| 1 |
c97ab82a
|
Ermal Lu?i
|
# SNMP Monitoring - Simple Network Management Protocol (RFC1157)
|
| 2 |
|
|
# Pattern attributes: good veryfast fast subset
|
| 3 |
|
|
# Protocol groups: networking ietf_internet_standard
|
| 4 |
|
|
# Wiki: http://en.wikipedia.org/wiki/SNMP
|
| 5 |
|
|
# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
|
| 6 |
|
|
#
|
| 7 |
|
|
# Usually runs on UDP ports 161
|
| 8 |
|
|
#
|
| 9 |
|
|
# These filters match SNMPv1 packets without fail, and are made
|
| 10 |
|
|
# as specific as possible not to match any ASN.1 encoded protocols.
|
| 11 |
|
|
# However these could still be matched by other protocols that
|
| 12 |
|
|
# use ASN.1 encoding
|
| 13 |
|
|
|
| 14 |
|
|
# Contributed by Goli SriSairam <goli_sai AT yahoo.com>
|
| 15 |
|
|
|
| 16 |
|
|
# This pattern has been tested and is believe to work well.
|
| 17 |
|
|
#
|
| 18 |
|
|
# To get or provide more information about this protocol and/or pattern:
|
| 19 |
|
|
# http://www.protocolinfo.org/wiki/SNMP
|
| 20 |
|
|
# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
|
| 21 |
|
|
|
| 22 |
|
|
# SNMPv1 GET/GETNEXT/SET request and response
|
| 23 |
|
|
# matches SNMP header
|
| 24 |
|
|
# version \x02\x01
|
| 25 |
|
|
# community \x04.+
|
| 26 |
|
|
# PDU type [\xa0-\xa3] (GET/GETNEXT/SET/GETRESPONSE)
|
| 27 |
|
|
# RequestId \x02[\x01-\x04].?.?.?.?
|
| 28 |
|
|
# errorStatus \x02\x01.?
|
| 29 |
|
|
# errorIndex \x02\x01.?
|
| 30 |
|
|
# varbinds start \x30
|
| 31 |
|
|
snmp-mon
|
| 32 |
|
|
^\x02\x01\x04.+[\xa0-\xa3]\x02[\x01-\x04].?.?.?.?\x02\x01.?\x02\x01.?\x30
|