For decoding SNMP traps, use Net::SNMPTrapd

You can take your payload and use it directly like:

#!/usr/bin/perl

use strict;
use warnings;
use Net::SNMPTrapd;

my $snmptrap = '3082016302[...]0b51';
# where [...] is you really, really long string

my $trap = Net::SNMPTrapd->dump(pack "H*", $snmptrap);

#DONE!

# OR ...
# for a nicely formatted output ...

$trap = Net::SNMPTrapd->process_trap(pack "H*", $snmptrap);

printf "Version    = %i\n", $trap->version;
printf "Community  = %s\n", $trap->community,
printf "PDU Type   = %s\n", $trap->pdu_type;
if ($trap->version == 1) {
    printf "Ent. OID   = %s\n", $trap->ent_OID;
    printf "Agent Addr = %s\n", $trap->agentaddr;
    printf "Generic    = %s\n", $trap->generic_trap;
    printf "Specific   = %s\n", $trap->specific_trap;
    printf "Timeticks  = %s\n", $trap->timeticks
} else {
    printf "Request ID = %s\n", $trap->request_ID;
    printf "Error Stat = %s\n", $trap->error_status;
    printf "Error Idx  = %s\n", $trap->error_index
}
print "Varbinds:\n";
for my $varbind (@{$trap->varbinds}) {
    for (keys(%{$varbind})) {
        printf "%s: %s\n", $_, $varbind->{$_}
    }
}

[download]

Output is as follows:

VinsWorldcom@C:\Users\VinsWorldcom\tmp> script.pl
0000  355: SEQUENCE {
0004    1:   INTEGER = 1
0007    6:   STRING = 'esymac'
000F  340:   [CONTEXT 7] {
0013    4:     INTEGER = 358657575
0019    1:     INTEGER = 0
001C    1:     INTEGER = 0
001F  324:     SEQUENCE {
0023   16:       SEQUENCE {
0025    8:         OBJECT ID = 1.3.6.1.2.1.1.3.0
002F    4:         [APPLICATION 3]
0031     :           0C D6 AE ED __ __ __ __ __ __ __ __ __ __ __ __ .
+...
0035     :       }
0035   25:       SEQUENCE {
0037   10:         OBJECT ID = 1.3.6.1.6.3.1.1.4.1.0
0043   11:         OBJECT ID = 1.3.6.1.4.1.94.7.1.3.0.2
0050     :       }
0050   40:       SEQUENCE {
0052   12:         OBJECT ID = 1.3.6.1.4.1.94.7.1.4.2.1.2
0060   24:         STRING = 'IPDOM-1/IPNE-9/IPNEIF-16'
007A     :       }
007A   18:       SEQUENCE {
007C   12:         OBJECT ID = 1.3.6.1.4.1.94.7.1.4.2.1.1
008A    2:         INTEGER = 1583
008E     :       }
008E   24:       SEQUENCE {
0090   12:         OBJECT ID = 1.3.6.1.4.1.94.7.1.4.2.1.3
009E    8:         STRING
00A0     :           07 DA 09 0D 0F 2A 20 01 __ __ __ __ __ __ __ __ .
+....* .
00A8     :       }
00A8   19:       SEQUENCE {
00AA   12:         OBJECT ID = 1.3.6.1.4.1.94.7.1.4.2.1.4
00B8    3:         INTEGER = 123505
00BD     :       }
00BD   44:       SEQUENCE {
00BF   12:         OBJECT ID = 1.3.6.1.4.1.94.7.1.4.2.1.5
00CD   28:         STRING = 'PORT OR INTERFACE HAS FAILED'
00EB     :       }
00EB   17:       SEQUENCE {
00ED   12:         OBJECT ID = 1.3.6.1.4.1.94.7.1.4.2.1.6
00FB    1:         INTEGER = 5
00FE     :       }
00FE   44:       SEQUENCE {
0100   12:         OBJECT ID = 1.3.6.1.4.1.94.7.1.4.2.1.7
010E   28:         STRING = 'Port or interface has failed'
012C     :       }
012C   18:       SEQUENCE {
012E   12:         OBJECT ID = 1.3.6.1.4.1.94.7.1.4.2.1.8
013C    2:         INTEGER = 315
0140     :       }
0140   17:       SEQUENCE {
0142   12:         OBJECT ID = 1.3.6.1.4.1.94.7.1.4.2.1.9
0150    1:         INTEGER = 4
0153     :       }
0153   18:       SEQUENCE {
0155   12:         OBJECT ID = 1.3.6.1.4.1.94.7.1.4.2.1.10
0163    2:         INTEGER = 2897
0167     :       }
0167     :     }
0167     :   }
0167     : }

30 82 01 63 02 01 01 04 06 65 73 79 6D 61 63 A7 0..c.....esymac.
82 01 54 02 04 15 60 AE 27 02 01 00 02 01 00 30 ..T...`.'......0
82 01 44 30 10 06 08 2B 06 01 02 01 01 03 00 43 ..D0...+.......C
04 0C D6 AE ED 30 19 06 0A 2B 06 01 06 03 01 01 .....0...+......
04 01 00 06 0B 2B 06 01 04 01 5E 07 01 03 00 02 .....+....^.....
30 28 06 0C 2B 06 01 04 01 5E 07 01 04 02 01 02 0(..+....^......
04 18 49 50 44 4F 4D 2D 31 2F 49 50 4E 45 2D 39 ..IPDOM-1/IPNE-9
2F 49 50 4E 45 49 46 2D 31 36 30 12 06 0C 2B 06 /IPNEIF-160...+.
01 04 01 5E 07 01 04 02 01 01 02 02 06 2F 30 18 ...^........./0.
06 0C 2B 06 01 04 01 5E 07 01 04 02 01 03 04 08 ..+....^........
07 DA 09 0D 0F 2A 20 01 30 13 06 0C 2B 06 01 04 .....* .0...+...
01 5E 07 01 04 02 01 04 02 03 01 E2 71 30 2C 06 .^..........q0,.
0C 2B 06 01 04 01 5E 07 01 04 02 01 05 04 1C 50 .+....^........P
4F 52 54 20 4F 52 20 49 4E 54 45 52 46 41 43 45 ORT OR INTERFACE
20 48 41 53 20 46 41 49 4C 45 44 30 11 06 0C 2B  HAS FAILED0...+
06 01 04 01 5E 07 01 04 02 01 06 02 01 05 30 2C ....^.........0,
06 0C 2B 06 01 04 01 5E 07 01 04 02 01 07 04 1C ..+....^........
50 6F 72 74 20 6F 72 20 69 6E 74 65 72 66 61 63 Port or interfac
65 20 68 61 73 20 66 61 69 6C 65 64 30 12 06 0C e has failed0...
2B 06 01 04 01 5E 07 01 04 02 01 08 02 02 01 3B +....^.........;
30 11 06 0C 2B 06 01 04 01 5E 07 01 04 02 01 09 0...+....^......
02 01 04 30 12 06 0C 2B 06 01 04 01 5E 07 01 04 ...0...+....^...
02 01 0A 02 02 0B 51 __ __ __ __ __ __ __ __ __ ......Q

Version    = 2
PDU Type   = SNMPv2-Trap
Community  = esymac
Request ID = 358657575
Error Stat = 0
Error Idx  = 0
Varbinds:
1.3.6.1.2.1.1.3.0: 215396077
1.3.6.1.6.3.1.1.4.1.0: 1.3.6.1.4.1.94.7.1.3.0.2
1.3.6.1.4.1.94.7.1.4.2.1.2: IPDOM-1/IPNE-9/IPNEIF-16
1.3.6.1.4.1.94.7.1.4.2.1.1: 1583
☼* ☺6.1.4.1.94.7.1.4.2.1.3: ┌
1.3.6.1.4.1.94.7.1.4.2.1.4: 123505
1.3.6.1.4.1.94.7.1.4.2.1.5: PORT OR INTERFACE HAS FAILED
1.3.6.1.4.1.94.7.1.4.2.1.6: 5
1.3.6.1.4.1.94.7.1.4.2.1.7: Port or interface has failed
1.3.6.1.4.1.94.7.1.4.2.1.8: 315
1.3.6.1.4.1.94.7.1.4.2.1.9: 4
1.3.6.1.4.1.94.7.1.4.2.1.10: 2897

[download]

UPDATE: code and output

In reply to Re: How to parse SNMP traps from pcap file by VinsWorldcom
in thread How to parse SNMP traps from pcap file by dalbaranster

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.