Hello List,
I have just installed wireshark 1.2.1 on Windows and I want to use it to
analyze some SNMP traps collect on a linux box with tcpdump,
using tcpdump -nnvvXSs 1514 -i eth0 -C 15 udp and port 162 -w bert.cap.
If I understand correctly from using google this will allow for trap
analysis.
Have now loaded a 10 min capture file into wireshark, There are over 100
000 packets within.
I need to filter stuff out but the source is always the same because the
traps arrive via a trap forwarder.
One trap I am very interested in is demandNbrCallDetails or because I
dont have the mibs loaded 1.3.6.1.4.1.9.9.26.2.0.4.
Can someone please tell me if I can look inside the trap and filter on
say the enterprise ( 1.3.6.1.3.1.1.5 for example)
or the agent-addr (196.168.12.12 for example) ?
Thanks v much in advance
Tony