Whoops - typo on the version. value=1 is snmpv2c https://gitlab.com/wireshark/wireshark/-/blob/master/epan/dissectors/packet-snmp.c#L2115 static const value_string snmp_Version_vals[] = { { 0, "version-1" }, { 1, "v2c" }, { 2, "v2u" }, { 3, "snmpv3" }, { 0, NULL } };
Not sure that I've ever seen v2u or v2p out in the wild. https://www.ibm.com/docs/en/zos/2.4.0?topic=protocols-snmpv2 "The SNMPv2 protocol standards made several attempts to address the security issues associated with the SNMPv1 protocol, with the party-based security model SNMPv2p, the user-based security model SNMPv2u, and the community-based security model SNMPv2c." On Thu, Mar 3, 2022 at 11:52 AM chuck c <bubbas...@gmail.com> wrote: > SNMP (https://datatracker.ietf.org/doc/html/rfc1157) uses ASN.1 BER ( > https://en.wikipedia.org/wiki/X.690#BER_encoding) to define the data. > > "These types of encodings are commonly called type–length–value (TLV) > encodings" > > (See https://datatracker.ietf.org/doc/html/rfc1592 for a packet diagram) > > It's a bit confusing since there is no 0x30 in the BER tags list. Looking > farther down into the details it's explained: > "In the initial octet, bit 6 encodes whether the type is primitive or > constructed," > > So the first byte is a Constructed (C) (0x20) + SEQUENCE (0x10) = 0x30. > Next byte is length then the data which is more TLV objects. > > If first 5 bytes area 0x30 0x6d 0x02 0x01 0x01: > 0x30 = constructed sequence > 0x6d = length > 0x02 = first object is INTEGER > 0x01 = length = 1 byte > 0x01 = value = 1 (SNMPv1) > > chuckc > > > > On Thu, Mar 3, 2022 at 10:16 AM Chandra Japan <chandra.japan2...@gmail.com> > wrote: > >> Hi Wireshark Team, >> >> Please let me know >> >> what does first 4 bytes in SNMP Data indicate >> >> because I could see from 5th byte I see version and other things >> >> Regards >> Chandramohan >> >> ___________________________________________________________________________ >> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> >> Archives: https://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev >> mailto:wireshark-dev-requ...@wireshark.org >> ?subject=unsubscribe >> >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe