why can't display string when wireshark capture package?

aleon · 03-18-2009, 09:29 PM

when I capture snmp package,find the package of capture is OctetString,

1.3.6.1.2.1.1.1.0: 547572696E204E6574776F726B7320417878697573203830...
Object Name: 1.3.6.1.2.1.1.1.0 (iso.3.6.1.2.1.1.1.0)
Value (OctetString): 547572696E204E6574776F726B7320417878697573203830...

but I use ethereal(ver:0.10.14) do it, it can normal display the string,why the new version is not same as old version?

Value: STRING: "System in Alarm"
Object identifier 4: 1.3.6.1.6.3.1.1.4.3.0 (SNMPv2-MIB::snmpTrapEnterpri
se.0)
Value: OID: SNMPv2-SMI::enterprises.964.3.11

How do I solve the problem? please help me,thanks!

Environment:
OS: FC 9, 32bit
Tshark version: 1.0.6

paulsm4 · 03-18-2009, 10:50 PM

Hi -

A few things to look at:

1. Your version of the UCD SNMP library
http://wireshark.cs.pu.edu.tw/faq.html
<= See Q 5.3

2. Whether you've installed a version that's recent enough to have corrected SNMP trap decode bug #Bug 2253:
http://sourceforge.net/project/shown...0&group_id=255
<= You'll need wireshark-1.0.1 or higher

3. Check your Wireshark configuration:
http://hpux.connect.org.uk/hppd/hpux....1/readme.html

Quote:

SNMP
----
Wireshark can do some basic decoding of SNMP packets; it can also use
the libsmi library to do more sophisticated decoding, by reading MIB
files and using the information in those files to display OIDs and
variable binding values in a friendlier fashion. The configure script
will automatically determine whether you have the libsmi library on
your system. If you have the libsmi library but _do not_ want to have
Wireshark use it, you can run configure with the "--without-libsmi"
option.

'Hope that helps .. PSM

aleon · 03-24-2009, 12:20 AM

Thanks a lot for Paulsm4's help,

But I still not solve the problem now,

The version of net-snmp and wireshark is the most highest recently;
I re-install old ethereal version (0.11.14) on FC 9,it can decode the package,but it's abnormal when use tcl/tk script to execute command of tethereal;

aleon · 03-26-2009, 04:14 AM

[root@localhost ~]# tethereal -v
tethereal 0.10.14

Copyright 1998-2005 Gerald Combs <gerald@ethereal.com>.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.16.3, with libpcap 0.9.8, with libz 1.2.3, without libpcre,
without UCD-SNMP or Net-SNMP, without ADNS.
NOTE: this build doesn't support the "matches" operator for Ethereal filter
syntax.

Running with libpcap version 0.9.8 on Linux 2.6.25-14.fc9.i686.

found that Net-SNMP is not install when setup ethereal,I don't know whether this reason caused;

Who do know how to compile Net-SNMP package to ethereal? thanks