Set up Net-SNMP Agent on Windows

This article shows you how to turn your Windows box into an SNMP-enabled host, using Net-SNMP.

Step 1: Installation

Obtain installation (binary) package from Net-SNMP site and install using all default setting. By default, the Net-SNMP is installed under C:/usr. Follow the list of snapshots below to download and install the latest stable version of Net-SNMP.

Step 2: Configuration

Add Net-SNMP to the path. Go to “Control Panel”->”Performance and Maintenance”->”System”. Click “Advanced” Tab. Then click “Environment Variables”. From System Variables list, select Path, then click “Edit” button. Append “C:net-snmpbin” to Path variable value. Then click “OK”->”OK”->”OK” to save.

Select “Start”->”Run” to open a DOS prompt. Then at the prompt, type “snmpconf –i”. Then select C:/net-snmp/etc/snmp/snmp.conf to read the default setting in.

Select snmpd.conf, which is configuration file for the Net-SNMP SNMP agent. It’s documented on this SNMPD.CONF page. The snmp.conf file the configuration file for the Net-SNMP applications and it’s documented on this SNMP.CONF page.

The most basic configuration is to set up read and write communities and community strings. To do so, select 1 for “Access Control Setup”.

Select “3: a SNMPv1/SNMPv2c read-only access community name“. Hit Return key.

Enter “public” as the community string; you can enter any string you like. The community string works a bit like password. Then enter nothing for both “the hostname or network address to accept…” and for “The OID that this community ….”. By entering nothing, we specify that we will accept SNMP queries from all hostnames and all network addresses and that this community can view all MIBs installed on this SNMP agent.

Select “4: a SNMPv1/SNMPv2c read-write access community name“. Hit Return key.

Enter “public” as the community string. Then enter nothing for both “the hostname or network address to accept…” and for “The OID that this community ….”. By entering nothing, we specify that we will accept SNMP read-write queries for this community from all hostnames and all network addresses and that this community can view all MIBs installed on this SNMP agent.

To exit and save snmpd.conf, enter “finished” -> “finished” -> “quit”.

To verify the Net-SNMP has been configured correctly, go to C:net-snmpbin and double click “snmpd.exe” to run the SNMP agent.

You may see this warning message because SNMPD would try to bind to several TCP ports (161 for general SNMP messages and 162 for trap messages), just click “Unblock”. If you are not the admin of your machine, you might want to ask your admin whether you can run a SNMP agent on your machine.

You should see a terminal that looks like this. This is the log windows of snmpd.exe. Only close it if you want to kill snmpd.exe.

Now you are ready to poll network info from your SNMP-enabled box! At the prompt, type “snmpwalk –v 2c –c public localhost”. The “snmpwalk” command retrieves a subtree of management values using SNMP GETNEXT requests. It’s syntax is as followed:

snmpwalk [APPLICATION OPTIONS] [COMMON OPTIONS] [OID]

If no argument is given, snmpwalk will search the subtree rooted at SNMPv2-SMI::mib-2. The “-v 2c” option tells snmpwalk to use SNMP version 2c, whereas the “-c public” option specifies the public community string. Lastly, “localhost” option tells snmpwalk to query from localhost.

C:\usr\etc\snmp> snmpwalk -v 2c -c public localhost

To set up SNMPv3 security, here is a short instruction, thanks to this article on netadmintools.com. First, add the following two lines to snmpd.conf

createUser jess MD5 "jess_password" DES
rouser jess

Make sure you restart the Net-SNMP Agent service after these changes. This will set up a read only user jess that will authenticate with the passphrase jess_password using MD5/DES for encryption. Note that the password is available in plain text in the file, unlike with the GNU/Linux configuration; however, the traffic is still encrypted.

Now we can get the sysUpTime, how long snmpd has been running.

C:\usr\etc\snmp> snmpget -v 3 -u jess -l authNoPriv -a MD5 -A jess_password localhost sysUpTime.0