This wiki has been migrated to and is now deprecated. Please use that site instead.

Simple Network Management Protocol (SNMP)

SNMP is used to monitor and manage devices on a network.


XXX - add a brief description of SNMP history

Protocol dependencies

Typically, SNMP uses ["UDP"] as its transport protocol. The well known UDP ports for SNMP traffic are 161 (SNMP) and 162 (SNMPTRAP). It can also run over ["TCP"], ["Ethernet"], ["IPX"], and other protocols. ["ATM"] uses SNMP as its ["ILMI"] (Integrated Local Management Interface) protocol.

Example traffic

attachment:SampleCaptures/b6300a.cap A bunch of GETs and RESPONSEs


The SNMP dissector is fully functional.

Preference Settings

Ethereal's SNMP protocol preferences let you control the display of the OID in the info column, desegmentation of SNMP over TCP, and which MIB modules to load. Ethereal uses the [ Net-SNMP] or UCD SNMP libraries to resolve OIDs, so you can also configure this behavior using the MIBS environment variable or by editing snmp.conf as described in the [ Net-SNMP Tutorial].

For Unix systems, the MIB files are stored in /usr/local/share/snmp/mibs. For Windows, use C:\Program Files\Ethereal\snmp\mibs.

When specifying the MIB modules to load, use a colon separator for Unix and a semi-colon for Windows. The MIB name to use may be discovered by looking for the DEFINITIONS keyword in the MIB file. Note that the MIB name is not necessarily the name of the file itself.

Many network-related MIBs definitions can be downloaded from

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Ethereal can open gzipped files automatically.

Display Filter

A complete list of SNMP display filter fields can be found in the [ display filter reference]

Capture Filter

You cannot directly filter SNMP protocols while capturing. However, if you know the ["UDP"] ports used (see above), you can filter on that ones.

SGMP (an ancestor of SNMP):



SNMPv2 (Community based)