The size of request/response within SNMP packet payload
book
Article ID: 167892
calendar_today
Updated On:
Products
XOS
Issue/Introduction
The number in parentheses reported by tcpdump for SNMP traffic signifies the SNMP message size.N/A
Cause
This article explains how to know the size of the SNMP message within the SNNP packet payload.
Resolution
When running tcpdump to monitor SNMP traffic, it reports a number inside parentheses appended to each SNMP message (e.g. GetRequest or GetResponse):
20:14:57.946579 IP 172.30.65.19.55828 > 192.168.135.20.snmp: GetRequest(28) system.sysUpTime.0 20:14:57.947045 IP 192.168.135.20.snmp > 172.30.65.19.55828: GetResponse(32) system.sysUpTime.0=45173054 20:19:18.423148 IP 172.30.65.19.50852 > 192.168.135.20.snmp: GetNextRequest(28) system.sysUpTime.0 20:19:18.423423 IP 192.168.135.20.snmp > 172.30.65.19.50852: GetResponse(49) system.sysContact.0=[|snmp]
This number means the size of the data appended to the specific SNMP message within the SNMP packet payload. It doesn't count the SNMP version, community string or even the SNMP message code.