Wireshark-users: [Wireshark-users] Decoding SNMP OIDs using tshark
I am debugging an SNMP trap problem using tshark (TShark 1.6.6 (SVN Rev Unknown from unknown)) on a Linux platform (OpenSuSE 12.1). (The target platform does not support the wireshark GUI.) OIDs in PDUs are shown in numerical format even
though I have MIBs installed in /usr/share/snmp/mibs with a link to that in /usr/local/share/mibs. I tried -V. There doesn't appear to be a tshark verbose or debugging option except for some memory debugging options. I have checked the man page and find nothing
on SNMP or MIBs. I tried strace and I found a file /usr/share/wireshark/oid file but when I put the MIB directory there, I get a flex error, and a google search for what this mysterious file means turns up nothing. I can copy and paste the OIDs into an snmptranslate
command and it correctly translates them. I tried creating a ~/.wireshark directory with smi_modules and smi_paths ("/usr/share/snmp/mibs"). I did a tshark -G currentprefs to see if there was a relevant preference but there doesn’t seem to be. I have googled
this issue but I get way too much chaff to make any progress. I checked unix.stackexchange.com, superuser.com, and stackoverflow.com. Example invocation: tshark -R "snmp && ip.dst==<nms_ip>" -i eth0 Running as user "root" and group "root". This could be dangerous. Capturing on eth0 4.675952 <agent_ip> -> <nms_ip> SNMP 115 sNMPv2-Trap 1.3.6.1.2.1.1.3.0 1.3.6.1.6.3.1.1.4.1.0 # more .wireshark/preferences name_resolve: mtC name_resolve_load_smi_modules: TRUE snmp.display_oid: TRUE snmp.desegment: TRUE snmp.var_in_tree: TRUE I tried without this preferences file as well. How do I get the OIDs to be displayed in symbolic format, e.g. sysUpTimeInstance and snmpTrapOID.0? Thanks for any help! |
BEGIN:VCARD VERSION:2.1 X-MS-SIGNATURE:YES N;LANGUAGE=en-us:Ewanco;Eric;J FN:Eric J Ewanco ORG:GENBAND;2022 Product Session & Security TITLE:Senior Designer TEL;WORK;VOICE:+1 (978) 947-3412 TEL;CELL;VOICE:+1 (508) 410-0470 X-MS-TEL;VOICE;COMPANY:62-73412 ADR;WORK;PREF:;;3 Federal St;Billerica;MA;01821;United States of America LABEL;WORK;PREF;ENCODING=QUOTED-PRINTABLE:3 Federal St=0D=0A= Billerica MA 01821 X-MS-OL-DEFAULT-POSTAL-ADDRESS:2 URL;WORK:www.genband.com EMAIL;PREF;INTERNET:Eric.Ewanco@xxxxxxxxxxx X-MS-IMADDRESS:eric.ewanco@xxxxxxxxx X-MS-CARDPICTURE;TYPE=JPEG;ENCODING=BASE64: /9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAcFBQYFBAcGBQYIBwcIChELCgkJChUPEAwRGBUa GRgVGBcbHichGx0lHRcYIi4iJSgpKywrGiAvMy8qMicqKyr/2wBDAQcICAoJChQLCxQqHBgc KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKir/wAAR CAAjAB0DASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAA AgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkK FhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWG h4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl 5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREA AgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYk NOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOE hYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk 5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD1rxH4j1S61o+HfCiKb4KGuLl+Ut1P9f8A P0zv+FX2c483xFrl5dXB6sZQoz7ZzWXo+q3trokEWhoJNf8AEE0lw8jjIhTew3H2GDj8fpWw vwx0+VRceJdWur28f7zvNtGfQZyf1rh/i6tc3zsl/wAE+m/3P3Iz5Ol0rybWjfkr3tqQy+Ed e8LL9t8J6tLeRpy9jcncHX/Z7Z+mD7113hnxFb+JdIW7hXypFYxzQt1jcdQa5G58L6p4MjOp +FL+a8tIvmn0+dtwZe5XHGce2fr0rntW8Tvo+tPqegBUt9Zt47l0borgsp/HIOfelz+y6WXb f5oTw7xyspKUukrWfmpL01T8joLmFvC+v6gdOt/MuXht7XTgw4BkeQn8AVJP0rUt/htp92v2 jxJPcareyDMkkkzKAfRQpGBWh4uspprO0vLdSZbK5WZtjbTtwVJBwegYnoRwatW+o3CQgPNE xI/5boY2/MZVvqvFaqmlJpq66djiliq0qanTdpPRtb6Jde3X1ZzdxpVx4Cljv9LupptFZ1ju 7OZ93khjjzEPsSMj/IPDfhCx1CwuGvoMxxXk8duCOiCQ/wBc1a8Si+1awGnJIZPtjiILEhjQ AnkljktgZPGB6+ldjFGIYlRFAAFONOLk1bRCq4qrToqXN77erW9ltfz1ZKRxXM6/PJpEaf2c 5hDnlRyOvYHIH4UUVrP4WcGHV5pM1tNgjMYuSu6Z1GXYknHoPQew4rQooq1sZ1fjZ//Z X-MS-OL-DESIGN;CHARSET=utf-8:<card xmlns="http://schemas.microsoft.com/office/outlook/12/electronicbusinesscards" ver="1.0" layout="left" bgcolor="ffffff"><img xmlns="" align="tleft" area="15" use="cardpicture"/><fld xmlns="" prop="name" align="left" dir="ltr" style="b" color="000000" size="10"/><fld xmlns="" prop="title" align="left" dir="ltr" color="000000" size="8"/><fld xmlns="" prop="blank" size="8"/><fld xmlns="" prop="org" align="left" dir="ltr" color="000000" size="8"/><fld xmlns="" prop="telwork" align="left" dir="ltr" color="000000" size="8"><label align="left" color="626262">office </label></fld><fld xmlns="" prop="telorg" align="left" dir="ltr" color="000000" size="8"><label align="left" color="626262">a2 </label></fld><fld xmlns="" prop="telcell" align="left" dir="ltr" color="000000" size="8"><label align="left" color="626262">mobile</label></fld><fld xmlns="" prop="email" align="left" dir="ltr" color="000000" size="8"><label align="left" color="626262">email </label></fld><fld xmlns="" prop="im" align="left" dir="ltr" color="000000" size="8"><label align="left" color="626262">talk </label></fld><fld xmlns="" prop="addrwork" align="left" dir="ltr" color="000000" size="8"/><fld xmlns="" prop="webwork" align="left" dir="ltr" color="000000" size="8"/><fld xmlns="" prop="dept" align="left" dir="ltr" color="000000" size="8"/><fld xmlns="" prop="blank" size="8"/><fld xmlns="" prop="blank" size="8"/><fld xmlns="" prop="blank" size="8"/><fld xmlns="" prop="blank" size="8"/></card> REV:20110809T170626Z END:VCARD
- Prev by Date: [Wireshark-users] TCP streams and FW-1
- Next by Date: Re: [Wireshark-users] Decoding SNMP OIDs using tshark
- Previous by thread: [Wireshark-users] TCP streams and FW-1
- Next by thread: Re: [Wireshark-users] Decoding SNMP OIDs using tshark
- Index(es):