tcpdump mailing list archives
large packets parsing using TcpDump
From: "Mali Shternhell" <malis () voltaire com>
Date: Tue, 30 Nov 2010 08:24:38 +0200
Hi,
I'm using TcpDump in order to capture snmp request-response messages.
When the response packet is larger than 1468 TcpDump fail to capture the
packet (capture below, failed lines are in red)
I'm using the command: tcpdump -s 200 -xxni eth0 port 161
Can you please assist?
08:00:26.768885 IP 172.30.9.16.33520 > 172.30.9.40.snmp:
GetNextRequest(29) .1.3.6.1.2.1.17.7.1.4
0x0000: 0008 f140 bc21 0026 5522 e86a 0800 4500
0x0010: 0048 0000 4000 4011 d030 ac1e 0910 ac1e
0x0020: 0928 82f0 00a1 0034 6aba 302a 0201 0104
0x0030: 0670 7562 6c69 63a1 1d02 0420 6640 c802
0x0040: 0100 0201 0030 0f30 0d06 092b 0601 0201
0x0050: 1107 0104 0500
08:00:26.812549 IP 172.30.9.40.snmp > 172.30.9.16.33520:
GetResponse(35) .1.3.6.1.2.1.17.7.1.4.2.1.3.1.1=1
0x0000: 0026 5522 e86a 0008 f140 bc21 0800 4500
0x0010: 004e 0000 4000 4011 d02a ac1e 0928 ac1e
0x0020: 0910 00a1 82f0 003a e216 3030 0201 0104
0x0030: 0670 7562 6c69 63a2 2302 0420 6640 c802
0x0040: 0100 0201 0030 1530 1306 0e2b 0601 0201
0x0050: 1107 0104 0201 0301 0142 0101
08:00:26.812861 IP 172.30.9.16.33520 > 172.30.9.40.snmp:
GetNextRequest(34) .1.3.6.1.2.1.17.7.1.4.2.1.3.1.1
0x0000: 0008 f140 bc21 0026 5522 e86a 0800 4500
0x0010: 004d 0000 4000 4011 d02b ac1e 0910 ac1e
0x0020: 0928 82f0 00a1 0039 6abf 302f 0201 0104
0x0030: 0670 7562 6c69 63a1 2202 0420 6640 c902
0x0040: 0100 0201 0030 1430 1206 0e2b 0601 0201
0x0050: 1107 0104 0201 0301 0105 00
08:00:27.612670 IP 172.30.9.40.snmp > 172.30.9.16.33520:
[len1468<asnlen4663]
0x0000: 0026 5522 e86a 0008 f140 bc21 0800 4500
0x0010: 05dc f88e 2000 4011 f20d ac1e 0928 ac1e
0x0020: 0910 00a1 82f0 1243 8d7c 3082 1237 0201
0x0030: 0104 0670 7562 6c69 63a2 8212 2802 0420
0x0040: 6640 c902 0100 0201 0030 8212 1830 8212
0x0050: 1406 0e2b 0601 0201 1107 0104 0201 0401
0x0060: 0104 8212 0000 0000 0000 0000 0000 0000
0x0070: 0000 0000 0000 0000 0000 0000 0000 0000
0x0080: 0000 0000 00ff ffff 0000 0000 0000 0000
0x0090: 0000 0000 0000 0000 0000 0000 0000 0000
0x00a0: 0000 0000 00ff ffff 0000 0000 0000 0000
0x00b0: 0000 0000 0000 0000 0000 0000 0000 0000
0x00c0: 0000 0000 00ff ffff
08:00:27.614340 IP 172.30.9.16.33520 > 172.30.9.40.snmp:
GetNextRequest(34) .1.3.6.1.2.1.17.7.1.4.2.1.4.1.1
0x0000: 0008 f140 bc21 0026 5522 e86a 0800 4500
0x0010: 004d 0000 4000 4011 d02b ac1e 0910 ac1e
0x0020: 0928 82f0 00a1 0039 6abf 302f 0201 0104
0x0030: 0670 7562 6c69 63a1 2202 0420 6640 ca02
0x0040: 0100 0201 0030 1430 1206 0e2b 0601 0201
0x0050: 1107 0104 0201 0401 0105 00
08:00:35.289810 IP 172.30.9.40.snmp > 172.30.9.16.33520:
[len1468<asnlen4663]
0x0000: 0026 5522 e86a 0008 f140 bc21 0800 4500
0x0010: 05dc f88f 2000 4011 f20c ac1e 0928 ac1e
0x0020: 0910 00a1 82f0 1243 8b7c 3082 1237 0201
0x0030: 0104 0670 7562 6c69 63a2 8212 2802 0420
0x0040: 6640 ca02 0100 0201 0030 8212 1830 8212
0x0050: 1406 0e2b 0601 0201 1107 0104 0201 0501
0x0060: 0104 8212 0000 0000 0000 0000 0000 0000
0x0070: 0000 0000 0000 0000 0000 0000 0000 0000
0x0080: 0000 0000 00ff ffff 0000 0000 0000 0000
0x0090: 0000 0000 0000 0000 0000 0000 0000 0000
Best Regards,
Mali Shternhell,
SW Engineer at Voltaire
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- large packets parsing using TcpDump Mali Shternhell (Nov 30)
- Re: large packets parsing using TcpDump Guy Harris (Nov 30)
- Re: large packets parsing using TcpDump Mali Shternhell (Dec 01)
- Re: large packets parsing using TcpDump Guy Harris (Dec 01)
- Re: large packets parsing using TcpDump Mali Shternhell (Dec 01)
- Re: large packets parsing using TcpDump Guy Harris (Nov 30)