Wireshark-users: Re: [Wireshark-users] V1.0.0pre1 & MIB Files

From: Andrew Hood <ajhood@xxxxxxxxx>
Date: Sat, 22 Mar 2008 10:34:12 +1100
Keith French wrote:
> Jaap,
> 
> Thanks for that. Just to check I am doing things correctly though, as I
> cannot get it to work. I have copied the MIBS into the
> 
> program files\Wireshark\snmp\mibs
> 
> folder and they are the same MIBs that I had working in an earlier
> versions. An example of one MIB name is:-
> 
> IC-GENERAL-MIB
> 
> Then in the bottom button for the MIBs to load I have entered the same
> name exactly.
> 
> However, when I do this and restart Wireshark, it crashes as it starts
> to load. If I uninstall & reinstall Wireshark (or just delete the MIB
> from the above folder), when it next runs a dialog comes up to tell me
> it fails to load as it says it can't find my MIBs. Of course
> uninstalling Wireshark removes the MIB so it would say that.

Have you read through the MIB and made sure all other MIBs referenced in
IMPORTS clauses are also in the directory? And recursively done the same
for them?

Download
ftp://ftp.ibr.cs.tu-bs.de/pub/local/libsmi/WIN32/libsmi-0.4.6.zip and
unpack in c:\ (The location is not easy to change. Read
ftp://ftp.ibr.cs.tu-bs.de/pub/local/libsmi/WIN32/README for the story.
If you want to put it elsewhere you'd do better to start from the
source. Or read up on the ".smirc" config file.)

smilint \full\path\to\IC-GENERAL-MIB

See what it complains about.

smidump -f imports \full\path\to\IC-GENERAL-MIB

See what it depends on.

> In the previous versions I had to copy the MIB into the MIBs folder with
> a ".txt" extension (IC-GENERAL-MIB.txt) and list it just as
> IC-GENERAL-MIB in the MIBs to load.
> 
> I have tried this as well & Wireshark still crashes. I have attached
> screenshots of the crash. If you think this is a bug, I'll raise it on
> bugzilla.

libsmi is much more picky when it comes to parsing MIBs than NetSNMP.
NetSMNP will just give up on OIDs within a MIB if it can not find all
the prerequisites. libsmi will cause Wireshark to crash. Whether this is
entirely libsmi's fault, or Wireshark is not checking that the MIBs have
loaded correctly I don't know.

I would suggest that at least smilint and smidump from the libsmi suite,
and a ".smirc" suitably editted by the installer, be included with
Wireshark distributions so the users can work out which MIBs will crash
Wireshark. People who build Wireshark on non-Windows platforms will
already have access to all the libsmi tools.

The OpenNMS community run into the same issues with their tool
"mib2opennms" which is also based on libsmi, and crashes in pretty much
the same way.

-- 
There's no point in being grown up if you can't be childish sometimes.
                -- Dr. Who