Maximum Size of an SNMP Message?
2.50.05 Where can I find BER encoding rules?
2.60.00 -- Agent Behavior
2.60.01 Proper Response to empty VarBind in GetRequest?
2.60.02 Master Agent versus Proxy Agent
2.60.03 Proper Response to GET-NEXT on Last MIB Object?
2.60.10 How can I find the SNMP version of an Agent?
2.60.12 How should an agent respond to a broadcast request?
2.60.14 What does an Agent send in a trap?
2.98.00 Appendix A. Glossary
2.99.00 Appendix B. Acknowledgements & Credits
1.00.00 FAQ PART 1 of 2:
SUBJECT: What is the purpose of this FAQ?
This FAQ is to serve as a guide to the resources known to
be available for helping you to understand SNMP, SNMPv2,
and their related technologies. OSI/CMIP is touched on
briefly as well because we're fair-minded folk.
There is NO INTENT that this be a one-stop SNMP tutorial.
There is NO INFERENCE that this is an authoritative or
official document of any kind. What you see is what you get.
You WILL need to read the books listed herein, maybe even
some of the RFCs. You may wish to take a class as well.
Just think of this as your "tourist guide book."
SUBJECT: Where Can I Obtain This FAQ?
This FAQ is available on the WWW at:
http://www.pantherdig.com (both text and HTML formats are available)
You can also find the most recent Web posting via
http://www.deja.com/usenet [formerly "dejanews"]
and, last but not least, you can use your favorite search
engine such as
This FAQ is officially archived (as with all "licensed" FAQs) at
rtfm.mit.edu [220.127.116.11] under /pub/usenet/news.answers
as snmp-faq/part1 &/part2, or under /pub/usenet/comp.protocols.snmp
as its own self (the only files in that directory). Use
anonymous ftp to retrieve or send e-mail to
for instructions on FTP via e-mail.
SUBJECT: Parlez-vous francais?
>Un petit conseil: Si tu postais en anglais, beaucoup plus de gens
> Thomas Galley
Alternativement, si tu es vraiment fachez avec l'anglais ;-),
poster (ou xposter avec fu2) sur fr.comp.reseaux.supervision.
If you are in the Bayonne area and would like to forget
SNMP for a few hours in a great little country hotel, try
L'Auberge de Biaudos (**)
RN 117 15mn from Bayonne
05 59 56 79 70
SNMP-oriented Web Site hosted en France, avec quelques
SUBJECT: Why is SNMP like golf?
> usually the fewer polls you take the better off you are
> but you are sometimes lost in the woods
> it helps to have a good set of tools in the bag
> it helps to have good instruction
> you need a few beers after a bad round
SUBJECT: What is a droog anyway?
What's a droog?
<Sigh> It is sad to think that an entire new generation of SNMPers has arisen
to push their elder brethern and sisteren, who have done such hard, essential
pioneer work, out of the way, and are too young to have seen "Clockwork Orange".
The label was actually applied to the readership of comp.protocols.snmp by
a rather snide and vehement proponent of SMUX. I took it as a badge of honor.
SUBJECT: HELP ME! MY SNMP PRODUCT IS DUE NEXT WEEK!
From time to time there appear posts in news:comp.protocols.snmp
which bring a tear to the eye of the casual observer. They often
have this form:
"My boss told me I need to have the SNMP running on our new
100GB Muxiblaster for next week's first release. What is SNMP?
Can I have it for Thursday?"
Sometimes there come, in private email, messages to regulars
of this newsgroup, often in this form:
"Please to sending me all SNMP keywords now. Regards."
"Tell me [by email] how SNMP differs from TMN and CMIP."
The "simple" in SNMP doesn't mean "trivial". It cannot
be learned by flipping through a few emails or news posts.
The "simple" in SNMP is only in contrast to protocols
which are thought to be even more complex than SNMP.
There is no magic solution to learning SNMP. All
of us who have mastered the subject did so by 1)reading
several books on the subject, 2)reading/playing with the sample code
from CMU or NET-SNMP, 3)implementing several trial products
over a period of months.
If your boss expects SNMP miracles and will not listen to
reason, either become a good liar or find a new job.
Or, as David Perkins posted in recent response to a newbie:
"It will take you at least 6 months or so of studying and
usage to "comprehend SNMP very well". I suggest that
you read a few books (more than one) on SNMP and RMON,
since authors focus on different aspects of the subject
You can find these resources listed in this FAQ and
on several other Web sites devoted to SNMP. Good luck!
SUBJECT: This FAQ Stinks!
1.01.99.01 The material is out-of-date!
A concerned reader writes:
"The SNMP FAQ contains incorrect sometimes outdated information and
it might therefore cause more questions than it answers. What is
your policy with regard to corrections? It sometimes looks that you
are just adding corrections and not removing the incorrect text.
This makes the FAQ difficult to use and it keeps incorrect stuff
around, which again causes confusion."
"There is also an issue with relationship to other documents. For
example, the SimpleTimes contains an up-to-date list of RFCs related
to SNMP. The FAQ contains several more or less correct and outdated
lists. I think it would be useful in cases like this to just refer
to a `reliable' source instead of trying to include information which
is not maintained."
Editor's note: Our concerned reader is perceptive. We rely on the good
will and support of our readers to notice omissions, commissions and
deprecations in the FAQ, although we do try and update RFC lists from
time to time. We will act on any notice from you that something ought
to be changed. Please send me your corrections.
URLs change often and we don't have the time to check them routinely.
We also publish the large personal collections of several contributors,
some of which offer conflicting details. That's the way it is with
tribal documents such as this. If any error in this FAQ causes you to
waste or loose precious time then you probably expected too much to
begin with. Please use it with our good wishes and this disclaimer.
1.01.99.02 In what language should you post?
The following exchange once took place ...
A> Ich benvtige Wissen |ber SNMP und MIB und MIB II. Bin
A> allerdings kein Informatik- oder
A> Nachrichtentechnikstudent. Wenn einer von euch helfen kann,
A> dann wdre ich sehr dankbar.
B> [This is an international newsgroup, so the common language
should be english.]
While B has a point, we support the right of posters to ask
questions in any language. Your best chance of receiving an
answer, of course, is if you ask in English. For online
translation, try www.babelfish.com.
1.10.00 --General Questions about SNMP and SNMPv1
SUBJECT: What is SNMP?
The current state of the art [Ed Note: Jan 2003] is well summarized
in every recent RFC which contains a MIB module:
The SNMP Management Framework presently consists of five major
o An overall architecture, described in RFC 2571 [RFC2571].
o Mechanisms for describing and naming objects and events for the
purpose of management. The first version of this Structure of
Management Information (SMI) is called SMIv1 and is described
in STD 16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and
RFC 1215 [RFC1215]. The second version, called SMIv2, is
described in STD 58, RFC 2578 [RFC2578], RFC 2579 [RFC2579] and
RFC 2580 [RFC2580].
o Message protocols for transferring management information. The
first version of the SNMP message protocol is called SNMPv1 and
is described in STD 15, RFC 1157 [RFC1157]. A second version
of the SNMP message protocol, which is not an Internet
standards track protocol, is called SNMPv2c and is described in
RFC 1901 [RFC1901] and RFC 1906 [RFC1906]. The third version
of the message protocol is called SNMPv3 and is described in
RFC 1906 [RFC1906], RFC 2572 [RFC2572] and RFC 2574 [RFC2574].
o Protocol operations for accessing management information. The
first set of protocol operations and associated PDU formats is
described in STD 15, RFC 1157 [RFC1157]. A second set of
protocol operations and associated PDU formats is described in
RFC 1905 [RFC1905].
o A set of fundamental applications is described in RFC 2573
[RFC2573]. The view-based access control mechanism is
described in RFC 2575 [RFC2575].
A more detailed introduction to the current SNMP Management Framework
can be found in RFC 2570 [RFC2570].
The Simple Network Management Protocol is a protocol for
Internet network management services. It is formally
specified in a series of related RFC documents.
(Some of these RFCs are in "historic" or "informational" status)
RFC 1067 - A Simple Network Management Protocol
RFC 1089 - SNMP over Ethernet
RFC 1140 - IAB Official Protocol Standards
RFC 1147 - Tools for Monitoring and Debugging TCP/IP
Internets and Interconnected Devices
[superceded by RFC 1470]
RFC 1155 - Structure and Identification of Management
Information for TCP/IP based internets.
RFC 1156 (H)- Management Information Base Network
Management of TCP/IP based internets
RFC 1157 - A Simple Network Managment Protocol
RFC 1158 - Management Information Base Network
Management of TCP/IP based internets: MIB-II
RFC 1161 (H)- SNMP over OSI
RFC 1187 - Bulk Table Retrieval with the SNMP
RFC 1212 - Concise MIB Definitions
RFC 1213 - Management Information Base for Network Management
of TCP/IP-based internets: MIB-II
RFC 1215 (I)- A Convention for Defining Traps for use with the SNMP
RFC 1224 - Techniques for Managing Asynchronously-Generated Alerts
RFC 1270 (I)- SNMP Communication Services
RFC 1303 (I)- A Convention for Describing SNMP-based Agents
RFC 1470 (I)- A Network Management Tool Catalog
RFC 1298 - SNMP over IPX (obsolete, see RFC 1420)
RFC 1418 - SNMP over OSI
RFC 1419 - SNMP over AppleTalk
RFC 1420 - SNMP over IPX (replaces RFC 1298)
[EDITOR'S NOTE: RFCs for SNMPv2 and SNMPv3 are under their
SNMPv1 is now historic, and SNMPv3 is now standard and is described by
RFCs 3410-3418 (note: 3410 is informational).
"Just a reminder that if you are new to SNMP (or know someone who is)
you might want to check out my Web page at:"
Tyler Vallillee has a live SNMP site at
I assume this replaced the old link in the FAQ.
I've mailed Tyler about this so hopefully it will be fixed soon.
You can find the "Intro to SNMP" courtesy of the WayBack machine at
You can probably also find other long-lost URLs there, too.
The 'Overview of SNMP' document can currently be located at
- I've no idea whether this link is reliable I'm afraid.
(Also referenced in FAQs 1.12.07.11 and 1.12.21.01)
The URL for the SNMP overview document given in FAQ section 1.10.01.03
is still active but the document is apparently no longer available
from that site, or from the alternative site that the page now refers you to.
I did find a copy of the document from May 2001 on the Wayback machine:
Concord Communications offers a free network management reference
guide that includes the information you are looking for. View online or
download it at http://www.concord.com/resctr/survival/guide/intro.htm
SUBJECT: How do I develop and use SNMP technology?
To deploy and use SNMP technology for management involves
If you are a device vendor you need to:
1) decide what aspects of your products you want to
be managable via SNMP
2) select the standard MIBs to implement (and the objects/traps
within them to implement)
3) create proprietary MIB modules containing objects and traps
for the management areas not covered by standard MIBs
4) Select an SNMP agent toolkit vendor
5) put instrumentation in your devices
6) following the directions from the SNMP toolkit vendor, create
access routines (which some SNMP toolkit vendors call method
routines) to get and set the values of from your instrumentation
7) Select an SNMP agent test package, and test your agent
8) Select an SNMP management API library
9) Write SNMP applications to manage your device
If you are an end-user, you need to:
1) determine what SNMP management capability that you have
in your current devices
2) determine the SNMP management capability that is available
in similar devices from other vendors (in case you need to
upgrade or change)
3) determine what you want to accomplish with management
4) find off the self management packages that provide the
management functions you want
5) possibly upgrade or replace your current devices with one
that are managable with the package you chose.
6) implement additional management functions using scripting
7) implement additional management functions using custom written
code using a purchased off the self SNMP management API library
8) configure your agents and applications to talk to each other.
David T. Perkins
SUBJECT: How does the Manager know that its SET arrived?
Praveen Dulam queried:
> SNMP is based on UDP. So the SNMP is not a reliable protocol. Let's say
> you did the SNMP SET operation. How do we gurantee that the SNMP SET
> packet reached the Agent.
> Do we need to write some application level programming to do this.
Yes, the management application and the agent need to work cooperatively
to take care of reliability. Note that when an agent acts upon a SET
request it will send a response packet that is either a positive or
negative acknowledgment (the error code tells which). So the main
problem is what to do at the management station when you time out and
get no response at all.
If the SET operation is idempotent (i.e. a second application on top of
a previous one does not change the results) then you can just re-send
the SET. That would be the case if you are just storing values. But
not all SET operations work that way: there may be side effects when
an object is written.
SUBJECT: How does an Agent know where to send a Trap?
I've noticed on the comp.protocols.snmp mailing list that the question
"how does an agent know where to send traps" (short answer is "its
implementation specific", long answer is, indeed, long, but has been
well answered numerous times) is, indeed, a Frequently Asked Question.
Any chance of adding it to your quite impressive FAQ posting?
T. Max Devlin
[Editor's Note: What T. Max is getting at here is that the trap
destination IP address is not represented in MIB-II, so how can
the agent know what it is? The answer is that most agents require
an external configuration process to take place before they can
be put into service, and that is how the IP address, among other
interesting parameters, is set in the agent. How this setup is
actually done varies among agent developers.]
SUBJECT: Which community string does the agent return?
> which community string is used in a response to a set-request and which is
> used in a response to a get-request?
The packet is a turn-around document with respect to the
community string. The community string in the response
is typically whatever it was in the request. [snip]
if you were to use the community-string field for passing
different information from the agent back to the manager
then it would not be standard SNMP.
Since you referred to "the" read/write community string
let me point out that there can be multiple read and multiple
write communities (although your agent/config file may
constrain that in some way). You can use them to provide
views of different portions of the mib for instance (but
there is no v1/v2c standard for this mapping).
The community string is a poor man's password scheme
because it is sent unencrypted in v1/v2c packets and tries to
to do the job of authentication, privacy, and views. V3 does
away with it.
[Editor's Note: I would have said "SNMPv3 offers more and better
options for security and privacy in SNMP messages."]
SUBJECT: How can I remotely manage community strings?
Paul Nye wrote:
>I'm looking for a utility that enables me to change community names on
>multiple devices from a single management console.
>For example, provided I have the correct SU password, I would like to be
>able to identify a subnet or IP address range and the utility would query
>any SNMP aware device in the range, test whether the SU/community names are
>the same and if so, replace the SU password with one of my choice.
Because the methodology for setting community strings is not
standardized, every type of device/agent version may have a
different mechanism for handling this chore. Therefore, there
are no "single console" products for setting community strings.
For this to be feasible, you would have to be able to
differentiate every agent type, and know how that particular
vendor/system/agent handles it.
T. Max Devlin
SUBJECT: What is the largest SNMP message?
George Chandy wrote:
> Is there a limit to the size of messages in SNMP ?
Every implementation must at least accept messages of 484 octets in
size (RFC 1906). That is the lower limit you can always bet on. The
upper limit basically depends on the two SNMP engines that communicate.
In most cases, people try to avoid IP fragmentation as it reduces the
likelihood that the message reaches its destination.
Note that the only hard limit in the SNMP protocol is the number of
varbinds you can have in a PDU. And that limit is 2147483647 - quite
a big number if you ask me.
Remember that the definitions in a MIB module are
architectual, and not implementation limits. Note that
the OCTET STRING data type does have a limit of 65535 octets,
which will not fit in a UDP packet. Thus, there are
limits imposed by the protocol and transport in addition
to implementation limits of the SNMP agent or managed
David T. Perkins
SUBJECT: Are there security problems with SNMP?
Recently there was a CERT advisory having to do with SNMPv1.
The problem was that the code to process SNMP messages when it
encountered malformed BER encoding, unsupported ASN.1 tags,
or ASN.1 that didn't follow the format of messages did not
"do the right thing". The code had programming errors which in
some cases caused the code to crash the system.
What the SNMP message processing code was suppose to do is increment
the counter snmpInASNParseErrs and drop the message.
SUBJECT: What is an RFC?
The letters stand for the title Request For Comment, which
is the initial stage in the process for creating Internet
standards. RFCs go through several stages of review and
refinement before they are adopted as final by the Internet
SUBJECT: Where can I get RFC text?
Ohio State University has an extensive set of RFCs in html (browser)
format. To see RFC 9898 (for example), use the following URL:
Put actual RFC number here.
Simply change the RFC number in the above URL to access the correct
file for your purpose.
Also, for an RFC "Home Page" see
RFC-Info Simplified Help submitted by: Mark Wallace
Use RFC-Info by sending an email messages to RFC-INFO@ISI.EDU.
1. To get a specific RFC send a message with text as follows:
This gets RFC 1500. All RFC numbers in the Doc-Id are 4 digits
(RFC 791 would be Doc-ID: RFC0791).
2. To get a specific FYI send a message with text as follows:
3. To get a list of available RFCs that match a certain criteria:
Returns a list of RFCs with the word Gateway in the title or
specified as a keyword.
4. To get information about other ways to get RFCs, FYIs, STDs,
5. To get help about using RFC-Info:
Other possible sites:
nic.ddn.mil - note: avoid using this one, it's SLOW
munnari.oz.au \___ Pacific Rim Sites use these
Use anonymous ftp & look for rfc or pub/rfc directories above.
Details on obtaining RFCs via FTP or EMAIL may be obtained by
sending an EMAIL message to "rfc-info@ISI.EDU" with the message
body "help: ways_to_get_rfcs". For example:
>> To: rfc-info@ISI.EDU
>> Subject: getting rfcs
>> help: ways_to_get_rfcs
You can get a CD ROM with all the RFCs as of the date of the
> Info Magic
> 11950 N. Highway 89
> Flagstaff, AZ
> (800) 800-6613
> (520) 526-9565
> Title is 'International & Domestic Standards' ($30)
In Germany and Europe, try Christian Seyb:
"I also offer a CDROM with all RFCs as of the date
of beginning of Aug 93."
The following CDROM is available for DM 98,-- (app. $60) and
contains the following software:
- Linux SLS V1.03, Kernel 0.99.11 and utilities for Linux
- 386BSD version 0.1 including patch-kit 0.2.4
- NetBSD version 0.8
- Utilities for 386BSD and NetBSD
- The Berkely Second Networking Distribution
- GNU software (gcc 2.4.5, emacs 19.17, gmake 3.68, etc)
- X11R5 up to patch 25 and lots of Contributed Software
- TeX version 3.14
- The Internet RFCs up to RFC1493
- News, mail and mailbox software and many utilities for Unix
Issue: Aug 1993
85598 Baldham Fax: +49-8106-302310
Germany Bbs/Fax: +49-8106-34593
Christian Seyb | | Mailbox/uucp/Fax: 08106-34593
Aloha and greetings from Cologne, Germany.
Maybe it is interested for you, that the Technical University of Cologne
has a good script which translate the RFCs into HTML-RFCs.
So you can link between the RFCs and you can get online.
You can try it by using the URL
General RFC Information
2/3 down the page is a complete list of SNMP RFCs
http://www.simpleweb.org maintains up-to-date RFC list for network management.
I grab a copy of the RFC Index every once in a while and do my
searches on that. You can get the index here (it's about 540K):
1.12.00 --SNMP Reference
SUBJECT: What books are there which cover SNMP?
You may wish to visit http://www.pantherdig.com/snmpfaq
for a preset search on Barnes & Noble dot Com for SNMP.
A small part of each sale goes toward supporting the
1.12.01.00 SNMP Books from Barnes & Noble dot com
1. SNMP, SNMPv2, SNMPv3, and RMON 1 and 2
William Stallings / Hardcover / Addison Wesley Longman,
Inc. / December 1998
ISBN: 0201485346 To order from Barnes & Noble:
2. Understanding SNMP MIBs: With Cdrom
Evan McGinnis,With David Perkins / Hardcover / Prentice
Hall / September 1996
ISBN: 0134377087 To order from Barnes & Noble:
3. Windows NT SNMP: Simple Network Management Protocol
James D. Murray,Deborah Russell (Editor) / Paperback /
O'Reilly & Associates, Incorporated / February 1998
ISBN: 1565923383 To order from Barnes & Noble:
4. Managing Internetworks with SNMP with Cdrom
Mark A. Miller,P. E. Miller / Paperback / IDG Books
Worldwide / July 1999
ISBN: 076457518X To order from Barnes & Noble:
5. A Practical Guide to SNMPv3 and Network Management
Dave Zeltserman / Hardcover / Prentice Hall / May 1999
ISBN: 0130214531 To order from Barnes & Noble:
6. Troubleshooting with SNMP & Analyzing MIBs
Louis Steinberg / Paperback / McGraw-Hill Companies, The
/ June 2000
ISBN: 0072124857 To order from Barnes & Noble:
7. SNMP Network Management
Paul Simoneau / Paperback / McGraw-Hill Companies, The /
ISBN: 0079130755 To order from Barnes & Noble:
8. Snmp++: An Object-Oriented Approach to Developing
Network Management Applications
Peter E. Mellquist,Hewlett-Packard Company / Paperback /
Prentice Hall / July 1997
ISBN: 0132646072 To order from Barnes & Noble:
9. LAN Management with SNMP and RMON
Gilbert Held / Paperback / Wiley, John & Sons,
Incorporated / August 1996
ISBN: 0471147362 To order from Barnes & Noble:
10. SNMP Application Developers Manual
Robert L. Townsend / Hardcover / Wiley, John & Sons,
Incorporated / December 1997
ISBN: 0471286400 To order from Barnes & Noble:
11. Total SNMP: Exploring the Simple Network Management
Sean J. Harnedy,Sean J. Harnedy / Paperback / Prentice
Hall / June 1997
ISBN: 0136469949 To order from Barnes & Noble:
12. How to Manage Your Network Using SNMP: The Networking
Marshall T. Rose,Keith McCloghrie / Paperback / Prentice
Hall / September 1994
ISBN: 0131415174 To order from Barnes & Noble:
13. RMON: Remote Monitoring of SNMP-Managed LANs
David T. Perkins / Hardcover / Prentice Hall / September
ISBN: 0130961639 To order from Barnes & Noble:
14. SNMP V3 Survival Guide: Practical Strategies for
Integrated Network Management
Rob Frye,Jon Saperia / Hardcover / Wiley, John & Sons,
Incorporated / January 1999
ISBN: 0471356468 To order from Barnes & Noble:
15. SNMP-Based ATM Network Management
Heng Pan / Hardcover / Artech House, Incorporated /
ISBN: 0890069832 To order from Barnes & Noble:
16. SNMP: Simple Network Management Protocol: Theory and
Practice, Versions 1 and 2: Theory and Practice,
Versions 1 and 2
Mathias Hein,David Griffiths (Editor) / Paperback / Itcp
/ May 1995
ISBN: 1850321396 To order from Barnes & Noble:
For a list of other books which may or may not be in
print, go to http://www.pantherdig.com/snmpfaq/otherbks.txt
SUBJECT: What periodicals are heavily oriented to SNMP?
One bi-monthly newsletter is "SIMPLE TIMES".
You can subscribe via email at
Use HELP on the Subject line for details. Also try
For back issues of Simple Times, try
ConneXions, The Interoperability Report
480 San Antonio Road, Suite 100
Mountain View, CA 94040
SUBJECT: What classes are available on the topic of SNMP?
303 Vintage Park Drive
Foster City, CA 94404
Network World Technical Seminars
Ph: 800-643-4668 (direct: 508-820-7493)
[Fax back line, ask for document 55]
Learning Tree International
1805 Library St
Reston, VA 22090-9919
800-843-8733 or 703-709-6405
American Research Group, Inc.
PO Box 1039
Cary, NC 27512
Chateau Systems, Inc
SNMP Training & Development
Larry R. Walsh
SUBJECT: What email discussion groups are available for SNMP?
SUBJECT: Mailing lists for SNMPv1
"This mailing list is currently being managed with ListProcessor,
Updates to be made include the request address. It should be:
The subject line is not looked at. The body of the message should
subscribe <list> <your email address>
For the snmp list, subscribe to the list by sending a message to:
with a message body of:
subscribe snmp <emailaccount>@<mailhostname.domain>"
It appears the new valid snmpv1 mailing list address is
However, when I tried to subscribe to snmpv2 mailing list, my email was
simply not recieved by anyone.
SUBJECT: Mailing lists for SNMPv2
"For the snmpv2 list, subscribe to the list by sending a message to:
with a message body of:
subscribe snmpv2 <emailaccount>@<mailhostname.domain>"
[Editor's Note: Out of action? See above topic]
SUBJECT: What trade shows cater to SNMP?
These days nearly every networking trade show in the
US, and many outside the US, covers the SNMP market.
The "big name" in internetworking is (their text):
"NetWorld+Interop (the definitive networking event)
Online registration at
Phone registration and customer service: 800-962-6513 and 650-372-7079
c/o ZD Events
PO Box 45295
San Francisco CA 94145-0295"
SUBJECT: What SNMP Product User Groups Are There?
For owners of a run time license to HP OpenView, there
is the the OpenView Forum (a yearly fee is charged).
OpenView users should be directed to the OpenView Forum at their web site:
"You might also want to include a pointer/reference somewhere on your site
for Summit Online. It's a great resource (check it out). The URL is
There is an email list for the ovforum.
It is very active (20-40 messages per day).
to submit questions or responses:
I think it's firstname.lastname@example.org. If you try to subscribe to
ovforum.ovforum.org it will respond with subscription instructions.
SUNNET MANAGER (revised 3/95):
If you wish to subscribe to snm-people, send a message to
with no subject, containing only the words:
subscribe snm-people "Kent F Enders"
[Editor's note: we assume this should be your name here!]
If you wish to unsubscribe from snm-people, send the message:
For more information on using listproc, send the message:
This list is devoted to the issues revolving around the use of the
SunNet Manager Software package.
An anonymous FTP area is set up on Zippy.Telcom.Arizona.EDU as
For those users that do not have access to ftp directly, zippy also
supports ftps by mail. If you want to try it out send an email
message with the word `help' in the body of the message for some
instructions. Send that email message to
An archive of the mail messages sent to the list subscribers is
maintained as well. To get an index of these messages send a message
to email@example.com with a single line message of:
To remove your name from the mailing list send a one line mail message
to firstname.lastname@example.org. The message should contain the
To receive a list of the commands for the listproc send a message to
email@example.com with a message of:
To send a message to the list send mail to
There is a NetView User's mailing list (not affiliated or run
by Tivoli) that is a great place to learn about NetView and
ask questions. Quoting from the nv-l instructions:
To subscribe to the NV-L list, send mail to LISTSERV@UCSBVM.UCSB.EDU
(not to NV-L nor NV-L-request), with the single line in the body
of the note:
SUBSCRIBE NV-L firstname lastname
This list is for the discussion of NetView and all related products,
platforms, usage questions, bugs, and for the dissemination of
announcements and updates by members of the NetView Association.
Vendors are welcome to post short announcements of products and/or
You may want to visit the Tivoli NetView web page at:
Also, the IBM NetView "red books" are a good practical
source of information on NetView. Try
SUBJECT: Where can I find SNMP-related material on WWW?
it's best if you check out the following www page: it's devoted to
network management and contains an excellent overview and links to
all the different organisations and commitees:
Re: The tkined & scotty network management system:
Commercial SNMP Software
(See SNMP FAQ Part 2):
THIS SPACE WAS FORMERLY OCCUPIED BY A HUGE BUT UNMAINTAINED
LIST OF URLS SUBMITTED IN 1996 BY BRUCE BARNETT. IT HAS BEEN
REMOVED TO CONSERVE SPACE AND SINCE SO MANY OF ITS LINKS
HAD BECOME OBSOLETE. TO SEE IT FOR POSSIBLE VALUE, GO TO
eg3.com is a free resource, serving the needs of designers in
board-level, embedded, dsp, and realtime.
We already link to Simple Network Management Protocol,
as an important resource for the engineer in our free listings.
http://www.SNMPLink.org -- based in France & well-maintained
http://www.simpleweb.org -- from Germany & well-maintained
Good overview of net management generalities, context into
which snmp fits:
Good snmp intro for tech guys (like me). I wouldn't want
to talk about snmp before knowing about half this stuff.
Ignore chapter 4, though, as it's basically hype for their
software. But eveything else is not wasted reading.
The SNMP FAQ is very outdated, I feel. Better is the
UCD-SNMP FAQ that comes with the linux software!
I would like to announce that a forum for users of Sniffer Technologies
products is open at http://www.snifferusers.org.
SUBJECT: What related mailing lists exist?
J. Lindsay wrote:
"I have started a mailing list for those interested in web-based network
and systems management. To subscribe send email to
with an email body of
"subscribe web-manage <your email address here>"
The most applicable usenet news group is
If you send an "unsubscribe me" message to the list itself
it is almost certain your mail box will overflow with people
The list is open and unmoderated. All requests should go to:
1.12.20 What related newsgroups exist?
Please also visit our cousin newsgroup
There's a discussion group on delphi concerning Enterprise Management.
The areas covered are CA Unicenter, HP OpenView, Tivoli, Platinum Tech,
Enterprise Management,Trade Shows, EM User Groups, Networking Jobs,
Industry Discussion, and General Discussion.
Again, this is focusing on Enterprise Management. There are over 423
members to this forum as of 11/11/98. You can visit this site at....
SUBJECT: Are there introductory materials?
Look for a document called "ACE-SNMP An Introductory Overview of SNMP"
at http://www.ddri.com, I've found it very easy to read and understand and a
needed step before getting at RFCs.
"SNMP for Dummies" at:
Is also good startup reading.
John J. Miller
SUBJECT: SNMP and Autodiscovery
"Automated topology discovery is a hard problem due to the diversity of deployed
systems and the wide distribution of resource information. I will briefly
mention some reasons why a ping/traceroute based approach will not work :
subnetting, tunneling, firewalls, virtual LANS. Your network topology
discovery tool would have to extract more information like subnet masks,
etc and use heuristics for "guessing" the real topology.
I was a teaching assistant for the computer networks course offered in the
spring at Columbia, and assigned the third class project on network topology
discovery. You may want to refer to the project resources WWW page at the
Alexander V. Konstantinou"
"[...]these are some of the methods that I had used
1. SNMP Broadcast on your local net; all SNMP agents respond
2. Listening for RIP, and OSPF ports, you'll get info on the routers around,
and consequently the different sub-networks connected by this router. If you
need a better discovery you could listen on both IP and IPX ports.
3. ICMP Router interface discovery; this will again give you information on
all the router interfaces (sub-nets)
4. Once you know a sub-net and it's mask (I'm speaking about IP nets) you
could issue an ICMP-echo spray to all the possible IP addresses in that
range, the one's who are alive will respond. But this has to be fine tuned
so that you do not swamp the network with disocvery packets. In case of IPX
you issue an IPX diagnostic message spray (the counterpart of ICMP in Novell
5. You could walk the routing tables (MIB2) and get information about other
routers and sub-nets. You could figure out the type of the sub-net (MAC
layer) by looking up "ifType" for each of the router interfaces.
NOTE: The typical problems you would face is handling unnumbered router
ports, and proxy-ARP issues."
Check out this paper:
SUBJECT: SNMP Traps and NOTIFICATION-TYPE
1.13.02.01 - Traps
I am relatively ignorant about SNMP. However, I have spent a
reasonable amount of effort investigating agents, managers, the
technology, and I have read most of the important RFCs.
There are a bunch of related but simple, practical questions to which
I cannot get a straight answer: Are SNMP traps useful in the real
world? Can you depend on traps being sent across networks? Do agents
repeat traps? How do you select a polling interval if there are traps
you consider very important?
RFC 1215 (the one with the TRAP-TYPE macro) says traps are a bad idea
(well, sort of). RFC 1224 seems to describe a method to acknowledge
SNMP traps and throttle them?
What's the real feeling...you know, in practice? The real state of the
Traps are very useful to us. They let us know when a router link goes down,
when network performance is degrading, when a power failure has occurred,
etc. - just to name a few.
You don't poll for traps - the agent just sends the traps to the network
management station(s) you tell it to send them to. Now you can program the
network management station to take automatic action if you so desire. For
example, if one of our ethernet concentrators sends us traps on a
misbehaving port we automatically do some checking and if it is a situation
that could potentially take our whole segment down we automatically
partition the port off of the network. I'm sure this has saved numerous
Yes, agents may send repetitive traps. The way you throttle or deal with
them depends on the software you use on your network management station.
All that said - you cannot rely on traps alone. For example, if I die - I
cannot pick up the phone and tell someone that "I am dead". Neither can a
SNMP agent. Therefore it is good to poll the agents periodically just to see
if they are alive and well.
1.13.02.02 - NOTIFICATION-TYPE
The current terminology in use in SNMP is the following:
The NOTIFICATION-TYPE construct is used to define events
or conditions of interest in a managed system. (In the
earlier, but now obsolete, version of the SMI, the
TRAP-TYPE construct was used.)
SNMPv1 protocol contains the TRAP message type that
is sent when an event or condition defined by a
NOTIFICATION-TYPE construct occurs.
SNMPv2c and SNMPv3 protocols contain the v2TRAP and
INFORM message types that are sent when an event or
condition defined by a NOTIFICATION-TYPE construct
occurs. A v2TRAP message is not confirmed, and an
INFORM message is confirmed (that is, a response
message is sent back).
There is no such thing as an alarm in SNMP.
David T. Perkins
1.13.02.03 - Enterprise versus Generic Traps
There were 6 defined traps [SNMPv1] that were considered to be common
that could be generally useful for most/many SNMP agents
[perhaps some more important than others]. There was also
the need to let agent/MIB designers implement the idea of
traps that were specific to their hardware/software/management
needs. In the v1 packet there are 2 fields associated with
these, the one for generic traps would be given a value of 0..5
to identify which of the generic traps the packet was related
to, or 6, in which case the other [enterprise specifc] field was
used to carry the information about what trap was being
triggered. Plus there are was another OID field in the v1 trap
packet that the manager application would get to identify the
[enteprise specific] trap since different agents on different types
of hardware would likely use the same values. The v1
approach was not great. With v2 packets this changes
somewhat. SMIv2 MIBs traps (NOTIFICATIONS) are not identified
as some integer value but rather as a node in the tree. The 6 generic
traps were specified as 6 children of a parent node down under a
new SNMPv2 subtree in the world-wide tree specification (with
node values 1..6, not 0..5). There is no longer a special trap
packet format for v2... the old v1 special fields are now v2
varbinds in a standard v2 response packet.
1.13.02.04 -- SNMPv1 Traps versus SNMPv2/v3 Notifications
In the SNMPv1 protocol, there is a single type of operation
to send an unsolicited message from an agent to a manager,
which is a [v1]Trap. SMIv1 uses the TRAP-TYPE construct to
define the conditions when such a message can be generated,
the identification of the message, and the management
information to be contained in the message.
When the second version of the SNMP framework was created,
it was realized that the simple model for sending unsolicited
messages needed to be generalized and a few problems solved.
The class of unsolicited messages was renamed to notfications,
and contained two types, which are v2TRAP (an unconfirmed
notification), and INFORM (a confirmed notification).
(Please note that an it is incorrect to characterize v1/v2TRAPs
as unreliable and INFORMs as reliable.) Due to politics at the time,
INFORMS were labelled as "manager-to-manager" communication.
However, this labelling has been fixed (and anyone that
claims that INFORMs are "manager-to-manager" communications
is living with a 1996 world view and not a present world
The first and second frameworks for SNMP-based management
do not contain a standard mechanism to configure where to
send notification nor the other details such as which type,
and the security parameter values. The result has been
proprietary definitions that vary in sophistication.
The simplest is a table of IP addresses where to send
traps (with no support for INFORMs, and other properties).
The third version of the SNMP framework contains in RFC 2573
and RFC 2576 a VERY RICH mechanism for managing notification
David T. Perkins
SUBJECT: SNMP and/versus the Web
SNMP MIB Browsers for Web Software
MibMaster, an SNMP to HTML Gateway from Equivalence
An evaluation version is available free. A fully-functional
version can be purchased.
Web Browsers as Network Agents/Managers
No data available.
SUBJECT: SNMP and Java
"If you have a Linux or Windows NT environment check out:
For Java see:
Carl H. Wist
Hope this helps.
Java Classes/Applets/Etc for SNMP
5645 Gibraltar Drive
Pleasanton, CA 94588 USA
Note: the above is one place to start, but don't
forget to search the Web
"Another option for building SNMP agents in Java is Sun's
Java Dynamic Management Kit (JDMK) product. Take a look at
JDMK is based on Java Beans -- as the agent developer, all you have to
do is to adhere to the Java Beans design patterns in your Java code.
An SNMP MIB compiler is provided that translates an SNMP MIB definition
into Java Beans, you then need to fill in the methods of the generated
> ... could some one tell me how to subscribe to the JDMK mailing
> list I have subscribed using the indication of the JDMK home page but I
> do not think some thing happening on this list :
You should subscribe by sending an email to firstname.lastname@example.org
containing in the body:
SUBSCRIBE JDMK-FORUM <your email address>
(I am not sure whether you should also remove your signature, but I
guess it is safer anyway)
To get a better response time, please direct your questions regarding
JDMK to the JDMK-FORUM list rather than to this forum.
The JDMK-FORUM archives are accessible at
You might want to have a look at the Java Dynamic Management Kit
Lots of links to Java sites, developers, code, etc.
[...]Furthermore, the coupling of Sun's Jini and JDMK looks promising for
creating "plug-and-manage" systems
You may want to mention Cyberons for Java -- SNMP Manager Toolkit from
This product sells for $499 per developer license and royalty-free
The product also provides high level functions such as device
discovery, MIB walks, columnar and row access to tabular data, etc.
A programmer's guide is available online at http://cyberons.com.
Cyberons for Java SNMP Manager Toolkit version 2.0 supports SNMP v3, and
includes easy-to-use classes which provide access to all v3 features. We
paid a great deal of attention while designing these classes to ensure that
management applications can be written to work with all versions of SNMP
with minimal differences in code, and provide numerous examples to
Also available as a separate product is Cyberons for Java SNMP Utilities
1.0, which is a set of utilities to work with the SNMP Manager Toolkit.
These utilities include a MIB compiler/loader, a MIB browser and test
More information about these products, including a complete programmer's
guide, can be obtained from http://cyberons.com
From Jan-Arendt Klingel ...
"Beside MIB-Master there is the JaSCA class library (Java SNMP Control
Applet). The URL is http://termiitti.akumiitti.fi/nixu/. The organisation
is called Nixu Oy and is located in Finland. One of the three authors is
Pekka Nikander (Pekka.Nikander@nixu.fi).
[Note: This site seems to have moved to www.nixu.fi, is all in Finnish.]
There is a mailing list called "Java Network Management Mailing List" on
email@example.com. To subscribe send an email to
firstname.lastname@example.org with a body of "subscribe java-nm". There is not
so much traffic on the list (maybe because of a bug in the majordomo
The URL http://www.West.nl/archive/java/snmp/ seems to have disappeared.
A very nice Java tool can be found on http://misa.zurich.ibm.com/~lde/.
It's Luca Deris hot application called "Liaison", developed at the IBM
Research Center in Zurich. There are SNMP and CMIS-agents to query network
[Note: Site reported unreachable, 11/20/98]
In the next three months I will hopefully present a network management
application with Java "droplets". The URL is http://18.104.22.168:8080.
Remember to switch off "lock ports above 1024" at your firewall."
If you are looking for creating SNMP agents in Java, you can look at :
JDMK : contains a mib compiler that creates java (agent) classes from a mib.
JMAPI : Java Management API (JMAPI)
Java Dynamic Management Kit : http://www.sun.com/software/java-dynamic
JMAPI : http://java.sun.com:80/products/JavaManagement/index.html
"JMGMT is a java implementation of a SNMP stack.
It also includes source code of examples [of]
how to start writing servlets and an agent with JMGMT.
The JMGMT java classes include packages for
* the representation of ASN.1 values,
* BER encoding and decoding of ASN.1 values,
* the representation of SNMP v1 packets,
* SNMP I/O with peers and connections,
* and SNMP exception handling.
2nd public release, now with full source code.
JMGMT is a java implementation of a SNMP v1 stack.
It also includes the complete source code of all classes
and examples how to start writing servlets and an agent with JMGMT.
The JMGMT java classes include packages for =
* the representation of ASN.1 values, =
* BER encoding and decoding of ASN.1 values, =
* the representation of SNMP v1 packets, =
* SNMP I/O with peers and connections, =
* and SNMP exception handling. =
The JMGMT classes are free and available for download on
API documentation is online at
You may try MIB Designer which is a Java 1.2.2/1.3 application
that will run on Unix if that Unix support one of the JREs.
MIB Designer has all the features you requested and much
more. It can be found at http://www.mibdesigner.com
SUBJECT: SNMP and CORBA
>I am currently using an SNMP Manager from SNMP Research on a UNIX
>Solaris box and am looking for a CORBA compliant SNMP Manager. Does
>anyone know of such an animal?
What do you mean when you say "CORBA compliant" SNMP manager?
If you mean that the SNMP manager should provide a CORBA programming
interface you will find some products when you search the internet
for the term "JIDM" (Joint Inter Domain Management).
I worked on such a project. SNMP and TL1 were embedded peers
running on top of Corba. Esentially, the implementation for
the SNMP functions made Corba service calls to get the data
they needed to satisfy the SNMP request.
The Corba layer abstracts the device and, thus, the SNMP/TL1/etc
developers worked at a high-level. This made it fast to support
new MIBs (as long as the Corba IDL was there), but at a
slight/moderate cost to performance. One challenge is the style
of IDL, i.e. course- or fine-grained object defs. Course grained
object defs makes it easy/efficient for such things as GUIs to
operate over Corba but meant SNMP had to pull a lot more data
than it typically needed to satisfy a SNMP request. Also [you]
have to provide "next" IDL methods otherwise it is very inefficient
for SNMP getNext hooks to repeatedly make Corba calls until the "right"
object is found. In sum, my impression is that if SNMP is the
primary method of managing a device, then SNMP/Corba stack is
questionable. If SNMP is a minor service, then maybe this is a
good choice. Either way, IDL designers need to consider SNMP
issues before they set the IDL into stone.
I understand there are tools/stds to convert MIBs into Corba IDL,
which would make it easy/efficient to stack SNMP over Corba. However,
this produces fine-grained object defs which may not be suitable for
Java/GUI impls that use such tools to serve as the primary mgmt
SUBJECT: SNMP and Visual Basic
Terri Coleman wrote:
> I need to be able to write SNMP Sets and Gets from within a Visual Basic
> application. Can anyone help?
Maybe this package of ocx's contains what you are looking for
Free trail version for download available.
LogiSoft AR has SNMPv2 toolkit for Visual Basic that includes SNMP
ActiveX control and utilities supporting v1 and v2c
Look up www.logisoftar.com
NETAPHOR SOFTWARE, INC., has recently released Cyberons, a
suite of ActiveX components for engineering and networking applications,
which includes a SNMP Manager control.
Please note that we do not support trap reception at this time, though this
feature will be included in our next release. But if you want to perform
SNMP Get, GetNext and Set operations with a real lightweight control, which
requires minimal VB code in order to be functional, I think you will find
the Cyberons product to be an ideal match.
You can check out our free 30-day trial by downloading it from
You may want to try Mabry Software. They have an OCX that you can download
SUBJECT: SNMP and IPv6
> I have a question regarding SNMP and IPv6, and more particularly
> SNMP v1 and IP v6.
> Can SNMP v1 be used over an IP v6 network?
> Daniel Fuchs
Yes. The only thing that is missing are concrete values for the
TDomain and appropriate TCs which define the address formats. This
is being worked on. The latest document is available at:
Discussions take place on the <email@example.com> mailing list.
> In that case how do you handle the agent-addr field of the
> trap v1 PDU? (agent-addr is NetworkAddress which is IpAddress
> which is OCTET STRING (SIZE(4)) which doesn't have enough room
> for an IP v6 address).
This not only applies to IPv6 but also to other non-IPv4 transports.
In general, agent-addr is broken and the second version of the
protocol operations use a trap format which does not have the
agent-addr field anymore.
> Now if you're agent is bilingual (or trilingual) how do you
> handle trap conversion from v2 to v1 when your network is
> based on IPv6?
With SNMPv3, you use the engineID to identify the originator of a
notification. In SNMPv2 or SNMPv1, you are lost.
> Is there any RFC that specifically addresses SNMP and IPv6 ?
Not really. The ID I have cited above is part of the solution. I am
not sure we need much more because UDP is UDP regardless which IP
version you use (except that the network layer address format changes).
SUBJECT: SNMP and C#
>I am planning to make an SNMP manager (using C#) that will query any SNMP
>agent. Currently I'm not able to find any SNMP libraries for C#. Can anyone
>point me to a direction.
>Also any simple C# code for SNMP will be helpful.
You access SNMP devices using the SNMP provider for WMI.WMI is wrapped by
the System.Management namespace classes.
Please refer the folowing link for more more details
Also, have a look at this snmp libraries for .NET:
Kumar Gaurav Khanna
I know some of you have posted looking for a C# Snmp library or one
for dotnet. Anyone who is interested check out NetToolWorks, Inc.
SUBJECT: SNMP and Perl
SNMP::Info - Object Oriented Perl5 Interface to Network devices and MIBs
SNMP::Info - Version 0.4
Max Baker ("firstname.lastname@example.org")
SNMP::Info was created at UCSC for the netdisco project
SNMP::Info gives an object oriented interface to information obtained
This module lives at http://snmp-info.sourceforge.net Check for newest
version and documentation.
1.20.00 --General Questions about SNMPv2
SUBJECT: What is SNMPv2?
SNMPv2 is a revised protocol (not just a new MIB)
which includes improvements to SNMP in the areas
of performance, security, confidentiality, and
SNMPv2 Framework :
The following RFCs identify the major components of SNMPv2.
RFC 1441 - Introduction to SNMP v2
RFC 1442 - SMI For SNMP v2
RFC 1443 - Textual Conventions for SNMP v2
RFC 1444 - Conformance Statements for SNMP v2
RFC 1445 - Administrative Model for SNMP v2
RFC 1446 - Security Protocols for SNMP v2
RFC 1447 - Party MIB for SNMP v2
RFC 1448 - Protocol Operations for SNMP v2
RFC 1449 - Transoport Mappings for SNMP v2
RFC 1450 - MIB for SNMP v2
RFC 1451 - Manager to Manger MIB
RFC 1452 - Coexistance between SNMP v1 and SNMP v2
Micha Kushner adds:
RFC Number Title Status
RFC 1901 Introduction to Community-based SNMPv2 Experim Standard
RFC 1902 SMI for SNMPv2 Draft Standard
RFC 1903 Textual conventions for SNMPv2 Draft Standard
RFC 1904 Conformance statements for SNMPv2 Draft Standard
RFC 1905 Protocol operations for SNMPv2 Draft Standard
RFC 1906 Transport mappings for SNMPv2 Draft Standard
RFC 1907 MIB for SNMPv2 Draft Standard
RFC 1908 Coexistence between SNMPv1 and SNMPv2 Draft Standard
Wes Hardaker adds:
"All SNMPv2 versions but one are historical. Only SNMPv2c is
experimental, but is widely accepted as the SNMPv2 standard. Note
that the other pieces of SNMPv2 (protocol, SMI, etc) are on the
standards track. Only the architecture that ties them together is
experimental. The SNMPv2 messaging protocol, etc, are referenced in
the SNMPv3 documents, which are on the standards track at draft
standard right now."
SUBJECT: What is SNMPv2*/SNMPv1+/SNMPv1.5/SNMP++?
SNMPv2 had been announced for many months, and most of us assumed that it was
accepted as the next step up from SNMPv1. That assumption was false. In fact there
were several points on which the members of the IETF subcommittee could not agree.
Primary among them was the security and administrative needs of the protocol.
Simply put, SNMPv2*/SNMPv1+/SNMPv1.5 is SNMPv2 without the contentious
pieces, but *with* the stuff everyone agrees is of value.
You may wish to check
for more details.
Edward M. Hourigan wrote:
: I keep hearing about SNMP++. What is it? Are there any web pages
: describing what it is?
I believe there is a Web site with this info at :
Hope this helps,
The original SNMP++ 2.6 sources can be found at
If you`re looking for a Linux/Solaris/Digital port you might
[Editor's Note: See also Part 2: Public Domain SNMP software]
I'd like to announce availability of MG-WinSNMP SDK V1.0b6,
a 32-bit implementation of WinSNMP specification. It is
available under the shareware license and you are welcome
to download it from the following URLs:
This release of MG-WinSNMP SDK (wsnmp32.dll, a 32-bit
winsnmp.dll library) by MG-SOFT Corporation has been
published in order to gain compatibility with the Revision
2.5f of SNMP++, an Open Specification for Object Oriented
Network Management Development Using C++ by Peter Erik
Mellquist, Hewlett Packard Company.
[Editor's Note: See also Part 2: Public Domain SNMP software]
SUBJECT: What is SNMPv2c?
SNMPv2c is the combination of the enhanced protocol features
of SNMPv2 without the SNMPv2 security. The "c" comes from the
fact that SNMPv2c uses the SNMPv1 community string paradigm
SUBJECT: What the heck other SNMPv's are there?
Unfortunately, many people are confused about the SNMP protocol
versions, which are:
SNMPv1 - a standard and widely used
SNMPv2p - party based, now obsolete (not used)
SNMPv2c - community based, "expermental", but has usage
SNMPv2u - user based, experimental and not used
SNMPv3 with USM - standards track, trying to get traction
In SNMPv1, there was no standards-track mechanism defined that
specified where to send traps, so every vendor defined their
own approach. The SNMPv3 framework documents include mechanisms
that can also be used in SNMPv1 and SNMPv2c. They are very
complicated, but do work in specifying the targets for traps
in SNMPv1 and traps and informs in SNMPv2c and SNMPv3.
David T. Perkins
My advice would be to make SNMPv1 the first priority and SNMPv3 the second.
I would not bother to implement SNMPv2c unless it came for free with the
There are several varients of the SNMPv2 protocol. They are:
SNMPv2p(OBSOLETE): For this version, much work was done to
update the SNMPv1 protocol and the SMIv1, and not just security.
The result was updated protocol operations, new protocol
operations and data types, and party-based security from
SNMPsec. This version of the protocol, now called
party-based SNMPv2 is defined by RFC 1441, RFC 1445,
RFC 1446, RFC 1448, and RFC 1449. (Note this protocol
has also been called SNMPv2 classic, but that name has
been confused with community-based SNMPv2. Thus, the
term SNMPv2p is preferred.)
SNMPv2c(experimental, but widely used): This version of the
protocol is called community string-based SNMPv2. It is
an update of the protocol operations and data
types of SNMPv2p, and uses community-based security from
SNMPv1. It is defined by RFC 1901, RFC 1905, and RFC 1906.
SNMPv2u(experimental): This version of the protocol uses the protocol
operations and data types of SNMPv2c and security based on users.
It is defined by RFC 1905, RFC 1906, RFC 1909, and RFC 1910.
SNMPv2*(experimental): This version combined the best features of
SNMPv2p and SNMPv2u. (It is also called SNMPv2star.) The
documents defining this version were never published as RFCs.
Copies of these unpublished documents can be found at the
WEB site owned by SNMP Research (a leading SNMP vendor and
previously a proponent of this version).
What this all means is that SNMPv2c is in current usage, whereas the
other variants are only around in limited form in labs are in some
versions of software that have been obsoleted.
1.22.00 --General Questions about SNMPv3
SUBJECT: What is SNMP V3?
Refer to http://www.ietf.org/html.charters/snmpv3-charter.html
"I am happy to announce that a SimpleTimes issue on SNMPv3 is now
available from the SimpleTimes Web server:
The journal is available in PostScript and HTML format. New
SimpleTimes issues are announced over a special mailing list. More
details about the SimpleTimes project and how to subscribe to this
mailing list can be found in the December 1997 issue or on the Web
I hope you all enjoy reading this issue on SNMPv3 and I wish you all
the best for 1998."
Juergen later added:
"You can find these links and many more on the SNMPv3 web page at:
Micha Kushner/David Partain adds:
RFC Number Title Status=PROPOSED
Status = 3D PROPOSED
RFC 2271 An Architecture for Describing SNMP Management Frameworks
RFC 2272 Message Processing and Dispatching for the Simple Network
Management Protocol (SNMP)
RFC 2273 SNMPv3 Applications
RFC 2274 User-based Security Model (USM) for version 3 of the
Simple Network Management Protocol (SNMPv3)
RFC 2275 View-based Access Control Model (VACM) for the Simple
Network Management Protocol (SNMP)
Status = 3DDRAFT STANDARD
RFC 2570 Introduction to Version 3 of the Internet-standard Network
Management Framework (Status=3DINFORMATIONAL)
RFC 2571 An Architecture for Describing SNMP Management Frameworks
RFC 2572 Message Processing and Dispatching for the Simple Network
Management Protocol (SNMP)
RFC 2573 SNMP Applications
RFC 2574 User-based Security Model (USM) for version 3 of the
Simple Network Management Protocol (SNMPv3)
RFC 2575 View-based Access Control Model (VACM) for the Simple
Network Management Protocol (SNMP)
Draft Coexistence between Version 1, Version 2, and Version 3
of the Internet-standard Network Management Framework
also, for SNMPv3 implementations ...
"See the list on
Bill Stallings writes:
My paper, "SNMPv3: A Security Enhancement to SNMP" published in the 4th
Quarter 1998 issue of the online journal IEEE Communications Surveys, is
now available at http://www.comsoc.org/pubs/surveys.
Some pertinent excerpts from the RFC index:
1157 Simple Network Management Protocol (SNMP). J.D. Case, M. Fedor,
M.L. Schoffstall, C. Davin. May-01-1990. (Format: TXT=74894 bytes)
(Obsoletes RFC1098) (Also STD0015) (Status: HISTORIC)
3410 Introduction and Applicability Statements for Internet-Standard
Management Framework. J. Case, R. Mundy, D. Partain, B. Stewart.
December 2002. (Format: TXT=61461 bytes) (Obsoletes RFC2570)
3411 An Architecture for Describing Simple Network Management Protocol
(SNMP) Management Frameworks. D. Harrington, R. Presuhn, B. Wijnen.
December 2002. (Format: TXT=140096 bytes) (Obsoletes RFC2571) (Also
STD0062) (Status: STANDARD)
3412 Message Processing and Dispatching for the Simple Network
Management Protocol (SNMP). J. Case, D. Harrington, R. Presuhn, B.
Wijnen. December 2002. (Format: TXT=95710 bytes) (Obsoletes RFC2572)
(Also STD0062) (Status: STANDARD)
3413 Simple Network Management Protocol (SNMP) Applications. D. Levi,
P. Meyer, B. Stewart. December 2002. (Format: TXT=153719 bytes)
(Obsoletes RFC2573) (Also STD0062) (Status: STANDARD)
3414 User-based Security Model (USM) for version 3 of the Simple
Network Management Protocol (SNMPv3). U. Blumenthal, B. Wijnen.
December 2002. (Format: TXT=193558 bytes) (Obsoletes RFC2574) (Also
STD0062) (Status: STANDARD)
3415 View-based Access Control Model (VACM) for the Simple Network
Management Protocol (SNMP). B. Wijnen, R. Presuhn, K. McCloghrie.
December 2002. (Format: TXT=82046 bytes) (Obsoletes RFC2575) (Also
STD0062) (Status: STANDARD)
3416 Version 2 of the Protocol Operations for the Simple Network
Management Protocol (SNMP). R. Presuhn, Ed.. December 2002. (Format:
TXT=70043 bytes) (Obsoletes RFC1905) (Also STD0062) (Status:
3417 Transport Mappings for the Simple Network Management Protocol
(SNMP). R. Presuhn, Ed.. December 2002. (Format: TXT=38650 bytes)
(Obsoletes RFC1906) (Also STD0062) (Status: STANDARD)
3418 Management Information Base (MIB) for the Simple Network
Management Protocol (SNMP). R. Presuhn, Ed.. December 2002. (Format:
TXT=49096 bytes) (Obsoletes RFC1907) (Also STD0062) (Status:
SUBJECT: What is RMON?
The Remote Network Monitoring MIB is a SNMP MIB for remote
management of networks. While other MIBs usually are created to
support a network device whose primary function is other than
management, RMON was created to provide management of a network.
RMON is one of the many SNMP based MIBs that are on the IETF
SUBJECT: RMON Standardization Status
RMON is one of the many SNMP based MIBs that are on the IETF
Standards track (RFC 1310). Currently (Jan 94) RMON has two
instantiations in the IETF standards process. First, RFC
1271 - a Proposed Standard, specifies the general structure
of RMON and the particulars of an Ethernet based RMON agent.
RFC 1513 - a Proposed Standard specifies the additional RMON
groups and specifics for a Token Ring network.
SUBJECT: RMON Working Group.
The RMON Working Group is an IETF Working Group under the Network
Management Area. The WG meets periodically - usually at all IETF
meetings. The WG maintains a mailing list for Questions and
Comments concerning RMON.
Mail List: mailto:email@example.com ?
If no luck there, try firstname.lastname@example.org
The group's charter can be found at:
SUBJECT: Joining the RMON Working Group Mailing List
To join the RMON Working Group mailing list, send mail to:
Mail List Request: mailto:email@example.com.
DO NOT send a request to join message to the general mailing list.
[Editor's Note: We have received a complaint that this request
may bounce. The claremont.edu addresses may no longer be active]
You may also wish to try: mailto:firstname.lastname@example.org
(Thanks to James Stansell for the detective work.)
SUBJECT: Historical RMON Records
There are copies of the RMON mailing list messages and meeting
minutes within the IETF archive structure - available at various
There is also a RMON archive directory which can be accessed via
anonymous ftp at:
jarthur.cs.hmc.edu, directory /pub/rmon
[Editor's Note: We have received a complaint that site no longer exists
(or, was not at home when someone called). Anyone know if this site remains active?
Is this the same place as jarthur.claremont.edu?]
SUBJECT: RMON Documents
1. RMON White Paper in the anonymous ftp directory at
jarthur.cs.hmc.edu. There are two formats: frame and postscript.
This paper was developed by members of the RMON working group
prior to an Interop. It is a superficial discussion of RMON.
2. Chapter 7 in "SNMP, SNMPv2 and CMIP: The Practical Guide to
Network Management Standards" by William Stallings, (c) 1993
Addison-Wesley, goes into some detail on the RMON MIB.
RMON2 is an IETF standards track effort.
The IETF RMON working group started on the RMON2 MIB module
back in the fall of 1994. It was published as RFC 2021 in
January 1997. All of the leading probe vendors, including
NetScout, Technically Elite, Solcom, HP, etc have probes
that support it. Also, many of the networking device manufacturers
including Bay Networks and 3Com have embedded RMON2 support
in their products.
There was an interoperability test summit in December 1997, which
was attended by all of the companies above plus Cisco and
The RMON2 specification is quite stable and ready for advancement
in the standards process. Two additions are in the works to be
published. They are RMON extensions for switches and an RMON
extension for fast networks.
The major difference [between RMON and RMON2] is that RMON provided
statistics only at the data link layer, where as RMON2 provides
statistics at the network and upper layers.
As to the original questions from Paul Black,
It is difficult to take advantange of all the features in RMON
with generic tools. With RMON2, it is even more difficult.
David T. Perkins [post edited for conciseness]
SUBJECT: What is ISODE?
ISODE (pronounced "eye-so-DEE") is an acronym for "ISO Develoment
Environment". It is an implementation of SNMP which can be used
as the starting point for further refinement by you. In order to use
it you must agree to the conditions. This quote is from "The Simple Book", 2nd ed.:
"[ISODE] is openly available but is NOT in the public domain. You are
allowed and encouraged to take this software and use it for any lawful
purpose. However, as a condition of use, you are required to hold
harmless all contributors."
Most MIB compilers seen by this editor sprang from ISODE roots.
SUBJECT: Where can I get ISODE?
The old archive was ...
4BSD/ISODE 8.0 SNMPv2 package
This distribution has moved.
One place a copy can be obtained is listed below.
Questions may be sent to ISODE-SNMPv2@ida.liu.se
Mailing list may be subscribed by sending mail to
A copy of the 4BSD/ISODE 8.0 SNMPv2 package
SUBJECT: Is there an ISODE SNMPv2 Mailing List?
Yes. To subscribe, send email to:
1.50.00 --Using SNMP to Monitor or Manage
SUBJECT:How do I calculate utilization using SNMP?
Brad Harris wrote:
> We are trying to setup T-1 utilization percentage stats using ifInOctets
> and ifOutOctets.
MANY ANSWERS FOLLOW:
I would suggest:
(DELTA(ifInOctets) + DELTA(ifOutOctets)) * 8
-------- * 100
(DELTA(sysUpTime) / 100) * 1 540 000
where DELTA(attribute) means the difference of the value
of attribute between two polls. Of course, the values for
ifInOctets, ifOutOctets and sysUpTime should be requested
in one single PDU.
Serial lines (including TDM systems like T1) measure interface
speed as half duplex. That is, the 1.544 Megabit per second
bandwidth is one way; a full duplex line actually has twice that
value. 1.544 Mb for transmit, 1.544 Mb for receive. If you want
the "interface utilization", then you would add outOctetcs and
inOctets together, as you did, but use 3088000 for the interface
If you want "line utilization" (which is more valuable for
typical management operations), you could use the "max" value of
in or out Octets, as in the previous example. This is more
useful, because the line may be at 50% utilization (using your
method) and still be saturated, if all traffic is going one way.
T. Max Devlin
Make sure your time delta doesn't exceed the wrap time the 32 bit MIB2
counters, ~6 Hrs for T1. Its a nice touch if ifInOctets and ifOutOctets are
bound in the same PDUs. Also bind sysUpTime in each PDU so you can detect
T1 circuits are duplex, you have to have separate
utilisation formulae for both in and out. Otherwise you run the risk of
missing that your heavily utilised in one direction because the other is
very light. In many configurations this is a likely situation, a short
frame requesting data from a server or mainframe resulting in megabytes
heading in the opposite direction.
To make your figures mean something useful, generate incoming and outgoing
utilization separately. A T1 link is full-duplex....1.544 Mbps in each
direction. An organizational T1 Internet link will saturate on the incoming
side while the outgoing side is less than half utilized. Your formula would
indicate that the link had some extra bandwidth capability when in reality
its a major bottleneck.
You are missing a few subtleties of getting this exactly right. What
you want to do is sample (all in one packet exchange) the values of
ifInOctets, ifOutOctets, and sysUptime. Then, you sample all three
again (after some interval) and use the three deltas to compute:
-- => Input % utilization
And likewise for output. Note that there are two factors of 100
folded into the denominator (that's why 154 instead of 1540000), one
since sysUptime is hundredths of a second and the second to get a
percent rather than a fraction. You could also fold the 8 and 154
together as well, but that's not an integer... And be sure your Delta
function properly accounts for wrapping.
You should do this periodically, each time computing the deltas from
the previous sample, dropping intervals that are "insane"
(e.g. sysUptime has a large delta [positive or negative] compared to
the wall [or monitoring system] clock). You will want to compute
_both_ deltas and plot them over time as well as extracting just the
maximum value. You want a sampling period that's small enough to
really indicate peaks, without being so short it overloads the
monitoring or monitored systems. If you can, you want to monitor both
ends of the line (ifOutOctets at one end may be greater than
ifInOctets at the other, in which case it's a better measure of load
in that direction).
Michael A. Patton
Dependent on your need for reproduction and historical tracking of the
utilization and other factors such as error rates, you might want to
consider purchasing a performance monitoring and reporting tool to help
you through some of this.
We have a tool for doing precisely what you want, and it also solves for
cases of counter roll-over and sysuptime resets. Our tool is called
ClearStats and is very economical and flexible. We have autodiscover
and automated/scheduled reporting. Check us out at
Dan Cox wrote:
> if you look in the rmon mib and look at the description of
> etherstatsoctets it tells you if you
> want to get utilization that you sample etherstatsoctets at two
> intervals and use this formula. I want someone to explain the formula
> to me.
> Here it is
> Packets * (9.6 + 6.4) + (Octets * .8)
> utilization = ----------------------------------------------
> Interval * 10,000
> I assuming this is for 10 mbps ethernet.
> What is the 9.6 and 6.4?
> Why do you need to know the number of packets?
> What formula do you use if you are using 100 mbps ethernet?
> What if it is full-duplex?
In the formula, 9.6 is the interpacket gap time in micro seconds.
6.4 is the preamble+start-frame-delimiter time in micro seconds.
Each time you send a packet, these are present.
The 10,000 is the speed. You change this to 100,000 for 100 Mb/s
For full duplex, the formula is the same, but it applies to
each channel. That is, full duplex is a point-to-point technology.
If you connect nodes A and B. There are essentially two dedicated
and contention free channels, one from from A to B and the other
from B to A. You can compute utilization on each channel.
David T. Perkins
Have a look at http://www.statscout.com/support/paper1.html for a little
bit of info on calculating utilization statistics.
Raja Kolli wrote:
> How do you represent the speed for full-duplex links e.g. full-duplex 10Mb
> ethernet, Should it be 10Mbps or 20Mbps? Or is there any other object (new
> ifType value etc.,) that can be used to represent full-duplex operation?
> Appreciate any pointers on the standrards.
Page 7 of RFC 2358, Definitions of Managed Objects for the Ethernet-like
Interface Types, describes how the ifSpeed object from IF-MIB should be
set for full-duplex ethernet interfaces:
[RFC quote deleted -- go get yourself a copy. Ed.]
So, the answer to your question is that for a full-duplex 10BaseT interface
ifSpeed should be 10Mbps, just as it is for a half-duplex interface.
C. M. "Mike" Heard
SUBJECT: What are Appropriate Operating Thresholds?
>We've just installed brand new PS Hubs and a SSII switch 3300 with SNMP
>capabilities from 3Com, and we're managing it with the Transcend Workgroup
>for Windows 6.0 application. Does anyone know which are the suitable
>thresholds for both hub and switch alarms? Basicly, I'd like to know just
>the more usual : Total errors, FCS errors, alignment errors, broadcast
>packets, runts, collisions, undersize and oversize packets, long and short
> Jorge Alaman~ac
[Editor's Note: T. Max Devlin's response has been edited to fit.
These out takes are noted by "[...]".]
Suitable thresholds are environmentally sensitive; everybody's "correct"
values area little different. The best you will get from products or
info sources are more "defaults" than "best guesses", IMHO. We've found
that the ideal setting for thresholds does not correlate to absolute
numbers, or even typical ranges. [...]
The best approach, seriously, to thresholding is to consider, not some
absolute concept of the perfect network metrics, but the results of the
thresholding. Essentially, you should look at a simple plot of your
values over a few hours and a few days (baselining), then pick a
threshold value that will result in an "appropriate" number of alerts.
If you want a log-style "this is how many times this happens", you might
want every peak to trip the threshold. If a more report-oriented "the
occurrences happened at this time", a slightly higher value might be
called for. "This is a problem, you should know about it even if you
can't 'fix' it" thresholds might trigger a few times a week, and the
"the network is broken; get busy" alerts should essentially be set high
enough so that they never happen under typical network conditions.
The real issue is not what the numbers should be, but how often you want
to know about it. [...]
But just so I don't leave you high and dry, here's some beginning
defaults, if you insist:
Total errors: <2%
FCS errors: <2%
Alignment errors: <1%
broadcast packets: Start with 10%; bring up if you are flooded, bring
down if it never triggers
runts: <1%, but some systems might have much larger values under normal
undersize and oversize packets: <1%
long and short events: <1%
T. Max Devlin
SUBJECT: Are MIBs available to monitor application traffic?
George Koukoulas wrote:
: I would like to find out if there are any MIBs about management
: of application traffic, meaning separate management of ftp,
: http, telnet, smtp, etc application traffic.
There are two to-be-published MIBs that may be of interest to you.
The Application Management MIB <draft-ietf-applmib-mib-11.txt> provides
statistics for application or service IO channels. On top of these
channels, one can have transaction streams with transaction kind
The WWW Services MIB <draft-ietf-applmib-wwwmib-11.txt> provides a core
set of statistics for Web services. It is written against an abstract
document transfer protocol. Mappings to FTP and HTTP are defined in the
Both MIBs have been approved by the IESG for publication as Prosposed
Standards. They are currently sitting in the queue of the RFC editor
waiting for publications as RFCs. Both MIBs are the product of the
application management working group.
SUBJECT: How can I make sense of the Interfaces Group?
You should definitely look at RFC 2863 which is the latest definition of
the interfaces group. The introductionary text is very valuable in order
to understand of the IF-MIB evolved over time.
> If an interface is full duplex, does that mean it can transmit at a
> rate of 'ifSpeed' in each direction simultaneously, or does it mean that
> the interface has 'ifSpeed' worth of bandwidth in total?
> Glenn Reesor
ifSpeed should represent an estimate of the bandwidth of the
interface. ifHighSpeed should be used if ifSpeed isn't
There seems to be rough consensus on the former interpretation, i.e.,
that the interface can transmit at a rate of 'ifSpeed' in each direction
> If an interface is half duplex, does that mean that it can transmit
> at a rate of 'ifSpeed' in each direction, but only one direction at a
> Glenn Reesor
There seems to be nearly universal agreement on this interpretation.
In searching the IETF mail archive (specifically 1998-07.mail.aug4)
I found the following two excerpts which might be helpful:
On Friday, 3 Apr 1998, Gary Hanson wrote:
> > Should the ifSpeed for a T1 interface be 1.54Mb or should it be 3.08Mb
> > in that it can sustain 1.54Mb in both the transmit and receive
> The latest <draft-ietf-trunkmib-ds1-mib-08.txt> for the DS1-MIB is
> unambiguous on this point. In section 3.1 it says to use 1544000
> for the ifSpeed for DS1 lines.
On Wednesday, 20 May 1998, John Flick wrote:
> > 5) How do you tell if the interface is half or full-duplex for
> > both ethernet and token ring interfaces?
> The current answer for Ethernet is ifMauType. Using ifSpeed, as one
> response suggested, has been used by some vendors (a survey I did a
> few months ago showed about half of the responders doubled ifSpeed for
> full-duplex, though most agreed that this is a kludge). The consensus
> of the hubmib WG was that this should be disallowed. The hubmib WG is
> currently debating whether ifMauType is adequate, or if we need to add
> an object for duplex mode to either the Ethernet MIB or IF-MIB.
The Interfaces Group of RFC1213 has been superseded by RFC2863 and RFC2864:
2863 The Interfaces Group MIB. K. McCloghrie, F. Kastenholz. June
2000. (Format: TXT=155014 bytes) (Obsoletes RFC2233) (Status: DRAFT
2864 The Inverted Stack Table Extension to the Interfaces Group MIB.
K. McCloghrie, G. Hanson. June 2000. (Format: TXT=21445 bytes)
(Status: PROPOSED STANDARD)
Although RFC1643 is a full-standard, it does not properly support
100 BaseT. It has been superseded by RFC2665, which does:
2665 Definitions of Managed Objects for the Ethernet-like Interface
Types. J. Flick, J. Johnson. August 1999. (Format: TXT=110038 bytes)
(Obsoletes RFC2358) (Status: PROPOSED STANDARD)
Even though these are all SMIv2 MIBS, everything in them except for the
Counter64 objects in the IF-MIB can indeed be implemented in an SNMPv1
SUBJECT: When do I use GETBULK versus GETNEXT?
You use GETNEXT, typically, to get selected columns from one or more
rows of a table. If you want the values for columns S(1)..S(s)
from columns C(1)..C(c) (where s<c)) for all rows in the table
(and there are N rows), you would make N+1 GETNEXT requests.
(This assumes that the varBinds for columns S(1)..S(s) will
fit in a request and response message.)
You use GETBULK, typically, as an optimisation of GETNEXT, and
you would not typically know how many rows will be in the table.
You just issue GETBULKs until you get all of the rows, just like
With GETNEXT, you know when you are done when the response is not
the next row. Likewise, with GETBULK. However, instead of getting
a single set of extra varBinds, you get upto the the value of
maxRepeaters. This behavior is called "overshoot". If the agent
and manager support large max message sizes, and the maxRepeaters
is large, then you will have many extra varBinds in the last
reponse to GETBULK. Typically, this is not too bad.
See RFC 1905 section 4.2.3 what the real correct behaviour of a
GetBulkRequest is. Especially study the situations under which an
agent returns less than the total number of repetitions.
I keep getting questions on GetBulk, and how it works and so on,
and especially multi-var bind GetBulk.
I'll attach an part email I've had to send out recently, which can
be dumped into the FAQ. Feel free to edit/clean up as needed.
[Editor's Note: See http://www.pantherdig.com/snmpfaq/getbulk01.html]
SUBJECT: What free products can be used to monitor?
> I am looking for some Network Monitoring Software that will give
> alerts when a device or server goes down and that will also log and
> monitor snmp information for devices and be able to graph the data it
I use a combination of nagios (updated version of netsaint) and mrtg with
rrdtool. Nagios provides complete network monitoring, including device and
service availability. It will even produce graphics of the nodes in your
Mrtg allows you to graph any snmp object on your network; the most common of
which are incoming and outgoing traffic. I also use it to monitor cpu usage,
disk usage and webcache requests.
RRDtool is an alternative logger for mrtg, which does not generate graphs
automatically, in order to save cpu time.
If you do not want to go down the free route, there is program for windows
that will do all of this (except you cannot choose any snmp object to
graph - only traffic) from Solarwinds, called Network Performance Monitor.
Their website is at http://www.solarwinds.net/.
1.75.00 -- SNMP Engineering and Consulting
SUBJECT: SNMP Engineering and Consulting Firms
[Editor's Note: Business entities named in this section should have
a minimum of three years of direct experience implementing SNMP
solutions at either the manager or agent node.]
Core Competence Inc.
David M. Piscitello
3 Myrtle Bank Lane
Hilton Head, SC 29926
Phone: (843) 683-9988
Fax: (843) 689-5595
SNMP Research International, Inc.
3001 Kimberlin Heights Road
Knoxville, TN 37920-9716
SNMP Research provides consulting and development services in
conjunction with the licensing of our products and development tools.
Our customers' needs include the following:
Our expertise and business model allows us to match
our resources with customers' needs anywhere along this spectrum.
Panther Digital Corporation
OEM Software Engineers and Consultants
G & H Computer Services, Inc
Daytona Beach, FL
904 253-1545 FAX
Prism Communications, Inc
10015 Old Columbia Road, Suite F-100
Columbia MD 21046
Prism Communications has extensive experience with
the development of SNMP v1/2/3 based solutions
including RMON1/2 and AgentX.
Customers look to us to design enterprise MIBs,
develop embedded agents, extend/develop manager
frameworks, develop scripts for detailed testing.
We have extensive experience with VxWorks/pSOS,
Win32 and Solaris environments and are a Solutions
Partner for HP OpenView.
END OF PART 1, SNMP FAQ PLEASE CONTINUE WITH PART 2.