Wireshark · Wireshark-dev: Re: [Wireshark-dev] First 4 bytes in SNMP application data

Wireshark-dev: Re: [Wireshark-dev] First 4 bytes in SNMP application data

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>

Date: Thu, 3 Mar 2022 19:01:19 +0100

Hi,

What you’re looking at is the SNMP encoding according to the Basic Encoding Rules[2] (BER). These octets define the BER structure.

For example a 64 octet SNMPv3 message starts as such:

SNMPv3Message ::= SEQUENCE {

30 3E

    msgVersion INTEGER ( 0 .. 2147483647 ),

02 01 03

Where 30 defines a sequence, 3E the length, 02 an integer, 01 length of one and 03 the version number.

[1] https://datatracker.ietf.org/doc/html/rfc3412#section-6

[2] https://www.oss.com/asn1/resources/asn1-made-simple/asn1-quick-reference/basic-encoding-rules.html

Regards,

Jaap

On 3 Mar 2022, at 06:33, Chandra Japan <chandra.japan2013@xxxxxxxxx> wrote:

Hi Wireshark Team,

Please let me know

what does first 4 bytes in SNMP Data indicate

because I could see from 5th byte I see version and other things

Regards
Chandramohan
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

References:
- [Wireshark-dev] First 4 bytes in SNMP application data
  - From: Chandra Japan

Prev by Date: Re: [Wireshark-dev] First 4 bytes in SNMP application data
Next by Date: Re: [Wireshark-dev] First 4 bytes in SNMP application data
Previous by thread: Re: [Wireshark-dev] First 4 bytes in SNMP application data
Next by thread: [Wireshark-dev] wireshark-dev resubscription requested
Index(es):
- Date
- Thread