Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

snmp project/parsing OID's?

From: "Mike ." <dmciscobgp () hotmail com>
Date: Fri, 25 Dec 2015 11:31:25 +0000
Merry Xmas all! (for those that celebrate it)


so i am sorry to hit you up with another issue/idea but that's how nmap gets better, right? this is more to the ones 
who helped in SNMP scripting. so i am sending an SNMP-netstat to a target that is HUAWEI Technology Co router/device. 
anyway, i can get an SNMP-info reply no problem, but the script falls short. this is what nmap says after a scan AND a 
run of the script, even with debug on:


161/udp open  snmp    udp-response ttl 232


so no errors there. i kept looking into this, wondering what exactly i am getting back then. i viewed a full proto 
decode and saw this:



                    error-status: noError (0)
                    error-index: 0
                    variable-bindings: 1 item
                        1.3.6.1.6.3.15.1.1.4.0: 274
                            Object Name: 1.3.6.1.6.3.15.1.1.4.0 (iso.3.6.1.6.3.15.1.1.4.0)
                            Value (Counter32): 274

so no errors there, either. but...after looking at that last OID reference of what it was returning, i went to this 
page: 
http://www.mibdepot.com/cgi-bin/getmib3.cgi?win=mib_a&i=1&n=SNMP-USER-BASED-SM-MIB&r=cisco&f=SNMP-USM-MIB-V1SMI.my&v=v1&t=sca&o=usmStatsUnknownEngineIDs
 and realized that the device is telling me it is not set up for that information or does not support it. nmap 
obviously does not know this, nor would the user UNLESS we had a script or some way we could parse that OID we get 
back. is this already in the SNMP code somewhere that i am not aware of? i am a network guy, not a coder, that is the 
reason i ask. the thing is, and this should be a standard for everyone anyway, nmap can only do so much. i ALWAYS run a 
sniffer side-by-side when scanning because then you really know what it happening. if you see slow/silent drops you 
know you are being FWed. if you see the dump i just showed you, you know you have a part of a protocol unsupported/etc, 
that nmap has no way to tell you. so if there isn't already, can we find some way to have a parser/interrpreter for 
OIDs/errors that could be looked up (like the page i gave you) that nmap could then spit out to the user? i could 
always keep looking at the protocol decodes to know what is happening, but if we could get nmap to carry that replace 
that overhead, then that would be the best thing, i think. i sure hope this all made sense!

Mike




_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: