LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-18-2009, 10:29 PM   #1
aleon
LQ Newbie
 
Registered: Mar 2009
Posts: 3

Rep: Reputation: 0
Unhappy why can't display string when wireshark capture package?


when I capture snmp package,find the package of capture is OctetString,

1.3.6.1.2.1.1.1.0: 547572696E204E6574776F726B7320417878697573203830...
Object Name: 1.3.6.1.2.1.1.1.0 (iso.3.6.1.2.1.1.1.0)
Value (OctetString): 547572696E204E6574776F726B7320417878697573203830...

but I use ethereal(ver:0.10.14) do it, it can normal display the string,why the new version is not same as old version?

Value: STRING: "System in Alarm"
Object identifier 4: 1.3.6.1.6.3.1.1.4.3.0 (SNMPv2-MIB::snmpTrapEnterpri
se.0)
Value: OID: SNMPv2-SMI::enterprises.964.3.11

How do I solve the problem? please help me,thanks!

Environment:
OS: FC 9, 32bit
Tshark version: 1.0.6
 
Old 03-18-2009, 11:50 PM   #2
paulsm4
LQ Guru
 
Registered: Mar 2004
Distribution: SusE 8.2
Posts: 5,863
Blog Entries: 1

Rep: Reputation: Disabled
Hi -

A few things to look at:

1. Your version of the UCD SNMP library
http://wireshark.cs.pu.edu.tw/faq.html
<= See Q 5.3

2. Whether you've installed a version that's recent enough to have corrected SNMP trap decode bug #Bug 2253:
http://sourceforge.net/project/shown...0&group_id=255
<= You'll need wireshark-1.0.1 or higher

3. Check your Wireshark configuration:
http://hpux.connect.org.uk/hppd/hpux....1/readme.html
Quote:
SNMP
----
Wireshark can do some basic decoding of SNMP packets; it can also use
the libsmi library to do more sophisticated decoding, by reading MIB
files and using the information in those files to display OIDs and
variable binding values in a friendlier fashion. The configure script
will automatically determine whether you have the libsmi library on
your system. If you have the libsmi library but _do not_ want to have
Wireshark use it, you can run configure with the "--without-libsmi"
option.
'Hope that helps .. PSM

Last edited by paulsm4; 03-18-2009 at 11:53 PM.
 
Old 03-24-2009, 01:20 AM   #3
aleon
LQ Newbie
 
Registered: Mar 2009
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks a lot for Paulsm4's help,

But I still not solve the problem now,

The version of net-snmp and wireshark is the most highest recently;
I re-install old ethereal version (0.11.14) on FC 9,it can decode the package,but it's abnormal when use tcl/tk script to execute command of tethereal;
 
Old 03-26-2009, 05:14 AM   #4
aleon
LQ Newbie
 
Registered: Mar 2009
Posts: 3

Original Poster
Rep: Reputation: 0
[root@localhost ~]# tethereal -v
tethereal 0.10.14

Copyright 1998-2005 Gerald Combs <gerald@ethereal.com>.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.16.3, with libpcap 0.9.8, with libz 1.2.3, without libpcre,
without UCD-SNMP or Net-SNMP, without ADNS.
NOTE: this build doesn't support the "matches" operator for Ethereal filter
syntax.

Running with libpcap version 0.9.8 on Linux 2.6.25-14.fc9.i686.

found that Net-SNMP is not install when setup ethereal,I don't know whether this reason caused;

Who do know how to compile Net-SNMP package to ethereal? thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to get a packet capture using WireShark RN16 Linux - General 2 02-08-2009 01:21 PM
nmap SYN scan packets capture with wireshark adityaj123 Linux - Security 5 02-13-2008 11:14 AM
How to capture packets using wireshark exl75 Linux - General 24 07-21-2007 03:10 AM
Want to know method wireshark or tcpdump to capture packet? haxpor Programming 1 04-12-2007 02:08 AM
Is there any way to display the full name of package via dpkg -l <package pattern> ? davidas Debian 4 04-07-2004 11:00 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration