SNMP (https://datatracker.ietf.org/doc/html/rfc1157) uses ASN.1 BER ( https://en.wikipedia.org/wiki/X.690#BER_encoding) to define the data.
"These types of encodings are commonly called type–length–value (TLV) encodings" (See https://datatracker.ietf.org/doc/html/rfc1592 for a packet diagram) It's a bit confusing since there is no 0x30 in the BER tags list. Looking farther down into the details it's explained: "In the initial octet, bit 6 encodes whether the type is primitive or constructed," So the first byte is a Constructed (C) (0x20) + SEQUENCE (0x10) = 0x30. Next byte is length then the data which is more TLV objects. If first 5 bytes area 0x30 0x6d 0x02 0x01 0x01: 0x30 = constructed sequence 0x6d = length 0x02 = first object is INTEGER 0x01 = length = 1 byte 0x01 = value = 1 (SNMPv1) chuckc On Thu, Mar 3, 2022 at 10:16 AM Chandra Japan <chandra.japan2...@gmail.com> wrote: > Hi Wireshark Team, > > Please let me know > > what does first 4 bytes in SNMP Data indicate > > because I could see from 5th byte I see version and other things > > Regards > Chandramohan > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe