Re: Quick SNMP Payload Structure Question

[Eric Brandwine <ericb () UU NET>]

> > > > > "jk" == Jim Kovalchuk <raxor () dexlink com> writes:

jk> So you see most (valid) SNMP messages look something like: 
jk> 30 2a 02 01 00 04 06 70 75 62 6c 69 63 . . . 

jk> First byte is the tag byte, 30h stands for a sequence. 
jk> Second byte is the length byte of the entire message.

This is only true for messages that have a total length less than 128
bytes.  Lengths longer than 128 bytes have to use the BER multibyte
length encoding.  Most of the packets in the Oulu toolkit that have
unfortunate effects on devices are much longer than 128 bytes.

This is a well documented (if somewhat dense) standard.  Go to the
official docs, rather than trying to reverse engineer it.  I've read
the docs, and you'll never figure it out.  There's some odd stuff in
BER.  That's why so many vendors have so much trouble decoding it
safely.

Don't waste your time picking the lock when someone hands you the key.

ericb
-- 
Eric Brandwine     |  The difference between genius and stupidity is that
UUNetwork Security |  genius has its limits. When you want to test the depths
ericb () uu net       |  of a stream, don't use both feet.
+1 703 886 6038    |      - Chinese Proverb
Key fingerprint = 3A39 2C2F D5A0 FC7C  5F60 4118 A84A BD5D  59D7 4E3E