LinuxQuestions.org

LinuxQuestions.org (http://www.linuxquestions.org/questions/index.php)
-   Linux - Networking (http://www.linuxquestions.org/questions/forumdisplay.php?f=3)
-   -   tcpdump/snmp: lenX<asnlenY (http://www.linuxquestions.org/questions/showthread.php?t=811291)

eantoranz 05-31-2010 10:31 AM

tcpdump/snmp: lenX<asnlenY
 
Hi, guys!

I'm trying to sniff snmp traps being sent to a NMS. I'm setting -s to 0 but when I start sniffing, some of the packets, instead of being decoded, show me messages like this:

Code:

[len1468<asnlen1663]
What is that supposed to mean? Thanks in advance

unSpawn 05-31-2010 02:07 PM

"asn" prolly means ASN.1. The ints prolly are packet sizes. Any chance of posting a pcap or a conversation and the SNMP version?

eantoranz 05-31-2010 05:37 PM

The problem was that the snmp trap is being broken into two packets cause of its size. If the trace is saved (-w blah) and when opened in wireshark, it's possible to see the full trap after all the packets that make it up are in.

Thanks for your kind help.

unSpawn 05-31-2010 05:50 PM

Hmm. So that means one should read it something like "packet length 1468 less than expected packet length 1663"?.. Thanks for posting back!

eantoranz 05-31-2010 05:53 PM

I'd say it's very likely. And you're welcome.


All times are GMT -5. The time now is 02:40 AM.