Hello,
I am trying to process the output of tshark so that it displays the SNMP
fields that I need and only them.
If I use
$ tshark -V -R snmp -r myfile.pcap
then I get far too much information, but I also realize that quite a
number of PDUs have multiple OIDs in them.
However, when I start filtering with for instance this:
$ tshark -R snmp -r myfile.pcap -Tfields -e frame.number -e snmp.name
I am only seeing the last OID of each packet.
Example:
********************************************************************
Frame 7 (98 bytes on wire, 98 bytes captured)
Arrival Time: Apr 7, 2009 08:53:36.756714000
[...]
Simple Network Management Protocol
version: v2c (1)
community: mycommunity
data: get-request (0)
get-request
request-id: 0
error-status: noError (0)
error-index: 0
variable-bindings: 2 items
1.3.6.1.2.1.1.4.0: Value (Null)
Object Name: 1.3.6.1.2.1.1.4.0 (iso.3.6.1.2.1.1.4.0)
Value (Null)
1.3.6.1.2.1.11.4.0: Value (Null)
Object Name: 1.3.6.1.2.1.11.4.0
(iso.3.6.1.2.1.11.4.0)
Value (Null)
********************************************************************
vs.
********************************************************************
7 1.3.6.1.2.1.11.4.0
********************************************************************
I have tried many of the snmp.* fields, none of them gave me the full
list of OIDs that are present in the PDU. Is it a lost cause?
Regards,
Guillaume T