Scribd Logo
Upload

Welcome to Scribd!

  • SNMP Packet Analysis: Understanding SNMP Messages and Encoding

    Uploaded by

    thanhtam788
    61 views19 pages
    The document discusses SNMP packet analysis and provides examples of SNMP message encoding using Basic Encoding Rules. It includes: 1) An example SNMP message encoded in the Ethernet, IP, and UDP headers. 2) Details on how the SNMP Protocol Data Unit is encoded as a sequence of type-length-value fields, including the request ID, error status, and object identifier. 3) The encoding of a specific management information base object identifier representing system uptime.

    Original Description:

    Original Title

    SNMP Packet Analysis_v2

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses SNMP packet analysis and provides examples of SNMP message encoding using Basic Encoding Rules. It includes: 1) An example SNMP message encoded in the Ethernet, IP, and UDP headers. 2) Details on how the SNMP Protocol Data Unit is encoded as a sequence of type-length-value fields, including the request ID, error status, and object identifier. 3) The encoding of a specific management information base object identifier representing system uptime.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    61 views19 pages

    SNMP Packet Analysis: Understanding SNMP Messages and Encoding

    Uploaded by

    thanhtam788
    The document discusses SNMP packet analysis and provides examples of SNMP message encoding using Basic Encoding Rules. It includes: 1) An example SNMP message encoded in the Ethernet, IP, and UDP headers. 2) Details on how the SNMP Protocol Data Unit is encoded as a sequence of type-length-value fields, including the request ID, error status, and object identifier. 3) The encoding of a specific management information base object identifier representing system uptime.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 19

    SNMP Packet Analysis

    Tran Phuoc Nguyen


    pn.tran2012@gmail.com

    SNMP packet trace using Wireshark

    Ethernet Frame

    Example of SNMP message

    Basic Encoding Rules


    Used to transmit data between systems that native encoding is different
    Type Length Value

    also called encoding Type-Length-Value

    Basic Encoding Rules : Data Type

    Example of Ethernet Encoding

    00 00 00 10 00 20 00 30 00 40 00 50

    00 00

    00 45

    A3 E0 53 1A 03 04 75 00 00 00 62 30 00 00 00

    16 00

    00 1E

    A0 11 31 A0 06

    24 72 7E 1A 08

    70 8B 18 02 2B

    C2 B7 08 C0 09 30 02 06 27 0F 01

    00 45

    00

    C8 02 C0 09 02 A4 02 01 00 02 01 01 01 04 00 03

    C8 04 06 02 00 70 01 05

    A1 00 63 0C 7E

    6C 69 0E 0A 30 00

    Example of Ethernet Encoding


    00 00 00 10 00 20 00 30 00 40 00 50 00 00 00 45 43 E0 53 00 00 16 00 00 1E A0 11 31 A0 06 24 72 7E 1A 08 70 8B 18 02 2B C2 B7 08 C0 09 30 02 06 27 0F 01 00 45 00

    1A 03 04 75 00 00 00 62 30 00

    C8 02 C0 09 02 A4 02 01 00 02 01 01 01 04 00 03

    C8 04 06 02 00 70 01 05

    A1 00 63 0C 7E

    6C 69 0E 0A 30 00

    Ethernet Header (14 bytes) + FCS (4 bytes)

    Example of Ethernet Encoding


    00 00 00 10 00 20 00 30 00 40 00 50 00 00 00 45 43 E0 53 00 00 16 00 00 1E A0 11 31 A0 06 24 72 7E 1A 08 70 8B 18 02 2B C2 B7 08 C0 09 30 02 06 27 0F 01 00 45 00

    1A 03 04 75 00 00 00 62 30 00

    C8 02 C0 09 02 A4 02 01 00 02 01 01 01 04 00 03

    C8 04 06 02 00 70 01 05

    A1 00 63 0C 7E

    6C 69 0E 0A 30 00

    Ethernet Header (14 bytes.) + FCS (4 bytes) IP Header (20 bytes)


    9

    Example of Ethernet Encoding


    00 00 00 10 00 20 00 30 00 40 00 50 00 00 00 45 43 E0 53 00 00 16 00 00 1E A0 11 31 A0 06 24 72 7E 1A 08 70 8B 18 02 2B C2 B7 08 C0 09 30 02 06 27 0F 01 00 45 00

    1A 03 04 75 00 00 00 62 30 00

    C8 02 C0 09 02 A4 02 01 00 02 01 01 01 04 00 03

    C8 04 06 02 00 70 01 05

    A1 00 63 0C 7E

    6C 69 0E 0A 30 00

    Ethernet Header (14 bytes.) + FCS (4 bytes) IP Header (20 bytes) UDP Header (8 bytes)

    SNMP Data

    10

    Sequence

    30

    27

    27 = 39 octets

    11

    Sequence Integer

    30

    27 02 01 : 00

    27 = 39 octets

    12

    Sequence Header Integer String

    30

    27 02 04 01 06 : : 00 70 75 62 6C 69 63

    27 = 39 octets

    13

    Sequence Header Integer String Sequence

    30

    27 02 04 A0 1A 01 06 : : 00 70 75 62 6C 69 63

    27 = 39 octets

    C
    1A = 26 octets

    A0 = 1010 0000 (Get Request)

    PDU

    14

    Sequence Header Integer String Sequence

    30

    27 02 04 A0 1A 01 06 : : 00 70 75 62 6C 69 63

    27 = 39 octets

    C
    1A = 26 octets

    A0 = 1010 0000 (Get Request)

    Integer Integer

    02 02 02

    02 01 01

    : : :

    0F 00 00

    A4

    Request ID = 4004 Error status : 0 Error index : 0

    PDU

    Integer

    15

    Sequence Header Integer String Sequence

    30

    27 02 04 A0 1A 01 06 : : 00 70 75 62 6C 69 63

    27 = 39 octets

    C
    1A = 26 octets

    A0 = 1010 0000 (Get Request)

    Integer Integer

    02 02 02 30 0E

    02 01 01

    : : :

    0F 00 00

    A4

    Request ID = 4004 Error statut : 0 Error index : 0 0E = 14 octets

    PDU

    Integer Sequence

    Sequence Objet

    30

    0C 06 08 : 2B
    1.3 .

    OC = 12 octets 06
    6.

    01
    1.

    02
    2.

    01
    1.

    01
    1.

    03
    3.

    00
    0
    16

    Null

    05

    00

    1.3 = 2B
    The first two digits of the object identifier are encoded according to the formula 40x + y. So, 1.3 is encoded by 43 or 2B in hexadecimal.

    17

    13612113
    1 UIT 0 STD 0 2 3 4 Internet 1 2 3 4 Directory 1 Mgmt 2 Experim. 3 Private 4 MIB I 1

    Syst 1
    Interface 2

    1-sysDescr 2-sysObjectID 3-sysUpTime 4-sysContact 5-sysName 6-sysLocation

    Addr. Trans. 3
    IP 4 ICMP 5 TCP 6 UDP 7 EGP 8
    18

    ISO 1

    2 2 ORG 3

    5 DoD 6

    SysUpTime
    Description type d'un objet (MIB II)
    OBJECT_TYPE MACRO = BEGIN TYPE NOTATION = "SYNTAX" type (TYPE ObjectSyntax) "ACCESS" Access "STATUS" Status VALUE NOTATION = value (VALUE ObjectName) DESCRIPTION value (description DisplayString) |empty Access ="read_only"|"write_only"|"not_accessible" Status ="mandatory"|"optional"|"obsolete"|"deprecated" DisplayString=OCTET STRING SIZE (0255) END

    Description de l'objet SysUpTime


    SysUpTime OBJECT_TYPE Syntax TimeTicks Access read_only Status mandatory Description "The Time (in hundredhs of a second) since the network management portion of a system was last reinitialized" ={system 3}

    19

    You might also like