Re: SNMP Trap Decoding issue

What are those BER and SNMP_session modules? I Don't have them and can't seem to find them on CPAN, either.

The problem seems to be that this payload has multiple BER encoded data chunks concatenated together. You could decode the payload, encode back the chunk you've decoded, and strip that off the payload, lather, rinse, repeat:

#!/usr/bin/perl
use Encoding::BER::SNMP;

while(<DATA>) {
    chop;
    $data .= chr hex $1 while s/(..)//;
} 

my $enc = Encoding::BER::SNMP->new();

while ($data) {
    my $result = $enc->decode($data);
    my $oid    = $result->{'value'}->[0]->{'value'};
    my $value  = $result->{'value'}->[1]->{'value'};

    print "returned pair: $oid -> $value\n";

    my $back   = $enc->encode($result);
    $data      =~ s/\Q$back\E// or last;
}
__DATA__
3014060e2b06010401090929010203010200040232303013060e2b060104
01090929010203010300020105301d060e2b060104010909290102030104
00040b5379736c6f67205472617030818c060e2b06010401090929010203
010500047a3130363032333a2044656e792069636d7020737263206f7574
736964653a3231362e3139362e36342e3132342064737420696e73696465
3a3230382e3130392e39302e323120287479706520382c20636f64652030
29206279206163636573732d67726f757020226f7574736964655f616363
6573735f696e223016060e2b06010401090929010203010600430473c36bf8
[download]

Output:

returned pair: 1.3.6.1.4.1.9.9.41.1.2.3.1.2.0 -> 20
returned pair: 1.3.6.1.4.1.9.9.41.1.2.3.1.3.0 -> 5
returned pair: 1.3.6.1.4.1.9.9.41.1.2.3.1.4.0 -> Syslog Trap
returned pair: 1.3.6.1.4.1.9.9.41.1.2.3.1.5.0 -> 106023: Deny icmp src
+ outside:216.196.64.124 dst inside:208.109.90.21 (type 8, code 0) by 
+access-group "outside_access_in"
returned pair: 1.3.6.1.4.1.9.9.41.1.2.3.1.6.0 -> 1942187000
[download]

update: removed superfluous data dump
update: changed Encoding::BER to Encoding::BER::SNMP

--shmem

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

Comment on Re: SNMP Trap Decoding issue Select or Download Code

Replies are listed 'Best First'.
Re^2: SNMP Trap Decoding issue by ikkeniet (Acolyte) on May 04, 2007 at 15:10 UTC
shmem, thank you for your wisdom. The modules I have installed did come with ActiveState's Perl (yes on Windows :-( and from Net-SNMP) Small problem though. The hex is stored in a variable called $encoded_pair How do I modify your code so that it applies to $encoded_pair? `while(<DATA>) { chop; $data .= chr hex $1 while s/(..)//; }` [download] Pretty sure it is a dump question but reading your post has improved my day and spirit a lot already.	[reply] [d/l]
Re^3: SNMP Trap Decoding issue by shmem (Chancellor) on May 04, 2007 at 15:31 UTC
Easy: `$data .= chr hex $1 while $encoded_pair =~ s/(..)//;` [download] :-) If you need your `$encoded_pair` for any other purpose after that, make a copy first, since the `s///` is destructive. Or, better, do `$data = join '', map { chr hex $_ } $encoded_pair =~ /(..)/g;` [download] BTW, could you please reformat your OP and wrap your HEX string in `<code>` tags? Thank you. --shmem _($_=" "x(1<<5)."?\n".q·/)Oo. G°\ / /\_¯/(q / ---------------------------- \__(m.====·.(_("always off the crowd"))."· ");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}	[reply] [d/l] [select]
Re^4: SNMP Trap Decoding issue by ikkeniet (Acolyte) on May 04, 2007 at 15:47 UTC
I have wrapped the HEX code sorry for that. What do you mean with OP I have tried your code as follows but it does not produce any output: #!/usr/bin/perl use Encoding::BER::SNMP; my $temp="3014060e2b06010401090929010203010200040232303013060e2b060104 +01090929010203010300020105301d060e2b06010401090929010203010400040b537 +9736c6f67205472617030818c060e2b06010401090929010203010500047a31303630 +32333a2044656e792069636d7020737263206f7574736964653a3231362e3139362e3 +6342e3132342064737420696e736964653a3230382e3130392e39302e323120287479 +706520382c20636f6465203029206279206163636573732d67726f757020226f75747 +36964655f6163636573735f696e223016060e2b060104010909290102030106004304 +73c36bf8"; $data .= chr hex $1 while $temp=s/(..)//; my $enc = Encoding::BER::SNMP->new(); while ($data) { my $result = $enc->decode($data); my $oid = $result->{'value'}->[0]->{'value'}; my $value = $result->{'value'}->[1]->{'value'}; print "returned pair: $oid -> $value\n"; my $back = $enc->encode($result); $data =~ s/\Q$back\E// or last; } [download] I am starting to feel that I am doing really stupid but I just can't see what :-)	[reply] [d/l]
Re^5: SNMP Trap Decoding issue by ikkeniet (Acolyte) on May 04, 2007 at 16:07 UTC
Re^5: SNMP Trap Decoding issue by shmem (Chancellor) on May 04, 2007 at 16:16 UTC