|
1
|
# SNMP Traps - Simple Network Management Protocol (RFC1157)
|
|
2
|
# Pattern attributes: good veryfast fast subset
|
|
3
|
# Protocol groups: networking ietf_internet_standard
|
|
4
|
# Wiki: http://en.wikipedia.org/wiki/SNMP
|
|
5
|
# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
|
|
6
|
#
|
|
7
|
# Usually runs on UDP ports 162
|
|
8
|
#
|
|
9
|
# These filters match SNMPv1 packets without fail, and are made
|
|
10
|
# as specific as possible not to match any ASN.1 encoded protocols.
|
|
11
|
# However these could still be matched by other protocols that
|
|
12
|
# use ASN.1 encoding
|
|
13
|
|
|
14
|
# Contributed by Goli SriSairam <goli_sai AT yahoo.com>
|
|
15
|
|
|
16
|
# This pattern has been tested and is believe to work well.
|
|
17
|
#
|
|
18
|
# To get or provide more information about this protocol and/or pattern:
|
|
19
|
# http://www.protocolinfo.org/wiki/SNMP
|
|
20
|
# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
|
|
21
|
|
|
22
|
# SNMPv1 Trap
|
|
23
|
# matches SNMP trap header
|
|
24
|
# version \x02\x01
|
|
25
|
# community string \x04.+
|
|
26
|
# PDU type \xa4 (TRAP)
|
|
27
|
# enterprise \x06.+
|
|
28
|
# agent address \x40\x04\.?.?.?.?
|
|
29
|
# trap type \x02\x01.?
|
|
30
|
# specific trap type \x02\x01.?
|
|
31
|
# timestamp \x43
|
|
32
|
snmp-trap
|
|
33
|
^\x02\x01\x04.+\xa4\x06.+\x40\x04.?.?.?.?\x02\x01.?\x02\x01.?\x43
|