On Mon, 25 Feb 2002 12:56:28 -0800 Josha Bronson <dmuzat_private> wrote: Heya, > > Hey folks, > > Trying to work on generating arbitrary SNMP request packets, but for the > life of me I can not figure out how the second byte of the payload data > is calculated. I *think* that it is some sort of length signifier... I > think there are also other length based bytes that might need to be > calculated elsewhere in the payload. > > What I am trying to do is figure out what bytes need to be modified in a > basic payload structure so that I can drop in different communities, > only altering the bytes necessary. Here is what I've discovered about SNMP packets so far. For example, a request header might look like this: "\x30\x82\x01\x23\x02\x01\x00\x04\x82\x01\x00"community"morestuffmorestuffmorestuff Where 'morestuff' is the actual encoded snmp request and, in this case, community is 256 bytes long. A description of the header byte for byte: 0x30: ASN_SEQUENCE | ASN_CONSTRUCTOR 0x82: ASN_LONG_LEN | 2 (2 bytes of data i think) 0x01,0x23 = 0x123 = packet size 0x02: ASN.1 integer 0x01: lenbyte (1 byte) 0x00: SNMPv1 0x04 ASN.1 octet string (primstring) 0x82: ASN_LONG_LEN | 2 (2 bytes) 0x01,0x00 = 0x100 = 256 bytes (my what a long community string ;) Then the octets of the community string begin. The important bytes in the header are (starting with offset 0) 2, 3 = packet size 8,[9,10] = community string length Note that ASN_LONG_LEN is only necessary if the community string is > 0xff bytes. If it's not, the sequence is "\x04",lenbyte,community. If this is the case, note the header will be 2 bytes shorter. asn1.c, asn1.h, snmp_api.c and snmp_auth.c from snmplib are invaluable for hacking with ASN data. Hope this helps, --rpc > > I've already used ethereal's excellent packet analysis, but it does not > say what the significance is of all the packets, including the second > byte. > > Any quick answers or links are greatly appreciated. > > -- > Josha Bronson > dmuzat_private > AngryPacket Security >
This archive was generated by hypermail 2b30 : Wed Feb 27 2002 - 19:07:28 PST