snmp packet analysis
TRANSCRIPT
2
SNMP packet trace using Wireshark
3
Ethernet Frame
4
Example of SNMP message
5
Basic Encoding Rules• Used to transmit data between systems that native encoding is
different– Type– Length– Value
also called encoding Type-Length-Value
6
Basic Encoding Rules : Data Type
7
Example of Ethernet Encoding
00 00 00 00 A3 E0 53 16 00 A0 24 70 C2 B7 08 00 45 00
00 10 00 45 1A 03 00 00 1E 11 72 8B C0 09 C8 02 C0 09
00 20 C8 04 04 00 00 A1 00 31 7E 18 30 27 02 01 00 04
00 30 06 70 75 62 6C 69 63 A0 1A 02 02 0F A4 02 01 00
00 40 02 01 00 30 0E 30 0C 06 08 2B 06 01 02 01 01 03
00 50 00 05 00 00 0A 00 7E
8
Example of Ethernet Encoding
00 00 00 00 43 E0 53 16 00 A0 24 70 C2 B7 08 00 45 00
00 10 00 45 1A 03 00 00 1E 11 72 8B C0 09 C8 02 C0 09
00 20 C8 04 04 00 00 A1 00 31 7E 18 30 27 02 01 00 04
00 30 06 70 75 62 6C 69 63 A0 1A 02 02 0F A4 02 01 00
00 40 02 01 00 30 0E 30 0C 06 08 2B 06 01 02 01 01 03
00 50 00 05 00 00 0A 00 7E
Ethernet Header (14 bytes) + FCS (4 bytes)
9
Example of Ethernet Encoding
00 00 00 00 43 E0 53 16 00 A0 24 70 C2 B7 08 00 45 00
00 10 00 45 1A 03 00 00 1E 11 72 8B C0 09 C8 02 C0 09
00 20 C8 04 04 00 00 A1 00 31 7E 18 30 27 02 01 00 04
00 30 06 70 75 62 6C 69 63 A0 1A 02 02 0F A4 02 01 00
00 40 02 01 00 30 0E 30 0C 06 08 2B 06 01 02 01 01 03
00 50 00 05 00 00 0A 00 7E
Ethernet Header (14 bytes.) + FCS (4 bytes)IP Header (20 bytes)
10
Example of Ethernet Encoding
00 00 00 00 43 E0 53 16 00 A0 24 70 C2 B7 08 00 45 00
00 10 00 45 1A 03 00 00 1E 11 72 8B C0 09 C8 02 C0 09
00 20 C8 04 04 00 00 A1 00 31 7E 18 30 27 02 01 00 04
00 30 06 70 75 62 6C 69 63 A0 1A 02 02 0F A4 02 01 00
00 40 02 01 00 30 0E 30 0C 06 08 2B 06 01 02 01 01 03
00 50 00 05 00 00 0A 00 7E
Ethernet Header (14 bytes.) + FCS (4 bytes)IP Header (20 bytes)UDP Header (8 bytes)
SNMP Data
11
Sequence 30 27 27 = 39 octets
12
Sequence 30 27 27 = 39 octets
Integer 02 01 : 00
13
Sequence 30 27 27 = 39 octets
Integer 02 01 : 00
String 04 06 : 70 75 62 6C 69 63
P U B L I C
Header
14
Sequence 30 27 27 = 39 octets
Integer 02 01 : 00
String 04 06 : 70 75 62 6C 69 63
P U B L I C
Sequence A0 A0 = 1010 0000 (Get
Request)
1A 1A = 26 octets
PDU
Header
15
Sequence 30 27 27 = 39 octets
Integer 02 01 : 00
String 04 06 : 70 75 62 6C 69 63
P U B L I C
Sequence A0 A0 = 1010 0000 (Get
Request)
1A 1A = 26 octets
Integer 02 02 : 0F A4 Request ID = 4004
Integer 02 01 : 00 Error status : 0
Integer 02 01 : 00 Error index : 0
PDU
Header
16
Sequence 30 27 27 = 39 octets
Integer 02 01 : 00
String 04 06 : 70 75 62 6C 69 63
P U B L I C
Sequence A0 A0 = 1010 0000 (Get
Request)
1A 1A = 26 octets
Integer 02 02 : 0F A4 Request ID = 4004
Integer 02 01 : 00 Error statut : 0
Integer 02 01 : 00 Error index : 0
Sequence 30 0E 0E = 14 octets
Sequence 30 0C OC = 12 octets
Objet 06 08 : 2B 06 01 02 01 01 03 00
1.3. 6. 1. 2. 1. 1. 3. 0
Null 05 00
PDU
Header
17
1-sysDescr2-sysObjectID3-sysUpTime4-sysContact5-sysName6-sysLocation
1 – 3 – 6 – 1 – 2 – 1 – 1 – 3
Addr. Trans.3
Syst1
Interface2
IP4
ICMP5
TCP6
UDP7
EGP8
MIB I1
2
Directory1
Mgmt2
Experim.3
Private4
Internet1
2
3
4
1
2
3
4
5
DoD6
STD0
ORG3
2
1
UIT0
ISO1
2
18
SysUpTimeDescription type d'un objet (MIB II) Description de l'objet
SysUpTime
OBJECT_TYPE MACRO =BEGINTYPE NOTATION =
"SYNTAX" type (TYPE ObjectSyntax)"ACCESS" Access"STATUS" Status
VALUE NOTATION = value (VALUE ObjectName)DESCRIPTION value (description DisplayString) |emptyAccess ="read_only"|"write_only"|"not_accessible"Status ="mandatory"|"optional"|"obsolete"|"deprecated"DisplayString=OCTET STRING SIZE (0…255)END
SysUpTime OBJECT_TYPESyntax TimeTicksAccess read_onlyStatus mandatoryDescription "The Time (in hundredhs of a second) since the network management portion of a system was last reinitialized"={system 3}