Vulnerability Development mailing list archives
Re: Quick SNMP Payload Structure Question
From: Eric Brandwine <ericb () UU NET>
Date: 28 Feb 2002 05:46:09 +0000
"jk" == Jim Kovalchuk <raxor () dexlink com> writes:
jk> So you see most (valid) SNMP messages look something like: jk> 30 2a 02 01 00 04 06 70 75 62 6c 69 63 . . . jk> First byte is the tag byte, 30h stands for a sequence. jk> Second byte is the length byte of the entire message. This is only true for messages that have a total length less than 128 bytes. Lengths longer than 128 bytes have to use the BER multibyte length encoding. Most of the packets in the Oulu toolkit that have unfortunate effects on devices are much longer than 128 bytes. This is a well documented (if somewhat dense) standard. Go to the official docs, rather than trying to reverse engineer it. I've read the docs, and you'll never figure it out. There's some odd stuff in BER. That's why so many vendors have so much trouble decoding it safely. Don't waste your time picking the lock when someone hands you the key. ericb -- Eric Brandwine | The difference between genius and stupidity is that UUNetwork Security | genius has its limits. When you want to test the depths ericb () uu net | of a stream, don't use both feet. +1 703 886 6038 | - Chinese Proverb Key fingerprint = 3A39 2C2F D5A0 FC7C 5F60 4118 A84A BD5D 59D7 4E3E
Current thread:
- Re: Quick SNMP Payload Structure Question Eric Brandwine (Mar 04)
- Re: Quick SNMP Payload Structure Question Valdis . Kletnieks (Mar 04)
- <Possible follow-ups>
- Re: Quick SNMP Payload Structure Question BORBELY Zoltan (Mar 05)