Identifying SNMP packet from just the IP header

Question

Is it possible to identify an SNMP packet from just the IP header?

score 3 · Accepted Answer · answered May 01 '13 at 09:02

3

Only indirectly, unreliable and in one direction, via the ports used (the manager sends traffic to UDP port 161, receives traps at 162), and of course that's already in the UDP header, not the IP one.

answered May 01 '13 at 09:02

Sven

98,649
14
180
226

score 0 · Answer 2 · answered May 11 '13 at 09:52

Since the L4 header isn't generally considered part of the L3 header, technically the answer is no since the IP header only carries the protocol type (SNMP is carried over UDP, with the exception of SNMPv3 which uses TCP)

Thus, you would need to look at the UDP/TCP ports to infer that SNMP was being used, but of course, that's not a guarantee that the traffic is genuinely SNMP.

Identifying SNMP packet from just the IP header

2 Answers2