You are currently offline, waiting for your internet to reconnect

Simple Network Management Protocol (SNMP) and Traps

This article was previously published under Q172879
This article has been archived. It is offered "as is" and will no longer be updated.
Simple Network Management Protocol (SNMP) is a protocol-based networkmanagement system. It is used to manage TCP/IP-based and IPX-basednetworks. Information on SNMP can be found in the Internet Request forComment (RFC) 1157.

Microsoft provides an SNMP agent, or client, for Windows NT and Windows 95.Microsoft, however, does not offer any management capabilities. There arethird-party companies that offer products specifically designed for SNMPmanagement. Some such products include, but are not limited, to thefollowing:
HP Openview (Hewlett Packard)
Compaq Insight Manager (Compaq)
The third-party products discussed here are manufactured by vendorsindependent of Microsoft; we make no warranty, implied or otherwise,regarding these products' performance or reliability.
SNMP provides the ability to send traps, or notifications, to advise anadministrator when one or more conditions have been met. Traps are networkpackets that contain data relating to a component of the system sending thetrap. The data may be statistical in nature or even status related.

SNMP traps are alerts generated by agents on a managed device. These trapsgenerate 5 types of data:

  • Coldstart or Warmstart: The agent reinitialized its configuration tables.
  • Linkup or Linkdown: A network interface card (NIC) on the agent either fails or reinitializes.
  • Authentication fails: This happens when an SNMP agent gets a request from an unrecognized community name.
  • egpNeighborloss: Agent cannot communicate with its EGP (Exterior Gateway Protocol) peer.
  • Enterprise specific: Vendor specific error conditions and error codes.
By default, Microsoft SNMP agents do not trap anything under enterprisespecific. This can change, however, depending on what is installed on thecomputer. For example, Microsoft Systems Management Server includes anevent-to-trap translator that translates Windows NT events into SNMP trapsand sends them to the trap host.

How Traps are Generated

Traps are generated when a condition has been met on the SNMP agent. Theseconditions are defined in the Management Information Base (MIB) provided bythe vendor. The administrator then defines thresholds, or limits to theconditions, that are to generate a trap. Conditions range from presetthresholds to a restart. After the condition has been met the SNMP agentthen forms an SNMP packet that specifies the following:
SNMP Version: v1 or v2

Community: Community name of the SNMP agent (defined on the agent)


Enterprise: Corporation or organization that originated the trap, such as .

Agent Address: IP address of the SNMP agent

Generic Trap Type: Cold Start, Link Up, Enterprise, etc.

Specific Trap Type: When Generic is set to Enterprise a specific trap ID s identified

Timestamp: The value of object sysUpTime when the event occurred

Object x Value x: OID of the trap and the current value
The above packet is sent to the SNMP trap host, or manager, through UDPport 162.

Packet Format:
    ------------------------------------------------------   | Version | Community |  TRAP PDU |    ------------------------------------------------------				
Trap PDU Format:
    ----------------------------------------------------------------------   | PDU TYPE | Enterprise | Agent IP | GEN trap | Spec Trap | Time Stame |    ----------------------------------------------------------------------    ------------------   |OBJ 1 Val 1| .....| |-Variable Bindings-|    ------------------				
NOTE: The Trap PDU Format above is all one packet and has been wrapped forreadability.

Where is all of this information stored?

All of the values that SNMP reports are dynamic and are not stored in anyfile or registry key. However, the information needed to get the specifiedvalues is stored in the Management Information Base (MIB). This informationranges from Object IDs (OIDs) to Protocol Data Units (PDUs). The MIBs mustbe located at both the agent and the manager to work effectively.


Manager: Third-party software used to configure thresholds and monitor SNMP information.

MIB: Management Information Base. A database that defines the PDUs and OIDs.

OID: Object Identifier. This is a unique ID # that is used to identify system objects; for instance, . identifies the Microsoft enterprise.

PDU: Protocol Data Unit. PDUs are the building blocks of SNMP messages.

Trap host: Manager responsible for monitoring SNMP traps.

Article ID: 172879 - Last Review: 12/04/2015 17:40:28 - Revision: 4.0

Microsoft Windows NT Advanced Server 3.1, Microsoft Windows NT Workstation 3.1, Microsoft Windows NT Advanced Server 3.1, Microsoft Windows NT Workstation 3.5, Microsoft Windows NT Workstation 3.51, Microsoft Windows NT Workstation 4.0 Developer Edition, Microsoft Windows NT Server 3.5, Microsoft Windows NT Server 3.51, Microsoft Windows NT Server 4.0 Standard Edition, Microsoft Windows 95

  • kbnosurvey kbarchive kbinfo kbsnmp kbnetwork KB172879