Home

SNMPTraps

SNMPTraps are asynchronous notifications generated by managed devices (routers, switches, servers, UPS, and applications) to a Network Management System (NMS) to report events or conditions. They form part of the Simple Network Management Protocol (SNMP) framework and allow devices to alert management software without polling.

Operation: A device detects an event and sends a trap message to the configured trap receiver. In

Security and transport: Traps are usually sent over UDP to port 162 by default, though configurations vary.

Examples and usage: Common trap types include linkDown, linkUp, coldStart, warmStart, authenticationFailure. Traps are widely used

SNMPv1
traps
are
sent
as
Trap
PDUs
with
an
enterprise
OID,
the
agent's
IP
address,
a
generic
trap
type
(0-6)
and
a
specific
trap
code,
plus
a
set
of
variable
bindings.
In
SNMPv2c
and
SNMPv3,
the
common
approach
is
to
use
InformRequest
PDUs
for
reliable
delivery;
traps
may
still
be
used
for
compatibility.
The
message
carries
variable
bindings
that
convey
event
data,
such
as
sysUpTime,
OIDs
for
the
event,
and
values.
SNMPv1
and
SNMPv2c
rely
on
a
community
string
for
authentication,
which
is
unauthenticated
and
unencrypted.
SNMPv3
adds
user-based
security
models
with
authentication
(MD5/SHA)
and
privacy
(DES/AES).
for
alerting,
fault
detection,
and
proactive
management;
they
are
often
centralized
in
an
NMS
and
integrated
into
SIEM
or
incident-management
workflows.
Best
practices
include
restricting
trap
receivers
to
trusted
hosts,
using
SNMPv3
where
possible,
filtering
traps
by
severity,
and
ensuring
time
synchronization.