5

I'm writing an SNMP agent and the MIB definition includes an OID of type Unsigned32.

The Unix implementation of the agent uses Net-SNMP and sets the OID as type ASN_UNSIGNED, since it doesn't have an ASN_UNSIGNED32. When I look at the GET response with Wireshark, it decodes it as a "Gauge32" value. That makes sense at first sight, because according to RFC 1902 Unsigned32 and Gauge32 are the same.

The Windows implementation is based on Windows' SnmpAPI.lib and sets the OID as ASN_UNSIGNED32 and when I look at the GET response with Wireshark, it decodes it as "Unsigned32". That looks even better to me.

How come the 2 implementations produce different results on the wire ?

Which is the correct version and how can I manage to get the same from both implementations ?

Gene Vincent
  • 4,721
  • 7
  • 43
  • 82

2 Answers2

5

It turns out Net-SNMP is using the current RFC 1902 encoding where Unsigned32 and Gauge32 are identical, while Windows uses the obsolete RFC 1442 encoding where Unsigned32 and Gauge32 had different encodings.

Gene Vincent
  • 4,721
  • 7
  • 43
  • 82
  • 1
    Good catch. Sounds like a bug of Windows. – Lex Li Jun 01 '12 at 06:11
  • From the looks of it, Microsoft hasn't really updated the SNMP service since 1996 when RFC 1902 came out. So they just stick with the old version and it seems most SNMOP tools are still compatible with RFC 1442 as well. – Gene Vincent Jun 01 '12 at 10:38
1

If you save the Wireshark capture on Windows and then open it in Wireshark on Unix. Then you may see what is the type it shows. Unsigned32 and Gauge32 are interchangeable defined by the standard, so there should be no different at all in all SNMP implementation. On the wire, it should transfer the same bytes.

Lex Li
  • 52,595
  • 8
  • 102
  • 129
  • Thats what I thought, but both Wireshark traces were done on Linux and the OID from the Linux agent are displayed as Gauge32 and the ones from the Windows agent are shown as Unsigned32. Same Wireshark executable on the same machine. – Gene Vincent May 26 '12 at 11:45
  • Did not have time to dive into Wireshark's parser. But like I said, you should read the raw bytes then. Have you done that? – Lex Li May 26 '12 at 12:40