SNMP_UDF for SNMPv1 and SNMPv2c

[enaiman]

@leo

You have to play a little bit with $PDUType and $snmpOID values

Try using $PDUType = "A1" with $snmpOID = "1.3.6.1.2.1.1.1" OR

$PDUType = "A0" with $snmpOID = "1.3.6.1.2.1.1.1.0"

You should be able to get the answer correctly from your equipment.

The reason behind this is the way the request has to be made;

- if the request is "GetNext" (A1) then we don't need to specify an instance number because the system will return the next matched instance - in the case above the next matched instance is 1.3.6.1.2.1.1.1.0

- in case of a GetRequest (A0) we have to specify an instance (.0, .1 ... or other) in order to get an answer from the switch.

It is still not clear to me if you get an answer from your switch or not?

try this code:

expandcollapse popup

#Include <String.au3>
#Include <Array.au3>
#Include 'SNMP_UDF.au3'

Global $dest_IP = "x.x.x.x"                 ; Destination Address 
Global $Port = 161                              ; UDP 161  = SNMP port
Global $SNMP_Version = 1
Global $SNMP_Community = "public"               ; SNMPString(Community)
Global $SNMP_OID = "1.3.6.1.2.1.1.1.0"
Global $SNMP_ReqID = 1
Global $SNMP_Command

Global $Start = 1

$SNMP_Command = _SNMPBuildPacket($SNMP_OID, $SNMP_Community,$SNMP_Version, $SNMP_ReqID, "A0")

UDPStartUp()
$Socket = UDPopen($dest_IP, $Port)
UDPSend($Socket, $SNMP_Command)

ConsoleWrite($SNMP_Command & @LF& @LF)
_StartListener()
sleep (200)

Func _StartListener()
    If $Start = 1 Then
        $i = 0
        While (1)
            $srcv = UDPRecv($Socket, 2048)
            If ($srcv <> "") Then
                ConsoleWrite($srcv & @LF& @LF)
                $result = _ShowSNMPReceived ($srcv)
                _ArrayDisplay($result)
                Exit
            EndIf
         sleep(100)
        WEnd
    EndIf
EndFunc

Func OnAutoItExit()
    UDPCloseSocket($Socket)
    UDPShutdown()
EndFunc

You will have to replace IP and community string with your values and be sure to include SNMP_UDF.au3

Edited December 22, 2008 by enaiman

[leo]

@enaiman

Great!

I got it.

54 65 73 74 2d 38 32

But I don't know which character string I should encode from.

Example:

I got the response character string as below.

0x302E02010004067075626C6963A221020201000201000201003015301306082B060102010105000407546573742D3832

Now, I know that should encode from 54.

But I don't know which character string as below should encode from.

0x3082010602010004067075626C6963A281F8020201000201000201003081EB3081E806082B060102010101000481DB4369

73636F20496E7465726E6574776F726B204F7065726174696E672053797374656D20536F667477617265200D0A494F532028

746D2920433337353020536F667477617265202843333735302D49392D4D292C2056657273696F6E2031322E312831392945

4131642C2052454C4541534520534F4654574152452028666331290D0A436F707972696768742028632920313938362D3230

303420627920636973636F2053797374656D732C20496E632E0D0A436F6D70696C6564204D6F6E2030352D4170722D303420

32323A343020627920616E746F6E696E6F

I don't know if you understand my mean.

I only want to get the encoded information.

Thank you very much for your help!

[leo]

@enaiman

I amended your function for HEX to ASCII as below.

Func _HexToDec ($hex)

Local $extractedHEXarray [stringLen($hex) + 1]

Local $extractedHEX = ""

For $i = 1 To StringLen($hex) Step 2

$extractedHEXarray[$i] = StringMid($hex, $i, 2)

$extractedHEX &= Chr(Dec($extractedHEXarray[$i]))

Next

Return $extractedHEX

EndFunc

Now, I need to get the position of response information.

Thinking......

Studying.....

[enaiman]

@leo

The problem there is about the return string being a long one. Not your fault at all but mine.

I knew this will happen in the future and I have to work on my UDF to allow multiple querries and return strings no matter how big.

Unfortunately I didn't have too much time to work on this but ... it seems like I will do some work these days

Just a little bit of patience I will do my best to give you a solution today

[leo]

@enaiman

Perfect!

You are great!

[enaiman]

I'm sorry leo I have to dissapoint you but I won't be able to have something ready today. It turned out that it's a little bit more complicated than I thought.

It looks like the packet length if it is greater than 127 is encoded differently than I thought so a little bit more work is needed.

Hopefuly I will be able to work on this tomorrow.

[leo]

@enaiman

Nothing.

I'm studying SNMP structure.

Hope to get your help.

[leo]

@enaiman

I compared three packets as below.

.1.3.6.1.2.1.1.1.0

302902010004067075626c6963a01c020434615220020100020100300e300c06082b060102010101000500

3081e502010004067075626c6963a281d70204346152200201000201003081c83081c506082b060102010101000481b84369

73636F20494F5320536F6674776172652C20433337353020536F667477617265202843333735302D4950424153452D4D292C

2056657273696F6E2031322E32283335295345352C2052454C4541534520534F4654574152452028666331290D0A436F7079

72696768742028632920313938362D3230303720627920436973636F2053797374656D732C20496E632E0D0A436F6D70696C

6564205468752031392D4A756C2D30372031393A3135206279206E616368656E

.1.3.6.1.2.1.1.3.0

302902010004067075626c6963a01c020434615223020100020100300e300c06082b060102010103000500

302c02010004067075626c6963a21f0204346152230201000201003011300f06082b060102010103004303252e2a

.1.3.6.1.2.1.1.5.0

302902010004067075626c6963a01c020434615226020100020100300e300c06082b060102010105000500

303002010004067075626c6963a2230204346152260201000201003015301306082b060102010105000407546573742d3832

I found the different character string is 3081 in the first packets.

I don't understand why use 3081 there.

Anybody know?

[enaiman]

This is the packet you got in answer for 1.3.6.1.2.1.1.1.0

3081e502010004067075626c6963a281d70204346152200201000201003081c83081c506082b060102010101000481b84369

73636F20494F5320536F6674776172652C20433337353020536F667477617265202843333735302D4950424153452D4D292C

2056657273696F6E2031322E32283335295345352C2052454C4541534520534F4654574152452028666331290D0A436F7079

72696768742028632920313938362D3230303720627920436973636F2053797374656D732C20496E632E0D0A436F6D70696C

6564205468752031392D4A756C2D30372031393A3135206279206E616368656E

Because Cisco has quite a long string in that location, my UDF can't work yet with it (hope to make it to work today)

Looking at packet's structure:

- first 2 digits "30" is ASN code for "sequence"

- next 2 digits will be usually the length of the packet ... but ...

-* if the next 2 digits are less than 81 then that is the packet's length

-* if they are 81 (ASN code for long length) then the packet length is represented by the next 2 digits (your case packet length is e5)

-* if they are 82 (ASN code for long length) then packet's length will be represented by the next 4 digits

for your next packets you should get a clear value from my UDF because their length is 29 and 30.

I'm working on it

Edited December 23, 2008 by enaiman

[leo]

@enaiman

I tried to calculate the digits 81e5,81d7,81c8,81c5.

Results: Dec("e5")=229;Dec("d7")=215;Dec("c8")=200;Dec("c5")=197;

But total length of that character string is 464.

So, I still don't understand the next 2 digits after 81.

[leo]

@enaiman

I miss the digits 81b8 of varbind length, Dec("b8")=184, and actually value length=368(184*2).

Another example:

.1.3.6.1.2.1.1.1.0

3082012f0201000406535a56313932a282012002045c8df0f3020100020100308201103082010c06082b0601020101010004

81ff436973636f20496e7465726e6574776f726b204f7065726174696e672053797374656d20536f667477617265200d0a49

4f532028746d29207337323033335f727020536f66747761726520287337323033335f72702d504b3953562d4d292c205665

7273696f6e2031322e3228313764295358423131612c2052454c4541534520534f4654574152452028666331290d0a546563

686e6963616c20537570706f72743a20687474703a2f2f7777772e636973636f2e636f6d2f74656368737570706f72740d0a

436f707972696768742028632920313938362d3230303620627920636973636f2053797374656d732c20496e632e0d0a436f

6d70696c656420

The digits of varbind length is 81ff, Dec("ff")=255, and actually value length=510(255*2)

I don't know if varbind length & value length has such relation.

[enaiman]

actually your packet length is "e5" which is equal to 229

I have to specify something here: "1" length = 2 characters so your packet will be 229*2 = 458

if we consider that "30" and "81 e5" are not counted in this we will end with: 458 + 2(30) +4(81e5) = 464 exactly the length you have counted.

OK, I'll split the string here for you:

30 = sequence code

81 e5 = packet length

02 01 00 = SNMP Version

04 06 70 75 62 6c 69 63 = community string

a2 = "get response" code

81 d7 = SNMP PDU length

02 04 34 61 52 20 = request ID

02 01 00 = Error

02 01 00 = Error Index

30 = sequence code

81 c8 = length

30 = sequence code

81 c5 = length

06 = OID type

08 = OID length

2b 06 01 02 01 01 01 00 = OID

;--- returned data begins here ---

04 = type "string"

81 b8 = string length

AND

436973636F20494F5320536F6674776172652C20433337353020536F667477617265202843333735302D4950424153452D4D

292C2056657273696F6E2031322E32283335295345352C2052454C4541534520534F4654574152452028666331290D0A436F

707972696768742028632920313938362D3230303720627920436973636F2053797374656D732C20496E632E0D0A436F6D70

696C6564205468752031392D4A756C2D30372031393A3135206279206E616368656E

is the answer you're looking for

have a look at http://www.rane.com/note161.html

[leo]

@enaiman

Great!

Clear description!

Thank you very much!

[enaiman]

I have just finished woking on this UDF.

I had to rewite 90% of the code but IMO the new UDF works better

I have added Multiple OID support (OIDs can be passed in an array) and it can handle also long packets - exactly what Leo needs

New versions for UDF and example script are updated.

Any feedback is welcome

[ptrex]

@enaiman

Great work !!

I did not do any tests yet, since I do not have any devices around me at the moment.

Maybe some more people can do some tests.

Regards,

ptrex

[enaiman]

@ptrex

Thank you, You're very kind (as you always are )

I'm glad I found these 2 days after XMas to work on UDF. I'm sure I will get some feedback once people will come back from their holiday.

Until then, have a "happy new year"

[leo]

@enaiman

Great!

Got it!

[18]|Data Returned (clear)|Cisco IOS Software, C3750 Software (C3750-IPBASE-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)

Copyright © 1986-2007 by Cisco Systems, Inc.

Compiled Thu 19-Jul-07 19:15 by nachen

[18]|Data Returned (clear)|Cisco Internetwork Operating System Software

IOS s72033_rp Software (s72033_rp-PK9SV-M), Version 12.2(17d)SXB11a, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright © 1986-2006 by cisco Systems, Inc.

Compiled

I tried to get the decoded info as below.(for Cisco devices)

[0]|0|00-00-00-00-00-00|127.0.20.20|static

[1]|324|00-14-6A-C0-34-C3|172.17.224.82|static

[2]|324|00-00-0C-07-AC-00|172.17.224.126|dynamic

Add function for extract MAC address.

Func _SNMPExtractMAC($strMAC)

Local $extractedMACarray[7]

Local $extractedMAC = ""

For $i = 1 To 6

$extractedMACarray[$i] = StringMid($strMAC, 2 * $i - 1, 2)

If $i = 6 Then

$extractedMAC &= $extractedMACarray[$i]

Else

$extractedMAC &= $extractedMACarray[$i] & "-"

EndIf

Next

Return $extractedMAC

EndFunc ;==>_SNMPExtractMAC

One question:

For the array SNMP, I got the info as below use your function, but I should got the above info highlight with red.

I guess the reason was the function didn't continued to query.

[13]|Varbind 1|3013060E2B0601020104160101007F001414020100

[14]|Length|13

[15]|OID|2B0601020104160101007F001414

[16]|Data Type|02

[17]|Data Returned (hex)|00

[18]|Data Returned (clear)|0

[19]||

[20]|Varbind 2|3018060E2B0601020104160102007F0014140406000000000000

[21]|Length|18

[22]|OID|2B0601020104160102007F001414

[23]|Data Type|04

[24]|Data Returned (hex)|000000000000

[25]|Data Returned (clear)|

[26]||

[27]|Varbind 3|3016060E2B0601020104160103007F00141440047F001414

[28]|Length|16

[29]|OID|2B0601020104160103007F001414

[30]|Data Type|40

[31]|Data Returned (hex)|7F001414

[32]|Data Returned (clear)|127.0.20.20

[33]||

[34]|Varbind 4|3013060E2B0601020104160104007F001414020104

[35]|Length|13

[36]|OID|2B0601020104160104007F001414

[37]|Data Type|02

[38]|Data Returned (hex)|04

[39]|Data Returned (clear)|4

Edited January 5, 2009 by leo

[enaiman]

Thanks for trying the UDF,

I have to add support for MAC.

In order to do that I need to find ASN code for MAC address data type (so far I haven't found it).

Unfortunately I won't be able to work on this during the next 2 weeks. (I promise to do it when I get back )

Thanks for _SNMPExtractMAC($strMAC) function

[ptrex]

@enaiman

I've tested this too. And it seems to be working fine !!

Great job.

If you have some time can you test if your UDF accepts the SNMP Get command ?

Thanks,

ptrex

[dmollico]

This looks like an awesome script, and will do exactly what i'm looking for, however, I get hung up on

line 41: $srcv = UDPRecv($Socket, 2048)

the script just hangs there.

this is the only information i've changed/specified:

Global $dest_IP = "10.62.221.221" ; Destination Address

Global $SNMP_Community = "public" ; SNMPString(Community)

Global $SNMP_OID = "1.3.6.1.2.1.43.10.2.1.4.1.1" ; SNMPObjectID(ObjectID)

I'm just trying to get page counts from a kyocera printer.

Everything else is exactly the same way.

Edit: I found the "console write line" in another script in this forum, here is the $SNMP_Command it sends before it hangs on line 41:

0x302E02010104067075626C6963A0210202000102010002010030153013060F2B000103060102012B0A02010401010500

Edited January 6, 2009 by dmollico