Hi, I am troubleshooting an issue with a vendor of ours. We are using an SNMP tool to scan our network and keep running into failures. I used wireshark to determine that the snmp string sent out over the wire is incorrect.
I am typing my SNMP string into a webserver which then takes that string and attempts to query the device. When I see the community string in wireshark, I notice that the "#" is now missing from my string and replaced with "%23"
The vendor has told us this is just wireshark displaying the # as the hex value. This does not make sense to me as I am asking myself, why wouldn't wireshark convert the rest of that value to hex? Can anyone help me validate or correct what this vendor has told me?
asked 11 Dec '15, 15:11
Many text-based protocols (not sure that it is the case of SNMP, but I am sure about SIP and I am almost sure about HTTP) use escaping of special characters in address (uri, url) strings because these characters have a special meaning for the text-based protocol itself.
I can imagine that Wireshark would translate (unescape)
Luckily, there is the packet bytes pane below the dissection pane, so click at the string value in the dissection pane and see the corresponding bytes highlighted in the packed bytes pane. If you find there, in the ASCII (rightmost) part, the
My own guess is that your browser translates the
If you can use plain http rather than https to access the web interface, capture also the http communication and look into it, you should see whether your browser sends
if you've filled one of the fields with
If they are using POST instead of GET, the parameters are part of the body rather than the url but the same encoding rules are intentionally applied.
answered 12 Dec '15, 02:22
edited 12 Dec '15, 04:13