Wireshark-users: Re: [Wireshark-users] embed comments and notes into trace?

From: Sake Blok <sake@xxxxxxxxxx>
Date: Fri, 21 Nov 2008 00:16:55 +0100
On Thu, Nov 20, 2008 at 01:17:40PM -0500, Alan Jay Weiner wrote:
> 
> For during capture, there are setups where I want to log messages from
> several computers other than the one running Wireshark.

I used the following script to poll some snmp variables and put the
values in the ping payload. Then send the ping towards a host so that it
will pass the place you put your wireshark-system :-)

========== <script> ==========
#!/bin/bash

cnt=`snmpget -OQv -v 2c -c DCSML-ON 172.23.19.104 .1.3.6.1.4.1.1872.2.5.1.2.4.2.1.12.2`
cpu=`snmpget -OQv -v 2c -c DCSML-ON 172.23.19.104 .1.3.6.1.4.1.1872.2.5.1.2.2.2.0`
fdb=`snmpget -OQv -v 2c -c DCSML-ON 172.23.19.104 .1.3.6.1.4.1.1872.2.5.2.3.1.2.1.4.0.0.94.0.1.250`

str=`printf "[%07d|%03d|%02d]" $cnt $cpu $fdb`
hex=`echo -n $str | xxd -p`

ping -c1 -p $hex 172.23.108.2 >/tmp/monping.log
========== </script> ==========


Output in (wire|t)shark is like this:

66037 114.347414 60.289473 00:0e:62:f9:10:00 -> 00:0f:6a:ae:0c:1f
172.23.19.10 -> 172.23.108.2 98 ICMP Echo (ping) request

0000 00 0f 6a ae 0c 1f 00 0e 62 f9 10 00 08 00 45 00 ..j.....b.....E.
0010 00 54 00 00 40 00 3d 01 66 6e ac 17 13 0a ac 17 .T..@.=.fn......
0020 6c 02 08 00 48 8a 37 40 00 00 4d 32 3a 47 fc 74 [email protected]:G.t
0030 0b 00 7c 30 31 36 7c 30 33 5d 5b 30 30 30 31 39 ..|016|03][00019
0040 34 34 7c 30 31 36 7c 30 33 5d 5b 30 30 30 31 39 44|016|03][00019
0050 34 34 7c 30 31 36 7c 30 33 5d 5b 30 30 30 31 39 44|016|03][00019
0060 34 34 44

100632 174.638746 60.291332 00:0e:62:f9:10:00 -> 00:0f:6a:ae:0c:1f
172.23.19.10 -> 172.23.108.2 98 ICMP Echo (ping) request

0000 00 0f 6a ae 0c 1f 00 0e 62 f9 10 00 08 00 45 00 ..j.....b.....E.
0010 00 54 00 00 40 00 3d 01 66 6e ac 17 13 0a ac 17 .T..@.=.fn......
0020 6c 02 08 00 c0 72 49 40 00 00 8a 32 3a 47 3d 95 [email protected]:G=.
0030 00 00 7c 30 31 36 7c 30 33 5d 5b 30 30 30 31 39 ..|016|03][00019
0040 35 31 7c 30 31 36 7c 30 33 5d 5b 30 30 30 31 39 51|016|03][00019
0050 35 31 7c 30 31 36 7c 30 33 5d 5b 30 30 30 31 39 51|016|03][00019
0060 35 31 51


Maybe it's an idea :-)

Cheers,
    Sake