Friday, June 22, 2012

Scan a network for Public and Private SNMP with Linux

This applies, in my case, to a Virtualbox VM running Backtrack 5r2. I
have a network I inherited. It has been a source of pain that few
could describe. Recent events had me curious, "How to I find out if I
have dumb SNMP configurations on my network?" Often devices come with
bad SNMP and other times people do dumb things, and sometimes there is
a calamitous combination of the two.

The tool of my choice to scan for public and private community strings
was Snmpwalk on Backtrack. I am sure there are other tools and it
might not be the perfect choice, thus my initial frustration at the
lack of documentation and my desire to create this post.

Snmpwalk is available for many linux distributions and offers a huge
array of capabilities. For a quick sample of snmpwalk commands you
can check Kioptrix ( I went with
a very basic command as I was hoping to not get any results at all.
The command I went with was:

snmpwalk -c public -v1 targetIP

This worked great for a single IP address but I had a whole class c
network to scan. So it was time to use some bash to make this work.
I must confess I love Linux but have the most experience with Windows.
If you are like me then you might be interested in a way to scan a
whole network.

for i in {1..254}; do snmpwalk -c public -v1 192.168.10.$i >> snmp_scan_$i; done

This will scan all the IPs from to for
devices with SNMP configured with a community string of "public". You
can change this to scan for "private" or scan other IP ranges. I am
sure there is a better way to filter out the "No Response from .."
messages. But this worked for me and I wanted to give back to the

If you found this at all helpful then please leave a comment!

No comments:

Popular Posts