SNMP message fetching and analysis (i.)

SNMP packet crawl and Analysis (i) 1, crawl SNMP messages

The form of the SNMP message is roughly as shown

Here we use netcat this tool to crawl snmp PDU (Protocol data Unit). (Because we don't need the front IP and the first UDP )

netcatSome basic uses of this can be seen here http://www.cnblogs.com/oloroso/p/4610563.html

Netcat Get SNMP message 1 First snmpwalkIssued by ( get-next-request)

We use it to listen to the port and then redirect the nc 161 output to the file a.hex . Because you are listening on port 161, you must run it with root privileges.

sudo nc -u -l 161 >a.hex

Then use snmpwalk this tool to “受控端” send commands to this.

snmpwalk -c public -v 2c localhost 1.3.6.1.4.201566.1.1

2 again gets the agent sent back ( get-response)

Let's start with the agent agent, and then use the following command to a.hex send the content to the agent and save the received return to theb.hex

[email protected]:~/snmpPUD$ nc -u 127.0.0.1 161 <a.hex >b.hex^C[email protected]:~/snmpPUD$

Analysis of acquired messages

Use it first hexdump to view the content of the message that was obtained. (Hexdump is a very useful hex analysis tool)

[email protected]:~/snmpPUD$ hexdump -C a.hex 00000000  30 2c 02 01 01 04 06 70  75 62 6c 69 63 a1 1f 02  |0,.....public...|00000010  04 22 70 8b d4 02 01 00  02 01 00 30 11 30 0f 06  |."p........0.0..|00000020  0b 2b 06 01 04 01 8c a6  5e 01 01 01 05 00        |.+......^.....|0000002e

[email protected]:~/snmpPUD$ hexdump -C 1.hex 00000000  30 30 02 01 01 04 06 70  75 62 6c 69 63 a2 23 02  |00.....public.#.|00000010  04 22 70 8b d4 02 01 00  02 01 00 30 15 30 13 06  |."p........0.0..|00000020  0e 2b 06 01 04 01 8c a6  5e 01 01 01 01 01 00 02  |.+......^.......|00000030  01 2b                                             |.+|00000032

Message Analysis Results

Look at the results first and then analyze them slowly.

get-next-requestMessage Sample analysis (A.hex)

Hexadecimal Data	explain
30	Represents an SNMP protocol message
2c	Message length 44 bytes (indicates a 44-byte later content)
02 01 01	Protocol version (2c) (first two bytes 02 01 = integer type)
04	Parameter type (OCTSTR)
06	Group (community) name length
6c 69 63	Assic code value for Group name public
A1	PUD Type Get-next-request
1f	SNMP PDU has a length of 31 octstr (31 bytes later)
Geneva 8b D4	Request identifier requesting ID
02 01 00	Indicates that Error-state is 0
02 01 00	Indicates that Error-index is 0
30 11	Indicates that the subsequent variable binding is a sequence type of 17 byte length
0f	Representation (variable name 1
06	Indicates that the field is an OID type
0b	OID Length 11 bytes
2b 06 01 04 01	1.3.6.1.4.1 (Identity 1.3 is merged into 2B)
8c A6 5e	201566 (This is also based on the rule conversion)
01 01 01	1.1.1
05 00	Represents null

get-responseMessage Sample analysis (B.hex)

Hexadecimal Data	explain
30	Represents an SNMP protocol message
30	Message length 48 bytes (indicates a 44-byte later content)
02 01 01	Protocol version (2c) (first two bytes 02 01 = integer type)
04	Parameter type (OCTSTR)
06	Group (community) name length
6c 69 63	Assic code value for Group name public
A2	PUD Type Get-response
23	SNMP PDU has a length of 35 octstr (31 bytes later)
Geneva 8b D4	Request identifier requesting ID
02 01 00	Indicates that Error-state is 0
02 01 00	Indicates that Error-index is 0
30 11	Indicates that the subsequent variable binding is a sequence type of 17 byte length
0f	Representation (variable name 1
06	Indicates that the field is an OID type
0b	OID Length 11 bytes
2b 06 01 04 01	1.3.6.1.4.1 (Identity 1.3 is merged into 2B)
8c A6 5e	201566 (This is also based on the rule conversion)
01 01 01	1.1.1
00	Represents. 0 that is the first instance \
	(The value below is actually the node 1.3.6.1.4.1.201566.1.1.1.0)
2b	02 01 for integer type, 2b for value (43)
05 00	Represents null

Here are snmpwalk the results obtained using the command

SNMP message fetching and analysis (i.)