[chuck c <bubbasnmp@xxxxxxxxx>]

SNMP (https://datatracker.ietf.org/doc/html/rfc1157) uses ASN.1 BER (https://en.wikipedia.org/wiki/X.690#BER_encoding) to define the data.

"These types of encodings are commonly called type–length–value (TLV) encodings"

(See https://datatracker.ietf.org/doc/html/rfc1592 for a packet diagram)

It's a bit confusing since there is no 0x30 in the BER tags list. Looking farther down into the details it's explained:

"In the initial octet, bit 6 encodes whether the type is primitive or constructed,"

So the first byte is a Constructed (C) (0x20) + SEQUENCE (0x10) = 0x30.

Next byte is length then the data which is more TLV objects.

If first 5 bytes area 0x30 0x6d 0x02 0x01 0x01:

0x30 = constructed sequence

0x6d = length

0x02 = first object is INTEGER

0x01 = length = 1 byte

0x01 = value = 1 (SNMPv1)

chuckc

On Thu, Mar 3, 2022 at 10:16 AM Chandra Japan <chandra.japan2013@xxxxxxxxx> wrote:

Hi Wireshark Team,

Please let me know 

what does first 4 bytes in SNMP Data indicate

because I could see from 5th byte I see version and other things

Regards

Chandramohan

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe