Wireshark · Ethereal-users: [ethereal-users] Question about SNMP decoder with regard to response port

Ethereal-users: [ethereal-users] Question about SNMP decoder with regard to response port

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Ron Flory <ron.flory@xxxxxxxxxx>

Date: Thu, 13 Jul 2000 08:36:25 -0500

hi-

 I am seeing a situation where the Ethereal (0.8.8 - 0.8.10 on RH 6.2
x86 under Linux 2.2.15) SNMP decoder does not recognize 'response'
packets as SNMP format- it simply reports them as being raw UDP data.

 What causes the different behavior in Ethereal is that some SNMP agents
reply to GET message on the well-known contact port (161), whereas
others reply on a different port (basically, iterative vs concurrent
server model).  I don't think either behavior is necessarily right or
wrong, and I've seen no mention in the RFCs that SNMP responses to GET
MUST be on behalf of port 161.

 This scenario can be decoded by Ethereal:

  10.100.1.19 port 1185 ---> 10.100.1.16 port  161       SNMP GET
  10.100.1.16 port  161 ---> 10.100.1.19 port 1185       SNMP RESPONSE


 Yet this scenario is not decoded by Ethereal:

  10.100.1.19 port 1185 ---> 10.100.1.16 port  161       SNMP GET
  10.100.1.16 port 2842 ---> 10.100.1.19 port 1185       UDP 2842->1185


 'Curious to see if anybody has any ideas on this...

 Thanks-

ron

Follow-Ups:
- Re: [ethereal-users] Question about SNMP decoder with regard to response port
  - From: Guy Harris

References:
- RE: [ethereal-users] Support for Token-Ring
  - From: Fulvio Risso

Prev by Date: RE: [ethereal-users] Support for Token-Ring
Next by Date: [ethereal-users] Ethereal Plugins
Previous by thread: Re: [ethereal-users] Support for Token-Ring
Next by thread: Re: [ethereal-users] Question about SNMP decoder with regard to response port
Index(es):
- Date
- Thread