Wireshark-users: Re: [Wireshark-users] SNMP resolution problems

From: Joerg Mayer <jmayer@xxxxxxxxx>
Date: Thu, 10 Oct 2013 15:43:28 +0200
On Thu, Oct 10, 2013 at 08:07:36AM -0400, Evan Huus wrote:
> I don't know, sorry. We're releasing a development snapshot 1.11.0
> next week that has had some additional OID resolution improvements; I
> don't know if they're related to the issue you're seeing or not, but
> it will be worth trying.
> 
> If it still isn't fixed, please file a bug on our bugzilla and attach
> a capture of a few packets (and possibly the MIB) so we can reproduce.

Actually it looks to me that some Sub-MIB is missing that gets picked up
by the net-snmp tools but not by Wireshark.

Ciao
   Jörg

> On Wed, Oct 9, 2013 at 8:23 PM, Aaron Wasserott
> <aaron.wasserott@xxxxxxxxxxx> wrote:
> > Upgrading to latest version helped, although there still appears to be some flakiness. Hitting Apply didn't cause it to load the MIB but Ok did. But no more errors about SNMPv2-SMI so that's a big step forward.
> >
> > One thing I noticed is that it doesn't appear to properly format/convert return OIDs. For example if I run snmpwalk from a linux box I might see something like the following as the entire returned SNMP data:
> >
> > A10-AX-MIB::axServiceGroupMemberStatPktsIn."VIRTUAL-SERVER-NAME".tcp."PHYSICAL-SERVER-NAME".80 = Counter64: 22
> >
> > But Wireshark will just show a bunch of numbers after the ...StatPktsIn portion (like below). It's not converting from hex (?) to ASCII in a returned OID string when hitting an index value.
> >
> > A10-AX-MIB::axServiceGroupMemberStatPktsIn.18.109.121.118.15.97.119.101.115.116.46.99.211.109.45.72.84.82.80.2.38.52.41.51.55.49.45.105.110.116.110.97.110.101.116.57.46.118.105.97.119.101.115.116.46.99.111.114.112.58.109.121.1
> >
> > Can that be adjusted? I tried adjusting different settings, and tried decoding it as SNMP but no luck.
> >
> > Thanks again,
> >
> > -----Original Message-----
> > From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Evan Huus
> > Sent: Wednesday, October 09, 2013 4:41 PM
> > To: Community support list for Wireshark
> > Subject: Re: [Wireshark-users] SNMP resolution problems
> >
> > Wireshark 1.4 is quite old and has been unsupported for some time now.
> > I would suggest upgrading to a more recent version if at all possible.
> >
> > Evan
> >
> > On Wed, Oct 9, 2013 at 6:18 PM, Aaron Wasserott <aaron.wasserott@xxxxxxxxxxx> wrote:
> >> I am having trouble getting SNMP resolution to work. I enabled it and
> >> restarted wireshark and then get this error:
> >>
> >>
> >>
> >> Stopped processing module SNMPv2-SMI due to error(s) to prevent
> >> potential crash in libsmi.
> >>
> >> Module's conformance level: 1.
> >>
> >> See details at:
> >> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560325
> >>
> >>
> >>
> >> I noticed there are a few posts on the web about it, but no solutions.
> >> I am
> >> running:
> >>
> >>
> >> Wireshark Version 1.4.0 (SVN Rev 34005 from /trunk-1.4) Windows 7
> >> Enterprise, 64-bit
> >>
> >>
> >>
> >> I loaded that same SMI file into another SNMP browser and it opens it
> >> fine, and doesn't report any errors with it. I also tried re-pointing
> >> the MIB directory to the one used by net-snmp and loading the
> >> SNMPv2-SMI module from there in, but I get the same error. If I am
> >> reading the file right, it doesn't seem to import any other MIBs, so maybe it's a formatting thing?
> >>
> >>
> >>
> >> I did that via the GUI, although if I look under About Wireshark >
> >> Folders I see the pre-defined paths are still there as well as the new one I defined.
> >> So it seems like there is an issue with the included SMI file, and the
> >> GUI didn't properly remove the default MIB path, so it's still loading
> >> that one up and not the net-snmp file I tried to point it to.
> >>
> >>
> >>
> >> Anyone have any ideas?
> >>
> >>
> >> ___________________________________________________________________________
> >> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> >> Archives:    http://www.wireshark.org/lists/wireshark-users
> >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> >>
> >> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
> > ___________________________________________________________________________
> > Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> > Archives:    http://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> >              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
> > ___________________________________________________________________________
> > Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> > Archives:    http://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> >              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.