SNMP Trap
What is Port 162?
Port 162 is used by SNMP Trap messages, which are unsolicited notifications sent from managed devices (agents) to the network management station (NMS). Unlike regular SNMP queries on port 161 where the manager polls devices, traps are proactive alerts sent by devices when important events occur — such as interface failures, temperature thresholds being exceeded, authentication failures, or configuration changes. SNMP traps enable real-time event notification without the overhead of continuous polling. SNMPv2c introduced the INFORM message type, which adds reliability by requiring acknowledgment from the receiver. SNMP traps are essential for network operations centers (NOCs) and are processed by monitoring tools to trigger alerts, create incidents, and initiate automated remediation workflows.
Common Uses
- Real-time network event notifications
- Interface up/down alerts from routers and switches
- Threshold-based alerting for resource utilization
- Security event notification from network devices
Technical Details
Copy-paste commands to check port 162 (SNMP Trap) from your terminal
Test connectivity
nmap -p 162 -sU -sV example.com
(echo > /dev/tcp/example.com/162) 2>/dev/null && echo "open" || echo "closed"
Open port in firewall
sudo ufw allow 162/udp
sudo iptables -A INPUT -p udp --dport 162 -j ACCEPT
sudo firewall-cmd --permanent --add-port=162/udp && sudo firewall-cmd --reload
Security Considerations
SNMP traps in v1/v2c are unauthenticated and can be spoofed, potentially flooding management systems with false alerts. Use SNMPv3 with INFORM messages for authenticated, encrypted trap delivery. Restrict port 162 to accept traffic only from known, managed devices. Implement rate limiting to prevent trap storms.
Popular Ports Reference
The most commonly used and referenced network ports