SNMP Surveillance Tool (Experimental)

This concept tool is a comprehensive SNMP auditing and monitoring recorder designed for Windows NMS servers. It passively captures all SNMP traffic (v1, v2c, and v3) using Npcap, logging both incoming and outgoing packets with full details such as timestamps, packet size, direction, PDU type, varbinds, request IDs, and SNMPv3 usernames. It generates multiple outputs—including a detailed human-readable CSV, an encrypted CSV for secure storage, a tamper-evident hash chain file. It is designed for auditing, compliance, troubleshooting, performance analysis, and long-term forensic retention of SNMP behaviour on any network management system or proxy gateway server running Windows Server but could be adapted to run on Linux with minor code alterations.

SNMP Packet Capture Tool Running

2025-12-04 16:38:51 [INFO] Npcap service 'npcap' is running.
2025-12-04 16:38:51 [INFO] Capture interface from config: \Device\NPF_Loopback
2025-12-04 16:38:51 [INFO] Local IPs: 127.0.0.1, 192.168.1.13
2025-12-04 16:38:51 [INFO] BPF filter: udp port 161 or udp port 162
2025-12-04 16:38:51 [INFO] Starting SNMP capture...
2025-12-04 16:38:51 [INFO] Interface: \Device\NPF_Loopback
2025-12-04 16:38:51 [INFO] Press Ctrl-C to stop.
2025-12-04 16:39:08 [INFO] [SNMP-v3] local 127.0.0.1:49666 -> 127.0.0.1:162 len=222
2025-12-04 22:21:09 [INFO] [SNMP-v3] local 127.0.0.1:58119 -> 127.0.0.1:162 len=222
2025-12-04 22:21:10 [INFO] [SNMP-v3] local 127.0.0.1:58120 -> 127.0.0.1:162 len=222
2025-12-04 22:21:11 [INFO] [SNMP-v3] local 127.0.0.1:58121 -> 127.0.0.1:162 len=222
2025-12-04 22:21:11 [INFO] [SNMP-v3] local 127.0.0.1:58122 -> 127.0.0.1:162 len=222
2025-12-04 22:21:11 [INFO] [SNMP-v3] local 127.0.0.1:58123 -> 127.0.0.1:162 len=222
2025-12-04 22:21:11 [INFO] [SNMP-v3] local 127.0.0.1:58124 -> 127.0.0.1:162 len=222
2025-12-04 22:21:11 [INFO] [SNMP-v3] local 127.0.0.1:58125 -> 127.0.0.1:162 len=222
2025-12-04 22:21:14 [INFO] [SNMP-v3] local 127.0.0.1:58126 -> 127.0.0.1:162 len=222
2025-12-04 22:21:14 [INFO] [SNMP-v3] local 127.0.0.1:58127 -> 127.0.0.1:162 len=222
2025-12-04 22:21:15 [INFO] [SNMP-v3] local 127.0.0.1:58128 -> 127.0.0.1:162 len=222

Generating SNMP Packets

Screenshot of a network management tool called SNMP Trap/Inform Generator. The interface shows settings for generating SNMP traps, including target host 127.0.0.1, port 162, and community 'public'. There is a single enabled trap with its OID and description. The log at the bottom indicates a successful trap sent to the target.
Screenshot of a network security application showing SNMP Trap Receiver configuration, including settings, user credentials, encryption keys, and a table of logged trap events with timestamps and community strings.

Receiving SNMP Packets


  







  
SNMP Encoded Log Tool























  
  















































  

    
  
    

      

        

          

          
          

          
            
              

                
            
            
            
            
            
            
            Screenshot of SNMPv3 Offline Decode software displaying a log file with encrypted SNMP data, including timestamps, IP addresses, and encrypted messages.

            
              
            
            

          
              

            
          

        

      

    

    
  


  







  
SNMP Decode Log Tool























  
  















































  

    
  
    

      

        

          

          
          

          
            
              

                
            
            
            
            
            
            
            Screenshot of SNMPv3 log decoder showing encrypted log entries with timestamp, source IP, destination IP, user, engine ID, trap OID, and value list details.