Hand-decoding tcpdump'ed SNMPv1 packets
I can't go into too many details about what I'm working on right now, but it involves processing SNMP requests and generating SNMP responses. The hard part is that I'm writing all my own code to parse and process them, as I can't use the Net-SNMP library to do it for various reasons. (Trust me, I wish I could.)
What makes this so much fun (not!) is having to debug and troubleshoot my code by hand-decoding the SNMP messages, captured off the network using tcpdump. If you've never done this, I'd compare it to performing long division on really large numbers. It's not particularly hard, but it sure is tedious. Here's an example of a pair of request/response packets that I've hand-annotated:
Yeah. This certainly isn't one of the glorious parts of software development. But, it needs to be done, right?
Can't you get Ethereal to do this for you?
Guan: At first, I thought not--I can't run Ethereal on the host that's able to capture the packets. However, I can write the capture file and ship that to another machine where I can run Ethereal. Duh!
This also helped me track down the bug I've been fighting with for the last half-hour: I'm apparently computing the IP header and UDP header checksums wrong, which Ethereal clearly tells me I got wrong--and, what it should have been! Yay!
Thanks!
Ethereal is probably sufficient for whatever you're doing, but new development is being done under the name "Wireshark".
http://www.wireshark.org/
