LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 05-31-2010, 11:31 AM   #1
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Rep: Reputation: 83
tcpdump/snmp: lenX<asnlenY


Hi, guys!

I'm trying to sniff snmp traps being sent to a NMS. I'm setting -s to 0 but when I start sniffing, some of the packets, instead of being decoded, show me messages like this:

Code:
[len1468<asnlen1663]
What is that supposed to mean? Thanks in advance
 
Old 05-31-2010, 03:07 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,688
Blog Entries: 54

Rep: Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955
"asn" prolly means ASN.1. The ints prolly are packet sizes. Any chance of posting a pcap or a conversation and the SNMP version?
 
Old 05-31-2010, 06:37 PM   #3
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Original Poster
Rep: Reputation: 83
The problem was that the snmp trap is being broken into two packets cause of its size. If the trace is saved (-w blah) and when opened in wireshark, it's possible to see the full trap after all the packets that make it up are in.

Thanks for your kind help.
 
Old 05-31-2010, 06:50 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,688
Blog Entries: 54

Rep: Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955
Hmm. So that means one should read it something like "packet length 1468 less than expected packet length 1663"?.. Thanks for posting back!
 
Old 05-31-2010, 06:53 PM   #5
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Original Poster
Rep: Reputation: 83
I'd say it's very likely. And you're welcome.
 
  


Reply

Tags
sniff, snmp, tcpdump


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Integrate Mod-Apache-Snmp with Net-SNMP source kirukan Linux - Server 2 05-11-2011 02:48 AM
Net-SNMP writing a Subagent - snmp.conf Unknown token: master AustinMarton Programming 0 12-16-2008 08:34 PM
SNMP master & SNMP client Script for system monitoring ratul_11 Programming 1 12-24-2007 06:32 AM
How to configure ucd-snmp and net-snmp? Tazzmanian Linux - Networking 1 05-27-2005 09:09 AM
snmp (ucd-snmp, net-snmp) markus1982 Linux - Software 1 11-21-2002 11:45 AM


All times are GMT -5. The time now is 10:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration