Hi,
What you’re looking at is the SNMP encoding according to the Basic Encoding
Rules[2] (BER). These octets define the BER structure.
For example a 64 octet SNMPv3 message starts as such:
SNMPv3Message ::= SEQUENCE {
30 3E
msgVersion INTEGER ( 0 .. 2147483647 ),
02 01 03
Where 30 defines a sequence, 3E the length, 02 an integer, 01 length of one and
03 the version number.
[1] https://datatracker.ietf.org/doc/html/rfc3412#section-6
<https://datatracker.ietf.org/doc/html/rfc3412#section-6>
[2]
https://www.oss.com/asn1/resources/asn1-made-simple/asn1-quick-reference/basic-encoding-rules.html
<https://www.oss.com/asn1/resources/asn1-made-simple/asn1-quick-reference/basic-encoding-rules.html>
Regards,
Jaap
> On 3 Mar 2022, at 06:33, Chandra Japan <chandra.japan2...@gmail.com> wrote:
>
> Hi Wireshark Team,
>
> Please let me know
>
> what does first 4 bytes in SNMP Data indicate
>
> because I could see from 5th byte I see version and other things
>
> Regards
> Chandramohan
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
> Archives: https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
