Simple Network Management Protocol (SNMP) and Traps (172879)


The information in this article applies to:

  • Microsoft Windows NT Server 3.1
  • Microsoft Windows NT Workstation 3.1
  • Microsoft Windows NT Advanced Server 3.1
  • Microsoft Windows NT Workstation 3.5
  • Microsoft Windows NT Workstation 3.51
  • Microsoft Windows NT Workstation 4.0
  • Microsoft Windows NT Server 3.5
  • Microsoft Windows NT Server 3.51
  • Microsoft Windows NT Server 4.0
  • Microsoft Windows 95
This article was previously published under Q172879

SUMMARY

Simple Network Management Protocol (SNMP) is a protocol-based network management system. It is used to manage TCP/IP-based and IPX-based networks. Information on SNMP can be found in the Internet Request for Comment (RFC) 1157.

Microsoft provides an SNMP agent, or client, for Windows NT and Windows 95. Microsoft, however, does not offer any management capabilities. There are third-party companies that offer products specifically designed for SNMP management. Some such products include, but are not limited, to the following:

HP Openview (Hewlett Packard)
NMC4000 (DEVELCON)
Compaq Insight Manager (Compaq)

The third-party products discussed here are manufactured by vendors independent of Microsoft; we make no warranty, implied or otherwise, regarding these products' performance or reliability.

MORE INFORMATION

SNMP provides the ability to send traps, or notifications, to advise an administrator when one or more conditions have been met. Traps are network packets that contain data relating to a component of the system sending the trap. The data may be statistical in nature or even status related.

SNMP traps are alerts generated by agents on a managed device. These traps generate 5 types of data:

  • Coldstart or Warmstart: The agent reinitialized its configuration tables.
  • Linkup or Linkdown: A network interface card (NIC) on the agent either fails or reinitializes.
  • Authentication fails: This happens when an SNMP agent gets a request from an unrecognized community name.
  • egpNeighborloss: Agent cannot communicate with its EGP (Exterior Gateway Protocol) peer.
  • Enterprise specific: Vendor specific error conditions and error codes.
By default, Microsoft SNMP agents do not trap anything under enterprise specific. This can change, however, depending on what is installed on the computer. For example, Microsoft Systems Management Server includes an event-to-trap translator that translates Windows NT events into SNMP traps and sends them to the trap host.

How Traps are Generated

Traps are generated when a condition has been met on the SNMP agent. These conditions are defined in the Management Information Base (MIB) provided by the vendor. The administrator then defines thresholds, or limits to the conditions, that are to generate a trap. Conditions range from preset thresholds to a restart. After the condition has been met the SNMP agent then forms an SNMP packet that specifies the following:

SNMP Version: v1 or v2

Community: Community name of the SNMP agent (defined on the agent)

PDU TYPE: SNMPvX Trap (4)

Enterprise: Corporation or organization that originated the trap, such as .1.3.6.1.4.1.x

Agent Address: IP address of the SNMP agent

Generic Trap Type: Cold Start, Link Up, Enterprise, etc.

Specific Trap Type: When Generic is set to Enterprise a specific trap ID s identified

Timestamp: The value of object sysUpTime when the event occurred

Object x Value x: OID of the trap and the current value

The above packet is sent to the SNMP trap host, or manager, through UDP port 162.

Packet Format: 
    ------------------------------------------------------
   | Version | Community |  TRAP PDU |
    ------------------------------------------------------
Trap PDU Format: 
    ----------------------------------------------------------------------
   | PDU TYPE | Enterprise | Agent IP | GEN trap | Spec Trap | Time Stame |
    ----------------------------------------------------------------------

    ------------------
   |OBJ 1 Val 1| .....| |-Variable Bindings-|
    ------------------
NOTE: The Trap PDU Format above is all one packet and has been wrapped for readability.

Where is all of this information stored?

All of the values that SNMP reports are dynamic and are not stored in any file or registry key. However, the information needed to get the specified values is stored in the Management Information Base (MIB). This information ranges from Object IDs (OIDs) to Protocol Data Units (PDUs). The MIBs must be located at both the agent and the manager to work effectively.

Glossary

Manager: Third-party software used to configure thresholds and monitor SNMP information.

MIB: Management Information Base. A database that defines the PDUs and OIDs.

OID: Object Identifier. This is a unique ID # that is used to identify system objects; for instance, .1.3.6.1.4.1.311 identifies the Microsoft enterprise.

PDU: Protocol Data Unit. PDUs are the building blocks of SNMP messages.

Trap host: Manager responsible for monitoring SNMP traps.
Modification Type:MajorLast Reviewed:4/13/2004
Keywords:kbinfo kbnetwork kbSNMP KB172879
©2004 Microsoft Corporation. All rights reserved.