Wireshark-users: Re: [Wireshark-users] SNMP OID resolution not working

From: Anders Broman <anders.broman@xxxxxxxxxxxx>
Date: Wed, 12 Jun 2013 08:18:02 +0000
Try loading 
SNMPv2-MIB


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Crowe, Graham GP
Sent: den 12 juni 2013 10:02
To: 'Community support list for Wireshark'
Subject: Re: [Wireshark-users] SNMP OID resolution not working


Anders,
        Thanks for the reply. Yes I have added the modules and path while working around the bug that I mentioned (see configuration file contents at the bottom of my post).

I have tried going into the directory and addidng it, I have also tried selecting it from the parent directory. Neither of these helped.


Thanks

GC

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx]On Behalf Of Anders Broman
Sent: Wednesday, 12 June 2013 5:52 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] SNMP OID resolution not working


Hi,
Have you added the mibs under Edit->preferences->Name resolution->SMI (MIB and PIB) modules?
Changing the path was a bit "fiddly" you have to point to the dir not enter it I think.
Regards
Anders

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Crowe, Graham GP
Sent: den 12 juni 2013 09:30
To: 'wireshark-users@xxxxxxxxxxxxx'
Subject: [Wireshark-users] SNMP OID resolution not working


I am trying to inspect SNMP packets but wireshark doesn't resolve the OID names at all.

I am running Wireshark 1.10.0 (the current download on wireshark.org for 64bit Windows). The "about" screen says "with SMI 0.4.8".

An example of how an OID appears is "1.3.6.1.2.1.43.5.1.1.2.1"
All the help pages I have found when searching have as a starting point the OID in the form of "SNMPv2-SMI::enterprise....." but mine are only showing up as numbers without any text prefix.

Nothing changes, and no errors are given when I right click on the OID and select "Resolve Name".

Also, there appears to be a bug when specifying the MIB paths. If I try to specify "C:\Program Files\Wireshark\snmp\mibs" then it changes it to "C:\users\username". I have copied all my MIBs to c:\mibs as Wireshark will accept "C:\mibs" without changing it.

I have also been through the MIBs I am interested in and added their dependencies (as well as the dependencies of the dependecies, and so on). It is possible that I have missed one, I guess. (I have not deleted any references to MIBs that were there after a default Wireshark install)

I believe that the MIBs work, as I have managed to resolve the same OIDs on a linux box with snmpwalk.

I have also played with the order of the MIBs, although I am unsure as to how this works as there appear to be some circular dependencies.

I have run out of things to try to get these to resolve. Is there a setting somewhere that I have missed?

Note that I am particularly interested in the Printer-MIB and the BROTHER-MIB.


Thanks

GC




---- Wireshark packet dissector output

No.     Time            Size  Source                Destination           Protocol Info
      2 19:41:25.918602 87    192.168.128.15        192.168.131.53        SNMP     get-response 1.3.6.1.2.1.43.5.1.1.2.1

Frame 2: 87 bytes on wire (696 bits), 87 bytes captured (696 bits) Ethernet II, Src: BrotherI_d9:e2:6a (00:1b:a9:d9:e2:6a), Dst: Netgear_76:a3:92 (00:18:4d:76:a3:92) Internet Protocol Version 4, Src: 192.168.128.15 (192.168.128.15), Dst: 192.168.131.53 (192.168.131.53) User Datagram Protocol, Src Port: snmp (161), Dst Port: 6a44 (1027) Simple Network Management Protocol
    version: version-1 (0)
    community: public
    data: get-response (2)
        get-response
            request-id: 201
            error-status: noError (0)
            error-index: 0
            variable-bindings: 1 item
                1.3.6.1.2.1.43.5.1.1.2.1:
                    Object Name: 1.3.6.1.2.1.43.5.1.1.2.1 (iso.3.6.1.2.1.43.5.1.1.2.1)
                    Value (Integer32): 1



-- Contents of c:\Users\username\AppData\Roaming\Wireshark\smi_paths

# This file is automatically generated, DO NOT MODIFY.
"C:\x5cmibs"



-- Contents of c:\Users\username\AppData\Roaming\Wireshark\smi_modules

# This file is automatically generated, DO NOT MODIFY.
"IP-MIB"
"IF-MIB"
"TCP-MIB"
"UDP-MIB"
"SNMPv2-MIB"
"RFC1155-SMI"
"RFC1158-MIB"
"RFC-1212"
"RFC1213-MIB"
"IPV6-ICMP-MIB"
"IPV6-MIB"
"SNMP-COMMUNITY-MIB"
"SNMP-FRAMEWORK-MIB"
"SNMP-MPD-MIB"
"SNMP-NOTIFICATION-MIB"
"SNMP-PROXY-MIB"
"SNMP-TARGET-MIB"
"SNMP-USER-BASED-SM-MIB"
"SNMP-USM-DH-OBJECTS-MIB"
"SNMP-VIEW-BASED-ACM-MIB"
"SNMPv2-SMI"
"SNMPv2-CONF"
"SNMPv2-TC"
"HOST-RESOURCES-MIB"
"IANA-PRINTER-MIB"
"IANA-CHARSET-MIB"
"Printer-MIB"
"IPV6-TC"
"BROTHER-MIB"
"SNMPv2-MIB"
"IANAifType-MIB"




NOTICE - This message and any attached files may contain information that is confidential, legally privileged or proprietary. It is intended only for use by the intended recipient. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, be advised that you have received this message in error. Any dissemination, copying, use or re-transmission of this message or attachment, or the disclosure of any information therein, is strictly forbidden. BlueScope Steel Limited does not represent or guarantee that this message or attachment is free of errors, virus or interference.

If you have received this message in error please notify the sender immediately and delete the message. Any views expressed in this email are not necessarily the views of BlueScope Steel Limited.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe



NOTICE - This message and any attached files may contain information that is confidential, legally privileged or proprietary. It is intended only for use by the intended recipient. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, be advised that you have received this message in error. Any dissemination, copying, use or re-transmission of this message or attachment, or the disclosure of any information therein, is strictly forbidden. BlueScope Steel Limited does not represent or guarantee that this message or attachment is free of errors, virus or interference.

If you have received this message in error please notify the sender immediately and delete the message. Any views expressed in this email are not necessarily the views of BlueScope Steel Limited.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe