> For the complete documentation index, see [llms.txt](https://ceh-practical.cavementech.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ceh-practical.cavementech.com/module-4.-enumeration/2.-snmp-enumeration-port-161-162.md).

# 2. SNMP Enumeration (Port 161,162)

## <mark style="color:red;">1. SNMP Enumeration using snmp-check</mark>

first scan the target to check open port

```
sudo nmap -sU -sV -p 161 192.168.18.110
```

Now enumerate it

```
snmp-check 192.168.18.110
```

## <mark style="color:red;">2. SNMP Enumeration with softperfect Network scanner</mark>

Windows.

{% embed url="<https://www.softperfect.com/products/networkscanner/>" %}

<figure><img src="/files/lMl98l3f4AtPzxtmUhXN" alt=""><figcaption></figcaption></figure>

## 3. Perform SNMP Enumeration using SnmpWalk

```
snmpwalk -v1 -c public 192.168.18.110
```

{% hint style="info" %}
-v1 is the version

-c is the string
{% endhint %}

<figure><img src="/files/gMsPvgtb8icTD3A0gxxC" alt=""><figcaption></figcaption></figure>

For snmp version 2,use the following command

```
snmpwalk -v2c -c public 192.168.18.110
```

<figure><img src="/files/491CYJTn5W62mjvI4ov8" alt=""><figcaption></figcaption></figure>

## <mark style="color:red;">4. SNMP Enumeration using NMAP</mark>

```
sudo nmap -sU -P 161 --script snmp-sysdesc 192.168.18.110
sudo nmap -sU -P 161 --script snmp-processes 192.168.18.110
```

```
sudo nmap -sU -P 161 --script snmp-win32-software 192.168.18.110// List processes running on windows servers
```

```
sudo nmap -sU -P 161 --script snmp-interfaces 192.168.18.110
```

## <mark style="color:red;">5. Other SNMP enumeration Tools</mark>

```
nmap -sU -p 161 10.10.1.2
nmap -sU -p 161 --script=snmp-brute 10.10.1.2

# Expoilt SNMP with Metasploit
msfdb init && msfconsole ↵
use auxilary/scanner/snmp/snmp_login ↵
set RHOSTS 10.10.1.2 ↵
exploit ↵
  
use auxilary/scanner/snmp/snmp_enum ↵
set RHOSTS 10.10.1.2 ↵
exploit ↵
```

{% embed url="<https://www.udemy.com/course/ethical-hacker-practical/?referralCode=289CF01CF51246BCAD6C>" %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://ceh-practical.cavementech.com/module-4.-enumeration/2.-snmp-enumeration-port-161-162.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.