Wireshark · Ethereal-dev: Re: [Ethereal-dev] decode as SNMP

[Guy Harris <guy@xxxxxxxxxxxx>]

On Tue, Sep 02, 2003 at 10:49:13PM -0700, S. Faizi wrote:
> From: "Guy Harris" <guy@xxxxxxxxxxxx>
> >(which isn't the
> > same as the regular SNMP dissector, as it has to worry about SNMP PDUs
> > split over TCP segments, etc) for ports 161 and 162.
> 
> How is this different from an SNMP PDU split over multiple UDP datagrams.

SNMP PDUs can be split over multiple UDP datagrams?  If so, how does the
reassembly code know in what order the datagrams should be reassembled?

> If you choose IP reassembly from the preferences menu, won't it take care of
> this?

Oh, you mean "How is this different from an SNMP PDU contained in a
*single* UDP datagram split over multiple *IP fragments*".

The answer to *that* question is "because

	1) SNMP PDUs inside a fragmented UDP datagram start at the
	   beginning of the first fragment and end at the end of the last
	   fragment; there is no guarantee that an SNMP PDU sent over
	   TCP will begin at the beginning of a TCP segment and end at
	   the end of a TCP segment;

	2) TCP has no idea where the SNMP PDU begins or ends; IP *does*
	   know when the fragmented IP datagram begins and ends".

Therefore, while the answer to your subsequent question is "yes, it'll
take care of that", that doesn't mean that the same kind of magic will
happen automatically with SNMP-over-TCP.