Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: First 4 bytes in SNMP application data

From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Thu, 3 Mar 2022 19:01:19 +0100
Hi,

What you’re looking at is the SNMP encoding according to the Basic Encoding Rules[2] (BER). These octets define the BER 
structure.

For example a 64 octet SNMPv3 message starts as such:

SNMPv3Message ::= SEQUENCE {

30 3E 

    msgVersion INTEGER ( 0 .. 2147483647 ),

02 01 03

Where 30 defines a sequence, 3E the length, 02 an integer, 01 length of one and 03 the version number.


[1] https://datatracker.ietf.org/doc/html/rfc3412#section-6 <https://datatracker.ietf.org/doc/html/rfc3412#section-6>
[2] https://www.oss.com/asn1/resources/asn1-made-simple/asn1-quick-reference/basic-encoding-rules.html 
<https://www.oss.com/asn1/resources/asn1-made-simple/asn1-quick-reference/basic-encoding-rules.html>

Regards,
Jaap


On 3 Mar 2022, at 06:33, Chandra Japan <chandra.japan2013 () gmail com> wrote:

Hi Wireshark Team,

Please let me know 

what does first 4 bytes in SNMP Data indicate

because I could see from 5th byte I see version and other things

Regards
Chandramohan
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: