1f7d24e3fSHanoh Haim## This file is part of Scapy
2f7d24e3fSHanoh Haim## See http://www.secdev.org/projects/scapy for more informations
3f7d24e3fSHanoh Haim## Copyright (C) Philippe Biondi <phil@secdev.org>
4f7d24e3fSHanoh Haim## This program is published under a GPLv2 license
5f7d24e3fSHanoh Haim
6f7d24e3fSHanoh Haim"""
7f7d24e3fSHanoh HaimSNMP (Simple Network Management Protocol).
8f7d24e3fSHanoh Haim"""
9f7d24e3fSHanoh Haim
10f7d24e3fSHanoh Haimfrom scapy.asn1packet import *
11f7d24e3fSHanoh Haimfrom scapy.asn1fields import *
12f7d24e3fSHanoh Haimfrom scapy.layers.inet import UDP
13f7d24e3fSHanoh Haim
14f7d24e3fSHanoh Haim##########
15f7d24e3fSHanoh Haim## SNMP ##
16f7d24e3fSHanoh Haim##########
17f7d24e3fSHanoh Haim
18f7d24e3fSHanoh Haim######[ ASN1 class ]######
19f7d24e3fSHanoh Haim
20f7d24e3fSHanoh Haimclass ASN1_Class_SNMP(ASN1_Class_UNIVERSAL):
21f7d24e3fSHanoh Haim    name="SNMP"
22f7d24e3fSHanoh Haim    PDU_GET = 0xa0
23f7d24e3fSHanoh Haim    PDU_NEXT = 0xa1
24f7d24e3fSHanoh Haim    PDU_RESPONSE = 0xa2
25f7d24e3fSHanoh Haim    PDU_SET = 0xa3
26f7d24e3fSHanoh Haim    PDU_TRAPv1 = 0xa4
27f7d24e3fSHanoh Haim    PDU_BULK = 0xa5
28f7d24e3fSHanoh Haim    PDU_INFORM = 0xa6
29f7d24e3fSHanoh Haim    PDU_TRAPv2 = 0xa7
30f7d24e3fSHanoh Haim
31f7d24e3fSHanoh Haim
32f7d24e3fSHanoh Haimclass ASN1_SNMP_PDU_GET(ASN1_SEQUENCE):
33f7d24e3fSHanoh Haim    tag = ASN1_Class_SNMP.PDU_GET
34f7d24e3fSHanoh Haim
35f7d24e3fSHanoh Haimclass ASN1_SNMP_PDU_NEXT(ASN1_SEQUENCE):
36f7d24e3fSHanoh Haim    tag = ASN1_Class_SNMP.PDU_NEXT
37f7d24e3fSHanoh Haim
38f7d24e3fSHanoh Haimclass ASN1_SNMP_PDU_RESPONSE(ASN1_SEQUENCE):
39f7d24e3fSHanoh Haim    tag = ASN1_Class_SNMP.PDU_RESPONSE
40f7d24e3fSHanoh Haim
41f7d24e3fSHanoh Haimclass ASN1_SNMP_PDU_SET(ASN1_SEQUENCE):
42f7d24e3fSHanoh Haim    tag = ASN1_Class_SNMP.PDU_SET
43f7d24e3fSHanoh Haim
44f7d24e3fSHanoh Haimclass ASN1_SNMP_PDU_TRAPv1(ASN1_SEQUENCE):
45f7d24e3fSHanoh Haim    tag = ASN1_Class_SNMP.PDU_TRAPv1
46f7d24e3fSHanoh Haim
47f7d24e3fSHanoh Haimclass ASN1_SNMP_PDU_BULK(ASN1_SEQUENCE):
48f7d24e3fSHanoh Haim    tag = ASN1_Class_SNMP.PDU_BULK
49f7d24e3fSHanoh Haim
50f7d24e3fSHanoh Haimclass ASN1_SNMP_PDU_INFORM(ASN1_SEQUENCE):
51f7d24e3fSHanoh Haim    tag = ASN1_Class_SNMP.PDU_INFORM
52f7d24e3fSHanoh Haim
53f7d24e3fSHanoh Haimclass ASN1_SNMP_PDU_TRAPv2(ASN1_SEQUENCE):
54f7d24e3fSHanoh Haim    tag = ASN1_Class_SNMP.PDU_TRAPv2
55f7d24e3fSHanoh Haim
56f7d24e3fSHanoh Haim
57f7d24e3fSHanoh Haim######[ BER codecs ]#######
58f7d24e3fSHanoh Haim
59f7d24e3fSHanoh Haimclass BERcodec_SNMP_PDU_GET(BERcodec_SEQUENCE):
60f7d24e3fSHanoh Haim    tag = ASN1_Class_SNMP.PDU_GET
61f7d24e3fSHanoh Haim
62f7d24e3fSHanoh Haimclass BERcodec_SNMP_PDU_NEXT(BERcodec_SEQUENCE):
63f7d24e3fSHanoh Haim    tag = ASN1_Class_SNMP.PDU_NEXT
64f7d24e3fSHanoh Haim
65f7d24e3fSHanoh Haimclass BERcodec_SNMP_PDU_RESPONSE(BERcodec_SEQUENCE):
66f7d24e3fSHanoh Haim    tag = ASN1_Class_SNMP.PDU_RESPONSE
67f7d24e3fSHanoh Haim
68f7d24e3fSHanoh Haimclass BERcodec_SNMP_PDU_SET(BERcodec_SEQUENCE):
69f7d24e3fSHanoh Haim    tag = ASN1_Class_SNMP.PDU_SET
70f7d24e3fSHanoh Haim
71f7d24e3fSHanoh Haimclass BERcodec_SNMP_PDU_TRAPv1(BERcodec_SEQUENCE):
72f7d24e3fSHanoh Haim    tag = ASN1_Class_SNMP.PDU_TRAPv1
73f7d24e3fSHanoh Haim
74f7d24e3fSHanoh Haimclass BERcodec_SNMP_PDU_BULK(BERcodec_SEQUENCE):
75f7d24e3fSHanoh Haim    tag = ASN1_Class_SNMP.PDU_BULK
76f7d24e3fSHanoh Haim
77f7d24e3fSHanoh Haimclass BERcodec_SNMP_PDU_INFORM(BERcodec_SEQUENCE):
78f7d24e3fSHanoh Haim    tag = ASN1_Class_SNMP.PDU_INFORM
79f7d24e3fSHanoh Haim
80f7d24e3fSHanoh Haimclass BERcodec_SNMP_PDU_TRAPv2(BERcodec_SEQUENCE):
81f7d24e3fSHanoh Haim    tag = ASN1_Class_SNMP.PDU_TRAPv2
82f7d24e3fSHanoh Haim
83f7d24e3fSHanoh Haim
84f7d24e3fSHanoh Haim
85f7d24e3fSHanoh Haim######[ ASN1 fields ]######
86f7d24e3fSHanoh Haim
87f7d24e3fSHanoh Haimclass ASN1F_SNMP_PDU_GET(ASN1F_SEQUENCE):
88f7d24e3fSHanoh Haim    ASN1_tag = ASN1_Class_SNMP.PDU_GET
89f7d24e3fSHanoh Haim
90f7d24e3fSHanoh Haimclass ASN1F_SNMP_PDU_NEXT(ASN1F_SEQUENCE):
91f7d24e3fSHanoh Haim    ASN1_tag = ASN1_Class_SNMP.PDU_NEXT
92f7d24e3fSHanoh Haim
93f7d24e3fSHanoh Haimclass ASN1F_SNMP_PDU_RESPONSE(ASN1F_SEQUENCE):
94f7d24e3fSHanoh Haim    ASN1_tag = ASN1_Class_SNMP.PDU_RESPONSE
95f7d24e3fSHanoh Haim
96f7d24e3fSHanoh Haimclass ASN1F_SNMP_PDU_SET(ASN1F_SEQUENCE):
97f7d24e3fSHanoh Haim    ASN1_tag = ASN1_Class_SNMP.PDU_SET
98f7d24e3fSHanoh Haim
99f7d24e3fSHanoh Haimclass ASN1F_SNMP_PDU_TRAPv1(ASN1F_SEQUENCE):
100f7d24e3fSHanoh Haim    ASN1_tag = ASN1_Class_SNMP.PDU_TRAPv1
101f7d24e3fSHanoh Haim
102f7d24e3fSHanoh Haimclass ASN1F_SNMP_PDU_BULK(ASN1F_SEQUENCE):
103f7d24e3fSHanoh Haim    ASN1_tag = ASN1_Class_SNMP.PDU_BULK
104f7d24e3fSHanoh Haim
105f7d24e3fSHanoh Haimclass ASN1F_SNMP_PDU_INFORM(ASN1F_SEQUENCE):
106f7d24e3fSHanoh Haim    ASN1_tag = ASN1_Class_SNMP.PDU_INFORM
107f7d24e3fSHanoh Haim
108f7d24e3fSHanoh Haimclass ASN1F_SNMP_PDU_TRAPv2(ASN1F_SEQUENCE):
109f7d24e3fSHanoh Haim    ASN1_tag = ASN1_Class_SNMP.PDU_TRAPv2
110f7d24e3fSHanoh Haim
111f7d24e3fSHanoh Haim
112f7d24e3fSHanoh Haim
113f7d24e3fSHanoh Haim######[ SNMP Packet ]######
114f7d24e3fSHanoh Haim
115f7d24e3fSHanoh HaimSNMP_error = { 0: "no_error",
116f7d24e3fSHanoh Haim               1: "too_big",
117f7d24e3fSHanoh Haim               2: "no_such_name",
118f7d24e3fSHanoh Haim               3: "bad_value",
119f7d24e3fSHanoh Haim               4: "read_only",
120f7d24e3fSHanoh Haim               5: "generic_error",
121f7d24e3fSHanoh Haim               6: "no_access",
122f7d24e3fSHanoh Haim               7: "wrong_type",
123f7d24e3fSHanoh Haim               8: "wrong_length",
124f7d24e3fSHanoh Haim               9: "wrong_encoding",
125f7d24e3fSHanoh Haim              10: "wrong_value",
126f7d24e3fSHanoh Haim              11: "no_creation",
127f7d24e3fSHanoh Haim              12: "inconsistent_value",
128f7d24e3fSHanoh Haim              13: "ressource_unavailable",
129f7d24e3fSHanoh Haim              14: "commit_failed",
130f7d24e3fSHanoh Haim              15: "undo_failed",
131f7d24e3fSHanoh Haim              16: "authorization_error",
132f7d24e3fSHanoh Haim              17: "not_writable",
133f7d24e3fSHanoh Haim              18: "inconsistent_name",
134f7d24e3fSHanoh Haim               }
135f7d24e3fSHanoh Haim
136f7d24e3fSHanoh HaimSNMP_trap_types = { 0: "cold_start",
137f7d24e3fSHanoh Haim                    1: "warm_start",
138f7d24e3fSHanoh Haim                    2: "link_down",
139f7d24e3fSHanoh Haim                    3: "link_up",
140f7d24e3fSHanoh Haim                    4: "auth_failure",
141f7d24e3fSHanoh Haim                    5: "egp_neigh_loss",
142f7d24e3fSHanoh Haim                    6: "enterprise_specific",
143f7d24e3fSHanoh Haim                    }
144f7d24e3fSHanoh Haim
145f7d24e3fSHanoh Haimclass SNMPvarbind(ASN1_Packet):
146f7d24e3fSHanoh Haim    ASN1_codec = ASN1_Codecs.BER
147f7d24e3fSHanoh Haim    ASN1_root = ASN1F_SEQUENCE( ASN1F_OID("oid","1.3"),
148f7d24e3fSHanoh Haim                                ASN1F_field("value",ASN1_NULL(0))
149f7d24e3fSHanoh Haim                                )
150f7d24e3fSHanoh Haim
151f7d24e3fSHanoh Haim
152f7d24e3fSHanoh Haimclass SNMPget(ASN1_Packet):
153f7d24e3fSHanoh Haim    ASN1_codec = ASN1_Codecs.BER
154f7d24e3fSHanoh Haim    ASN1_root = ASN1F_SNMP_PDU_GET( ASN1F_INTEGER("id",0),
155f7d24e3fSHanoh Haim                                    ASN1F_enum_INTEGER("error",0, SNMP_error),
156f7d24e3fSHanoh Haim                                    ASN1F_INTEGER("error_index",0),
157f7d24e3fSHanoh Haim                                    ASN1F_SEQUENCE_OF("varbindlist", [], SNMPvarbind)
158f7d24e3fSHanoh Haim                                    )
159f7d24e3fSHanoh Haim
160f7d24e3fSHanoh Haimclass SNMPnext(ASN1_Packet):
161f7d24e3fSHanoh Haim    ASN1_codec = ASN1_Codecs.BER
162f7d24e3fSHanoh Haim    ASN1_root = ASN1F_SNMP_PDU_NEXT( ASN1F_INTEGER("id",0),
163f7d24e3fSHanoh Haim                                     ASN1F_enum_INTEGER("error",0, SNMP_error),
164f7d24e3fSHanoh Haim                                     ASN1F_INTEGER("error_index",0),
165f7d24e3fSHanoh Haim                                     ASN1F_SEQUENCE_OF("varbindlist", [], SNMPvarbind)
166f7d24e3fSHanoh Haim                                     )
167f7d24e3fSHanoh Haim
168f7d24e3fSHanoh Haimclass SNMPresponse(ASN1_Packet):
169f7d24e3fSHanoh Haim    ASN1_codec = ASN1_Codecs.BER
170f7d24e3fSHanoh Haim    ASN1_root = ASN1F_SNMP_PDU_RESPONSE( ASN1F_INTEGER("id",0),
171f7d24e3fSHanoh Haim                                         ASN1F_enum_INTEGER("error",0, SNMP_error),
172f7d24e3fSHanoh Haim                                         ASN1F_INTEGER("error_index",0),
173f7d24e3fSHanoh Haim                                         ASN1F_SEQUENCE_OF("varbindlist", [], SNMPvarbind)
174f7d24e3fSHanoh Haim                                         )
175f7d24e3fSHanoh Haim
176f7d24e3fSHanoh Haimclass SNMPset(ASN1_Packet):
177f7d24e3fSHanoh Haim    ASN1_codec = ASN1_Codecs.BER
178f7d24e3fSHanoh Haim    ASN1_root = ASN1F_SNMP_PDU_SET( ASN1F_INTEGER("id",0),
179f7d24e3fSHanoh Haim                                    ASN1F_enum_INTEGER("error",0, SNMP_error),
180f7d24e3fSHanoh Haim                                    ASN1F_INTEGER("error_index",0),
181f7d24e3fSHanoh Haim                                    ASN1F_SEQUENCE_OF("varbindlist", [], SNMPvarbind)
182f7d24e3fSHanoh Haim                                    )
183f7d24e3fSHanoh Haim
184f7d24e3fSHanoh Haimclass SNMPtrapv1(ASN1_Packet):
185f7d24e3fSHanoh Haim    ASN1_codec = ASN1_Codecs.BER
186f7d24e3fSHanoh Haim    ASN1_root = ASN1F_SNMP_PDU_TRAPv1( ASN1F_OID("enterprise", "1.3"),
187f7d24e3fSHanoh Haim                                       ASN1F_IPADDRESS("agent_addr","0.0.0.0"),
188f7d24e3fSHanoh Haim                                       ASN1F_enum_INTEGER("generic_trap", 0, SNMP_trap_types),
189f7d24e3fSHanoh Haim                                       ASN1F_INTEGER("specific_trap", 0),
190f7d24e3fSHanoh Haim                                       ASN1F_TIME_TICKS("time_stamp", IntAutoTime()),
191f7d24e3fSHanoh Haim                                       ASN1F_SEQUENCE_OF("varbindlist", [], SNMPvarbind)
192f7d24e3fSHanoh Haim                                       )
193f7d24e3fSHanoh Haim
194f7d24e3fSHanoh Haimclass SNMPbulk(ASN1_Packet):
195f7d24e3fSHanoh Haim    ASN1_codec = ASN1_Codecs.BER
196f7d24e3fSHanoh Haim    ASN1_root = ASN1F_SNMP_PDU_BULK( ASN1F_INTEGER("id",0),
197f7d24e3fSHanoh Haim                                     ASN1F_INTEGER("non_repeaters",0),
198f7d24e3fSHanoh Haim                                     ASN1F_INTEGER("max_repetitions",0),
199f7d24e3fSHanoh Haim                                     ASN1F_SEQUENCE_OF("varbindlist", [], SNMPvarbind)
200f7d24e3fSHanoh Haim                                     )
201f7d24e3fSHanoh Haim
202f7d24e3fSHanoh Haimclass SNMPinform(ASN1_Packet):
203f7d24e3fSHanoh Haim    ASN1_codec = ASN1_Codecs.BER
204f7d24e3fSHanoh Haim    ASN1_root = ASN1F_SNMP_PDU_INFORM( ASN1F_INTEGER("id",0),
205f7d24e3fSHanoh Haim                                       ASN1F_enum_INTEGER("error",0, SNMP_error),
206f7d24e3fSHanoh Haim                                       ASN1F_INTEGER("error_index",0),
207f7d24e3fSHanoh Haim                                       ASN1F_SEQUENCE_OF("varbindlist", [], SNMPvarbind)
208f7d24e3fSHanoh Haim                                       )
209f7d24e3fSHanoh Haim
210f7d24e3fSHanoh Haimclass SNMPtrapv2(ASN1_Packet):
211f7d24e3fSHanoh Haim    ASN1_codec = ASN1_Codecs.BER
212f7d24e3fSHanoh Haim    ASN1_root = ASN1F_SNMP_PDU_TRAPv2( ASN1F_INTEGER("id",0),
213f7d24e3fSHanoh Haim                                       ASN1F_enum_INTEGER("error",0, SNMP_error),
214f7d24e3fSHanoh Haim                                       ASN1F_INTEGER("error_index",0),
215f7d24e3fSHanoh Haim                                       ASN1F_SEQUENCE_OF("varbindlist", [], SNMPvarbind)
216f7d24e3fSHanoh Haim                                       )
217f7d24e3fSHanoh Haim
218f7d24e3fSHanoh Haim
219f7d24e3fSHanoh Haimclass SNMP(ASN1_Packet):
220f7d24e3fSHanoh Haim    ASN1_codec = ASN1_Codecs.BER
221f7d24e3fSHanoh Haim    ASN1_root = ASN1F_SEQUENCE(
222f7d24e3fSHanoh Haim        ASN1F_enum_INTEGER("version", 1, {0:"v1", 1:"v2c", 2:"v2", 3:"v3"}),
223f7d24e3fSHanoh Haim        ASN1F_STRING("community","public"),
224f7d24e3fSHanoh Haim        ASN1F_CHOICE("PDU", SNMPget(),
225f7d24e3fSHanoh Haim                     SNMPget, SNMPnext, SNMPresponse, SNMPset,
226f7d24e3fSHanoh Haim                     SNMPtrapv1, SNMPbulk, SNMPinform, SNMPtrapv2)
227f7d24e3fSHanoh Haim        )
228f7d24e3fSHanoh Haim    def answers(self, other):
229f7d24e3fSHanoh Haim        return ( isinstance(self.PDU, SNMPresponse)    and
230f7d24e3fSHanoh Haim                 ( isinstance(other.PDU, SNMPget) or
231f7d24e3fSHanoh Haim                   isinstance(other.PDU, SNMPnext) or
232f7d24e3fSHanoh Haim                   isinstance(other.PDU, SNMPset)    ) and
233f7d24e3fSHanoh Haim                 self.PDU.id == other.PDU.id )
234f7d24e3fSHanoh Haim
235f7d24e3fSHanoh Haimbind_layers( UDP,           SNMP,          sport=161)
236f7d24e3fSHanoh Haimbind_layers( UDP,           SNMP,          dport=161)
237f7d24e3fSHanoh Haimbind_layers( UDP,           SNMP,          sport=162)
238f7d24e3fSHanoh Haimbind_layers( UDP,           SNMP,          dport=162)
239f7d24e3fSHanoh Haim
240f7d24e3fSHanoh Haimdef snmpwalk(dst, oid="1", community="public"):
241f7d24e3fSHanoh Haim    try:
242f7d24e3fSHanoh Haim        while 1:
243f7d24e3fSHanoh Haim            r = sr1(IP(dst=dst)/UDP(sport=RandShort())/SNMP(community=community, PDU=SNMPnext(varbindlist=[SNMPvarbind(oid=oid)])),timeout=2, chainCC=1, verbose=0, retry=2)
244f7d24e3fSHanoh Haim            if ICMP in r:
245f7d24e3fSHanoh Haim                print repr(r)
246f7d24e3fSHanoh Haim                break
247f7d24e3fSHanoh Haim            if r is None:
248f7d24e3fSHanoh Haim                print "No answers"
249f7d24e3fSHanoh Haim                break
250f7d24e3fSHanoh Haim            print "%-40s: %r" % (r[SNMPvarbind].oid.val,r[SNMPvarbind].value)
251f7d24e3fSHanoh Haim            oid = r[SNMPvarbind].oid
252f7d24e3fSHanoh Haim
253f7d24e3fSHanoh Haim    except KeyboardInterrupt:
254f7d24e3fSHanoh Haim        pass
255f7d24e3fSHanoh Haim
256