On Tue, Mar 05, 2002 at 08:22:45AM -0500, Simi A R wrote:
> This is GNU ethereal 0.9.2, compiled with GTK+ 1.2.8, with GLib 1.2.8,
> with libpcap 0.6, with libz 1.1.3, without SNMP
> ^^^^^^^^^^^^
> ethereal [ -vh ] [ -klpQS ] [ -a <capture autostop condition> ] ...
> [ -b <number of ringbuffer files> ] [ -B <byte view height> ]
> [ -c <count> ] [ -f <capture filter> ] [ -i <interface> ]
> [ -m <medium font> ] [ -n ] [ -N <resolving> ]
> [ -o <preference setting> ] ... [ -P <packet list height> ]
> [ -r <infile> ] [ -R <read filter> ] [ -s <snaplen> ]
> [ -t <time stamp format> ] [ -T <tree view height> ]
> [ -w <savefile> ] [ <infile> ]
>
> But the News for Ethereal 0.9.2 on www.ethereal.com says this version
> supports SNMP.
Well:
1) "without SNMP" means "not linked with an SNMP library to
read MIB files and use that information to report OIDs
symbolically and print variable bindings as per what the MIB
says", not "without support for SNMP at all";
2) if you have an SNMP library, you have to explicitly say
"--enable-snmp" to get it linked in, because there are some
buffer overflow vulnerabilities in the SNMP library code, as
well as some in Ethereal, that show up only when linked with
the SNMP library code, and they're not yet fixed as of 0.9.2,
so we temporarily made "link without the SNMP library" the
default.
> I tried enabling "SNMP" using the Edit -> Protocols Option of the GUI.
Umm, it's enabled by default - *all* protocols are enabled by default -
so, if you clicked on the "snmp" button, you probably *disabled* SNMP.
> Even then, the tool is not capturing SNMP data.
> Instead it is showing it as the data part (in hex format) of UDP packet.
You mean it's not *dissecting* SNMP data. It *is* capturing the data,
as you are seeing the UDP packets; it's just not dissecting it as SNMP.
If, as I suspect is the case, you disabled SNMP dissection, then it
*won't* dissect anything as SNMP. Try starting Ethereal again,
*without* doing anything with SNMP in the "Edit->Protocols" option, and
see what happens.