tcpdump mailing list archives
SNMP dump
From: Jan Allman <ian_yeovil () yahoo co uk>
Date: Thu, 7 Dec 2006 16:59:35 +0000 (GMT)
I'm using Ethereal and am confused about the SNMP dump. The field sizes don't match the specification (RFC 1157).
E.g.
The 'Version' field should be 4 bytes but its dump is 3 bytes: 02 01 00
The 'PDU Type' field should 4 bytes but its dump is 2 bytes: a4 1c
However, Ethereal reports the correct values.
Version: 1 (0)
PDU type: TRAP-V1 (4)
I'm assuming that tcpdump is capturing the packets correctly from the wire.
Where should I look for how SNMP is encoded for transmission and decoded for display in Ethereal?
Many Thanks,
Ian
---------------------------------
Try the all-new Yahoo! Mail . "The New Version is radically easier to use" The Wall Street Journal-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- SNMP dump Jan Allman (Dec 07)
- Re: SNMP dump Guy Harris (Dec 07)
- Re: SNMP dump Jan Allman (Dec 12)
- Re: SNMP dump Guy Harris (Dec 07)