----- Original Message -----
Sent: Wednesday, July 22, 2009 11:10
PM
Subject: [Wireshark-users] e: filter SNMP
traps on enterprise
Hi,
Thanks for that!
I am stuck with tshark.exe (did
not know that was available till i read your post!) as only have access to
windows version.
I will try this in a vista command window tomorrow.
Can
I also do something equivalent inside wireshark GUI I
wonder?
BR
Tony
Date: Wed, 22 Jul 2009 19:55:57 +0200
From: j.snelders@xxxxxxxxxx
Subject: Re: [Wireshark-users] filter SNMP traps on enterprise
To: "Community support list for Wireshark"
<wireshark-users@xxxxxxxxxxxxx>
Message-ID: <4A542FF20000B5DD@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="US-ASCII"
Hi Tony,
Please see my previous post:
http://www.wireshark.org/lists/wireshark-users/200907/msg00175.html
You can also use:
$ tshark -r 20080512161200.pcap -R "snmp.name contains 1.3.6.1.4.1" -T fields
-e snmp.name | sort | uniq
1.3.6.1.4.1.6247.4.8.5.13.0
1.3.6.1.4.1.6247.4.9.2.1.16.2
1.3.6.1.4.1.6247.4.9.2.1.16.3
$ tshark -r 20080512161200.pcap -R "snmp.name contains 1.3.6.1.4.1.6247.4.9.2.1.7.2"
-T fields -e snmp.name | sort | uniq
1.3.6.1.4.1.6247.4.9.2.1.16.2
HTH
Joan
On Wed, 22 Jul 2009 16:13:17 +0100 Tony Barratt wrote:
Hello List,
I have just installed wireshark 1.2.1 on Windows and I want to use it to
analyze some SNMP traps collect on a linux box with tcpdump,
using tcpdump -nnvvXSs 1514 -i eth0 -C 15 udp and port 162 -w bert.cap.
If I understand correctly from using google this will allow for trap
analysis.
Have now loaded a 10 min capture file into wireshark, There are over 100
000 packets within.
I need to filter stuff out but the source is always the same because the
traps arrive via a trap forwarder.
One trap I am very interested in is demandNbrCallDetails or because I
dont have the mibs loaded 1.3.6.1.4.1.9.9.26.2.0.4.
Can someone please tell me if I can look inside the trap and filter on
say the enterprise ( 1.3.6.1.3.1.1.5 for example)
or the agent-addr (196.168.12.12 for example) ?
Thanks v much in advance
Tony
------------------------------
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users
End of Wireshark-users Digest, Vol 38, Issue 43
***********************************************
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
--
Tony Barratt
Senior Consultant
Mobile: +44 (0) 7795380202
http://www.mibtree.com
Mibtree holds the IBM AAA Tivoli Deployment accreditation which is the highest level of accreditation available to IBM Tivoli business partners.
This message may contain confidential, proprietary or legal privileged information and is intended only for the use of the addressee named above.
If you are not the intended recipient of this message you are hereby notified that you must not use, disseminate, copy it in any form or take any action in relience on it.
If you have received this message in error please delete it and any copies of it and notify MIBTREE LIMITED immediately.
Anyviews expressed in this message are those of the individual sender, except where the message specifically states otherwise and the sender is authorised to state them to be the views of MIBTREE LIMITED.
___________________________________________________________________________
Sent
via: Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives:
http://www.wireshark.org/lists/wireshark-users
Unsubscribe:
https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe