Nmap Development mailing list archives
snmp project/parsing OID's?
From: "Mike ." <dmciscobgp () hotmail com>
Date: Fri, 25 Dec 2015 11:31:25 +0000
Merry Xmas all! (for those that celebrate it) so i am sorry to hit you up with another issue/idea but that's how nmap gets better, right? this is more to the ones who helped in SNMP scripting. so i am sending an SNMP-netstat to a target that is HUAWEI Technology Co router/device. anyway, i can get an SNMP-info reply no problem, but the script falls short. this is what nmap says after a scan AND a run of the script, even with debug on: 161/udp open snmp udp-response ttl 232 so no errors there. i kept looking into this, wondering what exactly i am getting back then. i viewed a full proto decode and saw this: error-status: noError (0) error-index: 0 variable-bindings: 1 item 1.3.6.1.6.3.15.1.1.4.0: 274 Object Name: 1.3.6.1.6.3.15.1.1.4.0 (iso.3.6.1.6.3.15.1.1.4.0) Value (Counter32): 274 so no errors there, either. but...after looking at that last OID reference of what it was returning, i went to this page: http://www.mibdepot.com/cgi-bin/getmib3.cgi?win=mib_a&i=1&n=SNMP-USER-BASED-SM-MIB&r=cisco&f=SNMP-USM-MIB-V1SMI.my&v=v1&t=sca&o=usmStatsUnknownEngineIDs and realized that the device is telling me it is not set up for that information or does not support it. nmap obviously does not know this, nor would the user UNLESS we had a script or some way we could parse that OID we get back. is this already in the SNMP code somewhere that i am not aware of? i am a network guy, not a coder, that is the reason i ask. the thing is, and this should be a standard for everyone anyway, nmap can only do so much. i ALWAYS run a sniffer side-by-side when scanning because then you really know what it happening. if you see slow/silent drops you know you are being FWed. if you see the dump i just showed you, you know you have a part of a protocol unsupported/etc, that nmap has no way to tell you. so if there isn't already, can we find some way to have a parser/interrpreter for OIDs/errors that could be looked up (like the page i gave you) that nmap could then spit out to the user? i could always keep looking at the protocol decodes to know what is happening, but if we could get nmap to carry that replace that overhead, then that would be the best thing, i think. i sure hope this all made sense! Mike
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- snmp project/parsing OID's? Mike . (Dec 25)