Wireshark-users: Re: [Wireshark-users] SNMP OID resolution not working
From: Anders Broman <anders.broman@xxxxxxxxxxxx>
Date: Wed, 12 Jun 2013 08:18:02 +0000
Try loading SNMPv2-MIB -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Crowe, Graham GP Sent: den 12 juni 2013 10:02 To: 'Community support list for Wireshark' Subject: Re: [Wireshark-users] SNMP OID resolution not working Anders, Thanks for the reply. Yes I have added the modules and path while working around the bug that I mentioned (see configuration file contents at the bottom of my post). I have tried going into the directory and addidng it, I have also tried selecting it from the parent directory. Neither of these helped. Thanks GC -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx]On Behalf Of Anders Broman Sent: Wednesday, 12 June 2013 5:52 PM To: Community support list for Wireshark Subject: Re: [Wireshark-users] SNMP OID resolution not working Hi, Have you added the mibs under Edit->preferences->Name resolution->SMI (MIB and PIB) modules? Changing the path was a bit "fiddly" you have to point to the dir not enter it I think. Regards Anders -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Crowe, Graham GP Sent: den 12 juni 2013 09:30 To: 'wireshark-users@xxxxxxxxxxxxx' Subject: [Wireshark-users] SNMP OID resolution not working I am trying to inspect SNMP packets but wireshark doesn't resolve the OID names at all. I am running Wireshark 1.10.0 (the current download on wireshark.org for 64bit Windows). The "about" screen says "with SMI 0.4.8". An example of how an OID appears is "1.3.6.1.2.1.43.5.1.1.2.1" All the help pages I have found when searching have as a starting point the OID in the form of "SNMPv2-SMI::enterprise....." but mine are only showing up as numbers without any text prefix. Nothing changes, and no errors are given when I right click on the OID and select "Resolve Name". Also, there appears to be a bug when specifying the MIB paths. If I try to specify "C:\Program Files\Wireshark\snmp\mibs" then it changes it to "C:\users\username". I have copied all my MIBs to c:\mibs as Wireshark will accept "C:\mibs" without changing it. I have also been through the MIBs I am interested in and added their dependencies (as well as the dependencies of the dependecies, and so on). It is possible that I have missed one, I guess. (I have not deleted any references to MIBs that were there after a default Wireshark install) I believe that the MIBs work, as I have managed to resolve the same OIDs on a linux box with snmpwalk. I have also played with the order of the MIBs, although I am unsure as to how this works as there appear to be some circular dependencies. I have run out of things to try to get these to resolve. Is there a setting somewhere that I have missed? Note that I am particularly interested in the Printer-MIB and the BROTHER-MIB. Thanks GC ---- Wireshark packet dissector output No. Time Size Source Destination Protocol Info 2 19:41:25.918602 87 192.168.128.15 192.168.131.53 SNMP get-response 1.3.6.1.2.1.43.5.1.1.2.1 Frame 2: 87 bytes on wire (696 bits), 87 bytes captured (696 bits) Ethernet II, Src: BrotherI_d9:e2:6a (00:1b:a9:d9:e2:6a), Dst: Netgear_76:a3:92 (00:18:4d:76:a3:92) Internet Protocol Version 4, Src: 192.168.128.15 (192.168.128.15), Dst: 192.168.131.53 (192.168.131.53) User Datagram Protocol, Src Port: snmp (161), Dst Port: 6a44 (1027) Simple Network Management Protocol version: version-1 (0) community: public data: get-response (2) get-response request-id: 201 error-status: noError (0) error-index: 0 variable-bindings: 1 item 1.3.6.1.2.1.43.5.1.1.2.1: Object Name: 1.3.6.1.2.1.43.5.1.1.2.1 (iso.3.6.1.2.1.43.5.1.1.2.1) Value (Integer32): 1 -- Contents of c:\Users\username\AppData\Roaming\Wireshark\smi_paths # This file is automatically generated, DO NOT MODIFY. "C:\x5cmibs" -- Contents of c:\Users\username\AppData\Roaming\Wireshark\smi_modules # This file is automatically generated, DO NOT MODIFY. "IP-MIB" "IF-MIB" "TCP-MIB" "UDP-MIB" "SNMPv2-MIB" "RFC1155-SMI" "RFC1158-MIB" "RFC-1212" "RFC1213-MIB" "IPV6-ICMP-MIB" "IPV6-MIB" "SNMP-COMMUNITY-MIB" "SNMP-FRAMEWORK-MIB" "SNMP-MPD-MIB" "SNMP-NOTIFICATION-MIB" "SNMP-PROXY-MIB" "SNMP-TARGET-MIB" "SNMP-USER-BASED-SM-MIB" "SNMP-USM-DH-OBJECTS-MIB" "SNMP-VIEW-BASED-ACM-MIB" "SNMPv2-SMI" "SNMPv2-CONF" "SNMPv2-TC" "HOST-RESOURCES-MIB" "IANA-PRINTER-MIB" "IANA-CHARSET-MIB" "Printer-MIB" "IPV6-TC" "BROTHER-MIB" "SNMPv2-MIB" "IANAifType-MIB" NOTICE - This message and any attached files may contain information that is confidential, legally privileged or proprietary. It is intended only for use by the intended recipient. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, be advised that you have received this message in error. Any dissemination, copying, use or re-transmission of this message or attachment, or the disclosure of any information therein, is strictly forbidden. BlueScope Steel Limited does not represent or guarantee that this message or attachment is free of errors, virus or interference. If you have received this message in error please notify the sender immediately and delete the message. Any views expressed in this email are not necessarily the views of BlueScope Steel Limited. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe NOTICE - This message and any attached files may contain information that is confidential, legally privileged or proprietary. It is intended only for use by the intended recipient. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, be advised that you have received this message in error. Any dissemination, copying, use or re-transmission of this message or attachment, or the disclosure of any information therein, is strictly forbidden. BlueScope Steel Limited does not represent or guarantee that this message or attachment is free of errors, virus or interference. If you have received this message in error please notify the sender immediately and delete the message. Any views expressed in this email are not necessarily the views of BlueScope Steel Limited. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
- References:
- Re: [Wireshark-users] SNMP OID resolution not working
- From: Anders Broman
- Re: [Wireshark-users] SNMP OID resolution not working
- From: Crowe, Graham GP
- Re: [Wireshark-users] SNMP OID resolution not working
- Prev by Date: Re: [Wireshark-users] Running tshark on large pcap files
- Next by Date: Re: [Wireshark-users] SNMP OID resolution not working
- Previous by thread: Re: [Wireshark-users] SNMP OID resolution not working
- Next by thread: Re: [Wireshark-users] SNMP OID resolution not working
- Index(es):