> I thought I might look at this a bit. I notice it
> currently decodes some details...I am thinking of
> making it decode closer to the level
> of detail that Etherpeek decodes.
The coolest SNMP decode I ever saw was in Novell's Lanalyzer for Windows
product. They build a generic SNMP decoder, and included a MIB compiler
that would build compiled data for the decoder.
You just feed it a bunch of MIBs, compile them up, and what you saw in the
packet captures was just as smart as the MIBs you have. It was ideal
because if you had some wacky something that was misbehaving, as long as you
had the MIB for it you could easily feed that into your Lanalyzer and see
exactly what was going across the wire.
I was actually thinking about writing something similar for Sun RPC decodes,
except of course it would take the files you feed into RPCGEN and generate
something a sniffer could use to take apart the RPC transactions. As long
as you had the RPCGEN definitions for something, you'd be able to see it
decoded on the wire.
=====================================
Tim Farley
Software Engineer
tfarley@xxxxxxx
Internet Security Systems, Inc.
(678) 443-6000 / Direct Dial (678) 443-6189 / fax (678) 443-6479
http://www.iss.net
Adaptive Network Security for the Enterprise
=====================================
