Ethereal-users: Re: [ethereal-users] Question about SNMP decoder with regard to responseport

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Ron Flory <ron.flory@xxxxxxxxxx>
Date: Thu, 13 Jul 2000 16:10:02 -0500
Guy Harris wrote:
> 
> >  What causes the different behavior in Ethereal is that some SNMP
> > agents reply to GET message on the well-known contact port (161),
> > whereas others reply on a different port (basically, iterative vs
> > concurrent server model).
> 
> Oh, joy, another case where we have to use the same hack we use for
> TFTP.

 welllll, the agent is allowed to reply on any port he chooses, it just
so happens that many SNMP implementations are quite simplistic, and just
reply using the contact port #.

 I have access to several SNMP systems here, and half of them reply on
port 161 whereas the other half replies on the next unused port > 1024.

> I'll look into providing better support for that hack, so we can use it
> for other datagram-transport-layer request/response protocols.
> 
> Do you have a capture on which I can test any changes I make?

 attached file contains this session:

00:e0:29:51:5c:3d -> ff:ff:ff:ff:ff:ff ARP Who has 10.100.1.19?  
                     Tell 10.100.1.16
00:e0:29:51:5c:27 -> 00:e0:29:51:5c:3d ARP 10.100.1.19 is
at                      00:e0:29:51:5c:27
v2.adtran.com -> b2.adtran.com SNMP GET
b2.adtran.com -> v2.adtran.com UDP Source port: 2845  
                              Destination port: 1031
00:e0:29:51:5c:27 -> 00:e0:29:51:5c:3d ARP Who has 10.100.1.16?  
                     Tell 10.100.1.19
00:e0:29:51:5c:3d -> 00:e0:29:51:5c:27 ARP 10.100.1.16 is
at                      00:e0:29:51:5c:3d

Thanks...

ron

Attachment: snmp_capture.tgz
Description: application/compressed