Setting (checkbox) this BER preference will display the SNMP byte details in the Packet Details.
Edit -> Preferences -> Protocols -> BER: "Show internal BER encapsulation tokens"
Simple Network Management Protocol
00.. .... = Class: UNIVERSAL (0)
..1. .... = P/C: Constructed Encoding
...1 0000 = Tag: SEQUENCE (16)
Length: 109
00.. .... = Class: UNIVERSAL (0)
..0. .... = P/C: Primitive Encoding
...0 0010 = Tag: INTEGER (2)
Length: 1
version: v2c (1)
00.. .... = Class: UNIVERSAL (0)
..0. .... = P/C: Primitive Encoding
...0 0100 = Tag: OCTET STRING (4)
Length: 20
Whoops - typo on the version.
value=1 is snmpv2c
static const value_string snmp_Version_vals[] = {
{ 0, "version-1" },
{ 1, "v2c" },
{ 2, "v2u" },
{ 3, "snmpv3" },
{ 0, NULL }
};
Not sure that I've ever seen v2u or v2p out in the wild.
"The SNMPv2 protocol standards made several attempts to address the security issues associated with the SNMPv1 protocol, with the party-based security model SNMPv2p, the user-based security model SNMPv2u, and the community-based security model SNMPv2c."
"These types of encodings are commonly called type–length–value (TLV) encodings"
It's a bit confusing since there is no 0x30 in the BER tags list. Looking farther down into the details it's explained:
"In the initial octet, bit 6 encodes whether the type is primitive or constructed,"
So the first byte is a Constructed (C) (0x20) + SEQUENCE (0x10) = 0x30.
Next byte is length then the data which is more TLV objects.
If first 5 bytes area 0x30 0x6d 0x02 0x01 0x01:
0x30 = constructed sequence
0x6d = length
0x02 = first object is INTEGER
0x01 = length = 1 byte
0x01 = value = 1 (SNMPv1)
chuckc