On Wednesday 07 Jul 2004 6:49 pm, Tiago Fioreze wrote:
> Hi everyone!
>
> I'm capturing SNMP packets in my network and I would like to filter
> only SET requests and its RESPONSES to see the bandwidth consumption.
> In my capture there are both SET and GET requests and their
> RESPONSES.
> I thought to build a filter like that:
>
> (SET requests || RESPONSES) && SET.REQUEST_ID == RESPONSE.REQUEST_ID
>
> but I haven't had success.
>
> Could anybody help me?
>
> Ps.: Is there some way of I select specific packets in the
> ethereal's graphical interface and apply a filter in these packets?
Two birds with one stone:
Find a SET request, open it in the detail pane.
Right click the pdu type, Prepare -> Selected
Find a RESPONSE to a SET
Right click the pdu type, Prepare -> Or Selected
Click in the filter box, hit Enter
However, I don't use SNMP and don't have an example handy, but I suspect
that this wont work. SNMP doesn't seem to differentiate between
RESPONSE types - as you implied it didn't. So the most you can do is to
display SETs and RESPONSEs. For what it's worth that filter appears to
be:
(snmp.pdutype == 0) || (snmp.pdutype == 2)
It is not possible to do the matching of response ids, since the display
filter does not save any context between packets.
It probably wouldn't be impossible to alter the SNMP dissector to keep
track of IDs and add a field snmp.replytopdutype, but it isn't there at
the moment, (at least in version 0.10.4).
--
Richard Urwin
