SNMP packet format

Question

I've been trying to get my head around the SNMP packet format for a while, but I'm still not sure I've got it. Here's some observations I think I have correct, but I'm not sure about:

1. Each packet is a set of nested data primitives of different types, consisting of a type, a length and some data.
2. The first two parts of an OID are always 1.3 and get encoded to a single byte.
3. Subsequent parts are encoded as one byte each if their numeric value is less than 128.
4. OID parts larger than 127 are encoded into multiple bytes whose value is determined by the 7 least significant bits, with the most significant bit set to 1 for all but the last byte.
5. Some data type IDs are official (integer, string, etc) but some are proprietary and device-specific.

The bit I really don't understand is how the length of a particular value is encoded if the value is longer than 255 bytes. Using Wireshark, I discovered that for lengths under 256, the length field is 1 byte, but for lengths larger than 256 the field is split into multiple bytes. However, the encoding used in larger OID part numbers does not seem to apply.

I can't find anything in the RFCs about this (there are about 30 of them anyway) to help me out.

Can someone clear this up for me, and verfiy that the observations I made above are correct?

Answer 1

SNMP is defined using a subset of ASN.1. There are a bunch of standards describing it; X.690 covers the basic binary encoding.