How to decipher ASN/BER packets

StackOverflow https://stackoverflow.com/questions/21940467

Question

I am working on an SNMP manager with the Java language. I am currently working on a custom ASN/BER codec backed by the power of Netty. I have made a decent way in and understand the low-level stuff, but I have never worked with protocol analysis before. I dont really understand how to decrypt information out of the packet I can use.

Now on to the specifics. I understand that type information is encoded into the packet in hex values, I have been able to identify types present in the packet by looking over the Wireshark output of an SNMP trap packet. What I don't understand is how can I find out the contextual information? Like so:

(Taken from JoeSnmp)

public static final byte OCTETSTRING = (byte) 0x04;
public static final byte APPLICATION = (byte) 0x40;
public static final byte SMI_IPADDRESS = (ASN1.APPLICATION | 0x00);

I have been able to find the value for OCTET_STRING by looking at the SMI RFC, but how did they find the application context value? I dont want a reference to the answer, I want to know how I can find the answer myself looking at the packet.

As you can probably tell, I'm new to the whole protocol analysis and network application field, so if you have any other related resources I would also be happy to look over those :).

Thanks in advance for your help!

Was it helpful?

Solution

Basically, the APPLICATION value is a hardcoded constant. The value for the APPLICATION constant is obtained from the ASN.1 BER encoding specifications. In ASN.1 BER encodings each value has an associated tag and length. A tag is composed of tag class and tag number. There are four tag classes: universal, application, context-specific, private. These four values are encoded as two bits on the positions 8 and 7 of the first octet of the tag encoding. The bits corresponding to the application class are 01 (bit 8 and bit 7), and translated in hex this gives the 0x40 bit mask, which is used below to compute the tag values using bitwise operations.

For more details about the BER encoding, see for example http://luca.ntop.org/Teaching/Appunti/asn1.html.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top