Wireshark-users: Re: [Wireshark-users] SNMP resolution problems

From: Evan Huus <eapache@xxxxxxxxx>
Date: Thu, 10 Oct 2013 08:07:36 -0400
I don't know, sorry. We're releasing a development snapshot 1.11.0
next week that has had some additional OID resolution improvements; I
don't know if they're related to the issue you're seeing or not, but
it will be worth trying.

If it still isn't fixed, please file a bug on our bugzilla and attach
a capture of a few packets (and possibly the MIB) so we can reproduce.

Evan

On Wed, Oct 9, 2013 at 8:23 PM, Aaron Wasserott
<aaron.wasserott@xxxxxxxxxxx> wrote:
> Upgrading to latest version helped, although there still appears to be some flakiness. Hitting Apply didn't cause it to load the MIB but Ok did. But no more errors about SNMPv2-SMI so that's a big step forward.
>
> One thing I noticed is that it doesn't appear to properly format/convert return OIDs. For example if I run snmpwalk from a linux box I might see something like the following as the entire returned SNMP data:
>
> A10-AX-MIB::axServiceGroupMemberStatPktsIn."VIRTUAL-SERVER-NAME".tcp."PHYSICAL-SERVER-NAME".80 = Counter64: 22
>
> But Wireshark will just show a bunch of numbers after the ...StatPktsIn portion (like below). It's not converting from hex (?) to ASCII in a returned OID string when hitting an index value.
>
> A10-AX-MIB::axServiceGroupMemberStatPktsIn.18.109.121.118.15.97.119.101.115.116.46.99.211.109.45.72.84.82.80.2.38.52.41.51.55.49.45.105.110.116.110.97.110.101.116.57.46.118.105.97.119.101.115.116.46.99.111.114.112.58.109.121.1
>
> Can that be adjusted? I tried adjusting different settings, and tried decoding it as SNMP but no luck.
>
> Thanks again,
>
> -----Original Message-----
> From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Evan Huus
> Sent: Wednesday, October 09, 2013 4:41 PM
> To: Community support list for Wireshark
> Subject: Re: [Wireshark-users] SNMP resolution problems
>
> Wireshark 1.4 is quite old and has been unsupported for some time now.
> I would suggest upgrading to a more recent version if at all possible.
>
> Evan
>
> On Wed, Oct 9, 2013 at 6:18 PM, Aaron Wasserott <aaron.wasserott@xxxxxxxxxxx> wrote:
>> I am having trouble getting SNMP resolution to work. I enabled it and
>> restarted wireshark and then get this error:
>>
>>
>>
>> Stopped processing module SNMPv2-SMI due to error(s) to prevent
>> potential crash in libsmi.
>>
>> Module's conformance level: 1.
>>
>> See details at:
>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560325
>>
>>
>>
>> I noticed there are a few posts on the web about it, but no solutions.
>> I am
>> running:
>>
>>
>> Wireshark Version 1.4.0 (SVN Rev 34005 from /trunk-1.4) Windows 7
>> Enterprise, 64-bit
>>
>>
>>
>> I loaded that same SMI file into another SNMP browser and it opens it
>> fine, and doesn't report any errors with it. I also tried re-pointing
>> the MIB directory to the one used by net-snmp and loading the
>> SNMPv2-SMI module from there in, but I get the same error. If I am
>> reading the file right, it doesn't seem to import any other MIBs, so maybe it's a formatting thing?
>>
>>
>>
>> I did that via the GUI, although if I look under About Wireshark >
>> Folders I see the pre-defined paths are still there as well as the new one I defined.
>> So it seems like there is an issue with the included SMI file, and the
>> GUI didn't properly remove the default MIB path, so it's still loading
>> that one up and not the net-snmp file I tried to point it to.
>>
>>
>>
>> Anyone have any ideas?
>>
>>
>> ___________________________________________________________________________
>> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>> Archives:    http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>
>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe