Wireshark · Ethereal-users: [Ethereal-users] RE: Viewing 64bit counters in an ethereal capture

Ethereal-users: [Ethereal-users] RE: Viewing 64bit counters in an ethereal capture

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Dhanak, Vipul (Vip)" <vip@xxxxxxxxxx>

Date: Wed, 28 Jun 2006 17:01:23 -0400

I installed Wireshark 0.99.1pre1 and tried opening my old packet capture.

The values there came up garbled such as follows :

    Object identifier 6: 1.3.6.1.2.1.31.1.1.1.6.86 (IF-MIB::ifHCInOctets.86)
    Value : 0x2578d9103013060b2b060102011f0101010756460400b87a543010060b2b060102011f01010108564601003010060b2b060102011f01010109564601003014060b2b060102011f0101010a564605787de4595c3014060b2b060102011f0101010b564605025130b2f33010060b2b060102011

However, I ran a new capture session using Wireshark and the 64bit results look fine now, and match what's returned by the snmp tool.  

    Object identifier 1: 1.3.6.1.2.1.31.1.1.1.6.86 (IF-MIB::ifHCInOctets.86)
    Value: 34461959

Thanks for your help! :)

Vip 

-----Original Message-----
From: ronnie sahlberg [mailto:ronniesahlberg@xxxxxxxxx] 
Sent: Wednesday, June 28, 2006 4:32 PM
To: Ethereal user support
Cc: vip@xxxxxxxxxx
Subject: Re: Viewing 64bit counters in an ethereal capture

please try the latest version of wireshark.

there has been fixes in wireshark for 64 bit integers/counters.



On 6/28/06, Dhanak, Vipul (Vip) <vip@xxxxxxxxxx> wrote:
> I'm currently using Ethereal 0.10.14 to try and  capture some SNMP traffic
> from a Cisco 7x00 switch for analysis.  I'm primarily interested in the
> stats reported in the ifXentry table (1.3.6.1.2.1.31.1.1.1) table which
> contains 64bit counters.
>
> The capture appears to happen as expected but the results I see in the
> output of the snmpget command is different than the value shown in Ethereal.
>  For example, during one of the polls the value shown from snmpget was
> (counter64) 2934035119 whereas Ethereal shows Value: Counter64:
> 15195617933287765935.
>
> Subsequent snmpget's of the counter show increasing values in my snmpget
> tool whereas the values seen within Ethereal don't seem to show this
> pattern, and often go down before going up during the next poll.
>
> Is this the expected behavior ?  i.e. do I need to do some conversion to the
> value shown in Ethereal in order to get the correct result ?  I've tried
> reverting back to older versions of Ethereal but the results remain the
> same.
>
> Any help with troubleshooting (or explaining this behavior) would be much
> appreciated.
>
> Regards.
>
> Vip.
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

Prev by Date: [Ethereal-users] Re: Viewing 64bit counters in an ethereal capture
Next by Date: Re: [Ethereal-users] More Problems with Ethereal Failing after Ubuntu Upgrade
Previous by thread: [Ethereal-users] Re: Viewing 64bit counters in an ethereal capture
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$