Wireshark · Ethereal-dev: Re: [Ethereal-dev] decode as SNMP

["S. Faizi" <salfaizi@xxxxxxx>]

----- Original Message ----- 
From: "Guy Harris" <guy@xxxxxxxxxxxx>
To: "S. Faizi" <salfaizi@xxxxxxx>
Cc: <ethereal-dev@xxxxxxxxxxxx>
Sent: Tuesday, September 02, 2003 10:58 PM
Subject: Re: [Ethereal-dev] decode as SNMP


> On Tue, Sep 02, 2003 at 10:49:13PM -0700, S. Faizi wrote:
> > From: "Guy Harris" <guy@xxxxxxxxxxxx>
> > >(which isn't the
> > > same as the regular SNMP dissector, as it has to worry about SNMP PDUs
> > > split over TCP segments, etc) for ports 161 and 162.
> >
> > How is this different from an SNMP PDU split over multiple UDP
datagrams.
>
> SNMP PDUs can be split over multiple UDP datagrams?  If so, how does the
> reassembly code know in what order the datagrams should be reassembled?

You are right. A single PDU can't be split over multiple UDP datagrams. I
meant IP fragments.

> 1) SNMP PDUs inside a fragmented UDP datagram start at the
>    beginning of the first fragment and end at the end of the last
>    fragment; there is no guarantee that an SNMP PDU sent over
>    TCP will begin at the beginning of a TCP segment and end at
>    the end of a TCP segment;

OK, I think I understand your point now. UDP will present a complete pdu to
snmp. TCP is stream oriented, so some mechanism to demarcate the pdu needs
to be implemented.

Maybe SCTP ought to be used to transport SNMP. With udp sockets, SCTP will
offer a reliable transport mechanism, and present a complete datagram to
SNMP.