On May 14, 2012, at 6:03 AM, Bruynooghe, Joost wrote:
> When decoding SNMP messages in wireshark (using version 1.4.8 in my case), all "Octet String" values appear as hex strings in the GUI rather then being shown as human-readable strings.
What happens if:
1) your version of Wireshark is built with libsmi:
$ ./tshark -v
TShark 1.7.2 (SVN Rev 42622 from /trunk)
Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GLib 2.29.8, with libpcap, with libz 1.2.3, without POSIX
capabilities, with SMI 0.4.8 ...
^^^^^^^^^^^^^^
2) OID resolution is enabled in the "Name Resolution" preferences;
3) the MIB entry for the variable binding in question has a SYNTAX of, for example, DisplayString?
At least for me, that causes the value to show up as a string, because the value is not put into the protocol tree as the "snmp.value.octets" file, but is put in as the "SNMPv2-MIB.sysDescr" field, which is given a type of FT_STRING as it's a DisplayString.