Ticket #99 (closed enhancement: fixed)

Opened 7 months ago

Last modified 2 months ago

Improved support for SNMPv1 traps

Reported by: Dirk Loss Assigned to: pbi
Priority: minor Milestone:
Component: Scapy Version:
Keywords: snmp trap Cc:

Description

Here's a patch that improves support for SNMPv1 traps a bit. It adds an IPADDRESS tag (0x40) and the corresponding field, adds an SNMP binding for UDP port 162 and it modifies the SNMPtrapv1 class. (According to RFC 1067, there's no ID field in SNMP PDUs.)

I used the following test data: 

0000   30 29 02 01 00 04 06 70  75 62 6C 69 63 A4 1C 06   0).....public...
0010   07 2B 06 01 04 01 96 26  40 04 C0 A8 01 0A 02 01   .+.....&@.......
0020   06 02 01 01 43 03 FE 62  54 30 00                  ....C..bT0.

Decoding now gives: 

<SNMP  version=<ASN1_INTEGER[0L]> community=<ASN1_STRING['public']>
 PDU=<SNMPtrapv1  enterprise=<ASN1_OID['.1.3.6.1.4.1.2854']> 
 agent_addr=<ASN1_IPADDRESS['192.168.1.10']> generic_trap=<ASN1_INTEGER[6L]>
 specific_trap=<ASN1_INTEGER[1L]> time_stamp=<ASN1_TIME_TICKS[-105900L]>
 varbindlist=[] |> |>

As you can see, TIME_TICKS are still not properly decoded, because unsigned integers aren't supported, yet.

The patch is for the latest Linux version.

Attachments

snmptrapv1-scapy.diff (4.2 kB) - added by Dirk Loss on 03/08/08 23:25:32.

Change History

03/08/08 23:25:32 changed by Dirk Loss

  • attachment snmptrapv1-scapy.diff added.

08/17/08 01:23:28 changed by pbi

  • status changed from new to closed.
  • resolution set to fixed.

Applied in [d89fb130c10d]

Add/Change #99 (Improved support for SNMPv1 traps)




Change Properties
Action