SNMP Enumeration is a technique used in cybersecurity—especially during penetration testing or ethical hacking—to gather detailed information from devices that use the Simple Network Management Protocol (SNMP).

🧠 What Is SNMP?

SNMP (Simple Network Management Protocol) is an application-layer protocol used to monitor and manage network devices like:

• Routers
• Switches
• Servers
• Printers
• Workstations

It operates over UDP ports 161 (queries) and 162 (notifications) and relies on components like:

• SNMP Manager: Collects data from devices.
• SNMP Agent: Runs on devices and responds to queries.
• MIB (Management Information Base): A database of device parameters identified by OIDs (Object Identifiers).

🔍 What Is SNMP Enumeration?

SNMP Enumeration is the process of querying SNMP-enabled devices to extract:

• System names and descriptions
• Network interfaces and IP addresses
• Running services and open ports
• User accounts and groups
• CPU and memory usage
• Installed software and uptime

This is done using community strings, which act like passwords:

• public (read-only)
• private (read-write)

If these strings are left at default or weak values, attackers can easily retrieve sensitive data.

🧪 Tools for SNMP Enumeration

Example command using snmpwalk:

snmpwalk -v2c -c public 192.168.1.1

⚠️ Risks of SNMP Enumeration

• Exposure of sensitive system data
• Identification of vulnerable services
• Potential for remote configuration changes (if write access is available)

🛡️ How to Defend Against It

• Change default community strings (public, private)
• Use SNMPv3 (supports encryption and authentication)
• Restrict SNMP access to trusted IPs
• Monitor SNMP traffic for anomalies
• Disable SNMP if not needed