If you look at the second packet of the attached capture, Wireshark considers this a malformed packet.
As per RFC 1155 Section 3.1
The root node itself is unlabeled, but has at least three children
directly under it: one node is administered by the International
Organization for Standardization, with label iso(1); another is
administrated by the International Telegraph and Telephone
Consultative Committee, with label ccitt(0); and the third is jointly
administered by the ISO and the CCITT, joint-iso-ccitt(2).
This means that .0 is a valid OID and should be dissected correctly.
net-snmp implemented this in a different way. For them .0 is a valid OID.
#snmpwalk -On -v 2c -c public 10.125.224.111 1.3.6.1.2.1.47.1.1.1.1.3.1
.1.3.6.1.2.1.47.1.1.1.1.3.1 = OID: .0
Can someone provide some input on this?
Attachment:
wrong_length_varbind.pcapng
Description: application/pcapng