snmp packet analysis_v2
TRANSCRIPT
-
7/31/2019 SNMP Packet Analysis_v2
1/19
SNMP Packet Analysis
Tran Phuoc [email protected]
1
-
7/31/2019 SNMP Packet Analysis_v2
2/19
SNMP packet trace using Wireshark
2
-
7/31/2019 SNMP Packet Analysis_v2
3/19
Ethernet Frame
3
-
7/31/2019 SNMP Packet Analysis_v2
4/19
Example of SNMP message
4
-
7/31/2019 SNMP Packet Analysis_v2
5/19
Basic Encoding Rules Used to transmit data between systems that native encoding is
different Type Length Value
also called encoding Type-Length-Value
5
-
7/31/2019 SNMP Packet Analysis_v2
6/19
Basic Encoding Rules : Data Type
6
-
7/31/2019 SNMP Packet Analysis_v2
7/19
Example of Ethernet Encoding
00 00 00 00 A3 E0 53 16 00 A0 24 70 C2 B7 08 00 45 00
00 10 00 45 1A 03 00 00 1E 11 72 8B C0 09 C8 02 C0 09
00 20 C8 04 04 00 00 A1 00 31 7E 18 30 27 02 01 00 04
00 30 06 70 75 62 6C 69 63 A0 1A 02 02 0F A4 02 01 00
00 40 02 01 00 30 0E 30 0C 06 08 2B 06 01 02 01 01 03
00 50 00 05 00 00 0A 00 7E
7
-
7/31/2019 SNMP Packet Analysis_v2
8/19
Example of Ethernet Encoding
00 00 00 00 43 E0 53 16 00 A0 24 70 C2 B7 08 00 45 00
00 10 00 45 1A 03 00 00 1E 11 72 8B C0 09 C8 02 C0 09
00 20 C8 04 04 00 00 A1 00 31 7E 18 30 27 02 01 00 04
00 30 06 70 75 62 6C 69 63 A0 1A 02 02 0F A4 02 01 00
00 40 02 01 00 30 0E 30 0C 06 08 2B 06 01 02 01 01 03
00 50 00 05 00 00 0A 00 7E
8
Ethernet Header (14 bytes) + FCS (4 bytes)
-
7/31/2019 SNMP Packet Analysis_v2
9/19
Example of Ethernet Encoding
00 00 00 00 43 E0 53 16 00 A0 24 70 C2 B7 08 00 45 00
00 10 00 45 1A 03 00 00 1E 11 72 8B C0 09 C8 02 C0 09
00 20 C8 04 04 00 00 A1 00 31 7E 18 30 27 02 01 00 04
00 30 06 70 75 62 6C 69 63 A0 1A 02 02 0F A4 02 01 00
00 40 02 01 00 30 0E 30 0C 06 08 2B 06 01 02 01 01 03
00 50 00 05 00 00 0A 00 7E
9
Ethernet Header (14 bytes.) + FCS (4 bytes)IP Header (20 bytes)
-
7/31/2019 SNMP Packet Analysis_v2
10/19
Example of Ethernet Encoding
00 00 00 00 43 E0 53 16 00 A0 24 70 C2 B7 08 00 45 00
00 10 00 45 1A 03 00 00 1E 11 72 8B C0 09 C8 02 C0 09
00 20 C8 04 04 00 00 A1 00 31 7E 18 30 27 02 01 00 04
00 30 06 70 75 62 6C 69 63 A0 1A 02 02 0F A4 02 01 00
00 40 02 01 00 30 0E 30 0C 06 08 2B 06 01 02 01 01 03
00 50 00 05 00 00 0A 00 7E
10
Ethernet Header (14 bytes.) + FCS (4 bytes)IP Header (20 bytes)UDP Header (8 bytes)
SNMP Data
-
7/31/2019 SNMP Packet Analysis_v2
11/19
Sequence 30 27 27 = 39 octets
11
-
7/31/2019 SNMP Packet Analysis_v2
12/19
Sequence 30 27 27 = 39 octets
Integer 02 01 : 00
12
-
7/31/2019 SNMP Packet Analysis_v2
13/19
Sequence 30 27 27 = 39 octets
Integer 02 01 : 00
String 04 06 : 70 75 62 6C 69 63P U B L I C
Header
13
-
7/31/2019 SNMP Packet Analysis_v2
14/19
Sequence 30 27 27 = 39 octets
Integer 02 01 : 00
String 04 06 : 70 75 62 6C 69 63P U B L I C
Sequence A0 A0 = 1010 0000 (Get Request)1A 1A = 26 octets
PDU
Header
14
-
7/31/2019 SNMP Packet Analysis_v2
15/19
Sequence 30 27 27 = 39 octets
Integer 02 01 : 00
String 04 06 : 70 75 62 6C 69 63P U B L I C
Sequence A0 A0 = 1010 0000 (Get Request)1A 1A = 26 octets
Integer 02 02 : 0F A4 Request ID =4004
Integer 02 01 : 00 Error status : 0
Integer 02 01 : 00 Error index : 0PDU
Header
15
-
7/31/2019 SNMP Packet Analysis_v2
16/19
Sequence 30 27 27 = 39 octets
Integer 02 01 : 00
String 04 06 : 70 75 62 6C 69 63P U B L I C
Sequence A0 A0 = 1010 0000 (Get Request)1A 1A = 26 octets
Integer 02 02 : 0F A4 Request ID =4004
Integer 02 01 : 00 Error statut : 0
Integer 02 01 : 00 Error index : 0
Sequence 30 0E 0E = 14 octetsSequence 30 0C OC = 12 octets
Objet 06 08 : 2B 06 01 02 01 01 03 001.3. 6. 1. 2. 1. 1. 3. 0
Null 05 00
PDU
Header
16
http://p/http://p/ -
7/31/2019 SNMP Packet Analysis_v2
17/19
1.3 = 2B
The first two digits of the object identifier areencoded according to the formula 40x + y.
So, 1.3 is encoded by 43 or 2B in hexadecimal.
17
-
7/31/2019 SNMP Packet Analysis_v2
18/19
1-sysDescr2-sysObjectID3-sysUpTime4-sysContact5-sysName6-sysLocation
1 3 6 1 2 1 1 3
Addr. Trans.3
Syst1
Interface2
IP4
ICMP5
TCP
6
UDP7
EGP8
MIB I1
2
Directory1
Mgmt2
Experim.3
Private4
Internet1
2
3
4
1
2
3
4
5
DoD6
STD0
ORG3
2
1
UIT 0
ISO1
2
18
-
7/31/2019 SNMP Packet Analysis_v2
19/19
SysUpTimeDescription type d'un objet (MIB II) Description de l'objet
SysUpTimeOBJECT_TYPE MACRO =BEGINTYPE NOTATION =
"SYNTAX" type (TYPE ObjectSyntax)"ACCESS" Access"STATUS" Status
VALUE NOTATION = value (VALUE ObjectName)DESCRIPTION value (description DisplayString)|empty
Access ="read_only"|"write_only"|"not_accessible"Status="mandatory"|"optional"|"obsolete"|"deprecated"DisplayString=OCTET STRING SIZE (0255) END
SysUpTime OBJECT_TYPESyntax TimeTicksAccess read_onlyStatus mandatoryDescription "The Time (inhundredhs of a second) sincethe network managementportion of a system was lastreinitialized"={system 3}
19