The size of request/response within SNMP packet payload

book

Article ID: 167892

calendar_today

Updated On:

Products

XOS

Issue/Introduction

The number in parentheses reported by tcpdump for SNMP traffic signifies the SNMP message size.N/A
 

Cause

This article explains how to know the size of the SNMP message within the SNNP packet payload.

Resolution

When running tcpdump to monitor SNMP traffic, it reports a number inside parentheses appended to each SNMP message (e.g. GetRequest or GetResponse):

20:14:57.946579 IP 172.30.65.19.55828 > 192.168.135.20.snmp:  GetRequest(28)  system.sysUpTime.0
20:14:57.947045 IP 192.168.135.20.snmp > 172.30.65.19.55828:  GetResponse(32)  system.sysUpTime.0=45173054
20:19:18.423148 IP 172.30.65.19.50852 > 192.168.135.20.snmp:  GetNextRequest(28)  system.sysUpTime.0
20:19:18.423423 IP 192.168.135.20.snmp > 172.30.65.19.50852:  GetResponse(49)  system.sysContact.0=[|snmp]

This number means the size of the data appended to the specific SNMP message within the SNMP packet payload. It doesn't count the SNMP version, community string or even the SNMP message code.

Workaround

N/A