SNMP Packet Decode

Here's a captured packet. It contains an SNMP SET Request PDU. I have decoded the packets. We can see IP and UDP as well as SNMP. The SNMP data is encoded in ASN.1, SNMP variables are identified by OID. This request sets one value.

IP

45        IPV4 HeaderLength = 5
00        TOS
0049      Total Length = 73
1BA1      Identifier
4000      Flags = 010 (don't fragment), offset = 0
1E        TTL = 30
11        Protocol =
BE74      Checksum
4105007B  Src IP Address = 65.5.0.123
410A0005  Dest IP Address = 65.10.0.5

UDP

D1F7        Source Port
00A1        Dest Port = 161
0035        UDP Length = 53
1F0D        Checksum

SNMP

302B            SEQUENCE (LEN = 43)
0201 00                 Version 1
0404 55544D43           Community = UTMC
A320                    SetRequestPDU (context constructed 3) (Len = 32)
0204 023712FB                   REQID = 0X023712FB
0201 00                         Error = NONE
0201 00                         ErrIndex = 0
3012                            SEQUENCE (LEN = 18)
3010                                    SEQUENCE (LEN = 16)
060B 512C010401010401010100                     OID = 2.1.44.1.4.1.1.4.1.1.1.0
0201 01                                         Integer = 1

References

• J. Postel (1981). Internet Protocol. Defense Advance Networking Group. RFC 791.
• J. Postel (1980). User Datagram Protocol. ISI. RFC 768.
• W Stallings (1996). SNMP, SNMPv2, SNMPv3 and RMON 1 and 2. Addison-Wesley. ISBN 0-201-48534-6. See Table B.5.

---

Author: Stewart Smith Last update: 27th October 2009 ©Copyright: Pentagon Computer Consultants Ltd 2003-9.

Bookmark this on Delicious | Share on LinkedIn | Home