-   Linux - Networking (
-   -   tcpdump/snmp: lenX<asnlenY (

eantoranz 05-31-2010 10:31 AM

tcpdump/snmp: lenX<asnlenY
Hi, guys!

I'm trying to sniff snmp traps being sent to a NMS. I'm setting -s to 0 but when I start sniffing, some of the packets, instead of being decoded, show me messages like this:


What is that supposed to mean? Thanks in advance

unSpawn 05-31-2010 02:07 PM

"asn" prolly means ASN.1. The ints prolly are packet sizes. Any chance of posting a pcap or a conversation and the SNMP version?

eantoranz 05-31-2010 05:37 PM

The problem was that the snmp trap is being broken into two packets cause of its size. If the trace is saved (-w blah) and when opened in wireshark, it's possible to see the full trap after all the packets that make it up are in.

Thanks for your kind help.

unSpawn 05-31-2010 05:50 PM

Hmm. So that means one should read it something like "packet length 1468 less than expected packet length 1663"?.. Thanks for posting back!

eantoranz 05-31-2010 05:53 PM

I'd say it's very likely. And you're welcome.

All times are GMT -5. The time now is 09:53 PM.