Port 199 carries SMUX traffic, the SNMP Multiplexing protocol. Every time a routing daemon like GateD needed to report its state to a network management station, that conversation flowed through this port. It was the interpreter between programs that couldn't otherwise speak to each other.
What SMUX Does
SMUX solves a specific architectural problem in Unix systems: the SNMP agent and the programs it needs to monitor live in separate processes.1
Consider a routing daemon like GateD. It maintains tables of routes, tracks which neighbors are reachable, counts packets. The network administrator needs to see this information through their management console. But the SNMP agent, which speaks to that console, runs in a completely different process. It can read kernel variables and files easily enough. Reading the state of another running program? That's harder.
SMUX creates a TCP connection on port 199 between the SNMP agent (the master) and programs like routing daemons (the peers). The peer registers which parts of the Management Information Base (MIB) it can answer questions about. When a management query arrives for that section of the MIB, the SNMP agent forwards it through the SMUX connection, receives the answer, and sends it back to the original requester.2
From the outside, everything looks like one coherent SNMP agent. Inside, it's a committee.
How the Protocol Works
The SMUX handshake follows a careful sequence.3
When a SMUX peer starts, it opens a TCP connection to port 199 and sends an OpenPDU. This message includes identity and authentication information. The SNMP agent checks this against its configuration (typically stored in /etc/netmgt/snmpd.peers) and either accepts silently or sends a ClosePDU to reject the connection.
Once connected, the peer sends RReqPDU messages to register which MIB subtrees it can handle. Each registration includes a priority, an integer from 0 to 2³¹-1, with lower numbers meaning higher priority. If two peers try to register overlapping subtrees, the higher-priority registration wins.
The SNMP agent then acts as a dispatcher. When a GetRequest arrives asking about a variable in a registered subtree, the agent wraps that request in a SMUX PDU and forwards it to the appropriate peer. The peer performs the lookup in its own data structures, wraps the response in another SMUX PDU, and sends it back. The agent extracts the answer and sends it to the original requester.
For SetRequest operations, SMUX uses a simple two-phase commit protocol to ensure atomicity. The agent sends the proposed changes. If all peers agree, it sends a commit message. If any peer objects, everyone rolls back.
The History
RFC 1227 was published in May 1991 by Marshall T. Rose of Performance Systems International.4 The acknowledgments section lists the protocol as having been "designed one afternoon" by a group including Jeffrey Case, James Davin, Mark Fedor, Jeffrey Honig, Louie Mamakos, Michael Petry, and Yakov Rekhter.
That casual phrasing belies serious credentials. These were the engineers building SNMP itself. Rose chaired the IETF SNMP working group from its inception in the late 1980s until 1991.5 Jeffrey Case was one of the authors of the original SGMP specification that evolved into SNMP.6
The problem they solved that afternoon was specific to Unix. RFC 1227 explicitly notes its "intended installation as a daemon running on a multi-user timeshare operating system." The Internet was running on Unix systems where network services lived in user-space processes, isolated from each other by design. SMUX punched carefully controlled holes in that isolation.
Performance Systems International (later PSINet) was one of the first commercial Internet service providers, founded in 1989.7 When Rose wrote RFC 1227, he was working at a company that depended on network management actually working. SMUX wasn't academic speculation. It was infrastructure.
The Primary Use Case: Routing Daemons
SMUX's most important application was connecting routing daemons to SNMP management.8
GateD, the Gateway Daemon, implemented routing protocols like OSPF, BGP, RIP, and EGP. Network administrators needed to monitor these protocols through SNMP, but the routing tables and protocol state lived inside GateD, not in the kernel where the SNMP agent could easily read them.
GateD included built-in SMUX peer functionality. When it started, it connected to TCP port 199 and registered the MIB subtrees for its routing protocols. Management stations could then query OSPF neighbor states, BGP route counts, and RIP metrics through standard SNMP, never knowing that the answers came from a different process entirely.
This architecture had elegance: each specialized daemon managed its own domain of knowledge while presenting a unified interface to the outside world.
Security Considerations
SMUX has several security characteristics worth understanding.9
By default, SMUX listens only on localhost (127.0.0.1). External attackers cannot directly connect to port 199 unless the system is badly misconfigured. The risk surface is primarily local privilege escalation, where a malicious process on the same machine might try to register as a SMUX peer.
Authentication relies on shared secrets configured in files like /etc/netmgt/snmpd.peers. The OpenPDU includes an identity and password that must match the agent's configuration. This is password-based authentication over plaintext TCP, adequate for local communication but nothing more.
Some systems open port 199 even when no SMUX peers are configured, which represents unnecessary attack surface.10 Administrators who don't need SMUX should verify it's disabled or bound only to localhost.
SMUX inherits SNMP's general security profile. The protocol was designed when networks were smaller and more trusted. Modern deployments should consider whether the information exposed through SNMP (and by extension SMUX) is appropriately protected.
The Successor: AgentX
SMUX proved that subagent architectures worked, then was replaced by something better.11
AgentX, specified in RFC 2741 and RFC 2742, addresses SMUX's limitations. It handles SET requests reliably through a proper transaction protocol. It manages overlapping registrations more gracefully. It understands SNMPv3 contexts, supporting modern security features.
The Net-SNMP documentation is direct: "New sub-agent development should use the AgentX protocol instead, which is not only standardized, but is outright superior to SMUX in a number of important ways."12
SMUX still exists in legacy systems. GateD's successor projects like Quagga and FRRouting support both protocols for backward compatibility. But for new deployments, AgentX is the answer.
Related Ports
| Port | Protocol | Relationship |
|---|---|---|
| 161 | SNMP | The port SMUX extends, where management queries arrive |
| 162 | SNMP Trap | Where agents send unsolicited notifications |
| 705 | AgentX | SMUX's successor protocol for subagent communication |
Frequently Asked Questions
Summary
Port 199 carries SMUX, a protocol born from practical necessity in 1991. Unix systems needed their separate processes to present a unified management interface. Marshall Rose and colleagues designed SMUX one afternoon to solve that problem for routing daemons and similar services.
The protocol works by establishing TCP connections between an SNMP agent and peer processes, letting peers register which MIB subtrees they handle and respond to forwarded queries. It's a delegation pattern, a committee that looks like a single voice from outside.
SMUX proved the concept well enough that it was superseded by AgentX, which handles the same job with better reliability and modern security awareness. What flows through port 199 today is mostly legacy traffic, the echoes of an earlier Internet still running in production somewhere.
But that earlier Internet was built by people who saw problems and solved them, often in an afternoon. Port 199 is a reminder that good-enough solutions, shipped quickly, can carry traffic for decades.
Was this page helpful?