Interpreting Hex Values for SNMP

[Derill03]

Can anyone offer any assistance with interpreting a table of hex values for SNMP? I know the column on left is the memory locations and the first 10 bytes are the ethernet header but i can not find any resources that show how to interpret the hex dump.

I need to identify:

Community
PDU type
OID
Contents of OID location

0020 00 7d 00 a1 d3 a5 00 3b d9 39 30 31 02 01 00 04
0030 06 70 75 62 6c 69 63 a2 24 02 04 66 6a 7f 7b 02
0040 01 00 02 01 00 30 16 30 14 06 08 2b 06 01 02 01
0050 01 05 00 04 08 48 50 4c 4a 32 32 30 30

 

[LaurieAG]

Can anyone offer any assistance with interpreting a table of hex values for SNMP?

Try http://www.snmpsoft.com/freetools/snmpwalk.html

 

[I like Serena]

Try wireshark, which I recommend to analyze any network traffic or troubleshoot any network problems.
http://www.wireshark.org/

 

[Derill03]

This is for classwork i can not use any utilities

 

[I like Serena]

Here's one:
http://www.rane.com/swf/n161fig5.swf

 

[Derill03]

Ok i think I've figured some out:

community = private
PDU type = response
and i think OID value is: 1.3.6.22.48.20.6.8.43.6.1.2.1.1



I don't know what it means by "contents of the OID location"?

 

[I like Serena]

Hmm, at which address did you find the community?
And how did you deduce it was private?

 

[Derill03]

from the link you gave me i have been kind of trying to match up values and what they mean, and i think I've deduced that A4 is the PDU type = response, and the 04 is where i got the community from. I can't find anything about values for the community field so in my string i see a 04 in about same location as the figure i have.

The OID value i posted has to be wrong actually i think it is 1.3.6.1.2.1.1.5.0.4 because the string near end 06 08 2b 06 01 02 01 01 05 00 04 i think is telling me the value is 8 octets in length starting at 06

 

[I like Serena]

Umm... the picture I linked to is an example.
It shows how "private" would be encoded for the community.
But your hex dump has a different community...
It starts with 04 signifying the start of the community.
It is followed by 06 indicating 6 bytes length ("private" is 7 bytes).

And where did you find A4?
I don't see it.

Btw, here's the page that contains the picture:
http://www.rane.com/note161.html

 

[Derill03]

sorry i meant A2 = response for PDU in the 0030 row

Is there anywhere i can find a table or listing of how to tell what the community is for different byte lengths? I have searched and i am coming up empty handed that's why i came here for some extra help.

So from what your saying 04 represents the start of the community and the following value tells how many bytes the community is

 

[Derill03]

Wait is the community "Public" because public is 6 ascii characters and private is 7 so it makes sense?

 

[Derill03]

no its public because the 6 characters that follow are ascii for "public" ok i know that is correct.

Can you help me understand the OID value some more, i know it starts at 06 08 2b going from my educated guess way of thinking i think it is 1.3.6.1.2.1.1.5.0.4 but to be honest it don't make sense because i still have so many values left but the only connection i can make is that in the example you gave me the value after 06 was 0d and there was 13 values left in the data string

 

[I like Serena]

The OID is identified with 06 followed by its length which is 08 bytes.
06 08
2b 06 01 02 01 01 05 00

So the OID is (more details here: http://codeidol.com/csharp/csharp-network/SNMP/Working-with-SNMP-Packets/ ):
1.3.6.1.2.1.1.5.0

which is followed by the value.
Since that starts with 04, it must be of type string...