Home page logo
/

wireshark logo Wireshark mailing list archives

SNMP OID resolution not working
From: "Crowe, Graham GP" <Graham.Crowe () bluescopesteel com>
Date: Wed, 12 Jun 2013 17:30:16 +1000


I am trying to inspect SNMP packets but wireshark doesn't resolve the OID names at all.

I am running Wireshark 1.10.0 (the current download on wireshark.org for 64bit Windows). The "about" screen says "with 
SMI 0.4.8".

An example of how an OID appears is "1.3.6.1.2.1.43.5.1.1.2.1"
All the help pages I have found when searching have as a starting point the OID in the form of 
"SNMPv2-SMI::enterprise....." but mine are only showing up as numbers without any text prefix.

Nothing changes, and no errors are given when I right click on the OID and select "Resolve Name".

Also, there appears to be a bug when specifying the MIB paths. If I try to specify "C:\Program 
Files\Wireshark\snmp\mibs" then it changes it to "C:\users\username". I have copied all my MIBs to c:\mibs as Wireshark 
will accept "C:\mibs" without changing it.

I have also been through the MIBs I am interested in and added their dependencies (as well as the dependencies of the 
dependecies, and so on). It is possible that I have missed one, I guess. (I have not deleted any references to MIBs 
that were there after a default Wireshark install)

I believe that the MIBs work, as I have managed to resolve the same OIDs on a linux box with snmpwalk.

I have also played with the order of the MIBs, although I am unsure as to how this works as there appear to be some 
circular dependencies.

I have run out of things to try to get these to resolve. Is there a setting somewhere that I have missed?

Note that I am particularly interested in the Printer-MIB and the BROTHER-MIB.


Thanks

GC




---- Wireshark packet dissector output

No.     Time            Size  Source                Destination           Protocol Info
      2 19:41:25.918602 87    192.168.128.15        192.168.131.53        SNMP     get-response 1.3.6.1.2.1.43.5.1.1.2.1

Frame 2: 87 bytes on wire (696 bits), 87 bytes captured (696 bits)
Ethernet II, Src: BrotherI_d9:e2:6a (00:1b:a9:d9:e2:6a), Dst: Netgear_76:a3:92 (00:18:4d:76:a3:92)
Internet Protocol Version 4, Src: 192.168.128.15 (192.168.128.15), Dst: 192.168.131.53 (192.168.131.53)
User Datagram Protocol, Src Port: snmp (161), Dst Port: 6a44 (1027)
Simple Network Management Protocol
    version: version-1 (0)
    community: public
    data: get-response (2)
        get-response
            request-id: 201
            error-status: noError (0)
            error-index: 0
            variable-bindings: 1 item
                1.3.6.1.2.1.43.5.1.1.2.1:
                    Object Name: 1.3.6.1.2.1.43.5.1.1.2.1 (iso.3.6.1.2.1.43.5.1.1.2.1)
                    Value (Integer32): 1



-- Contents of c:\Users\username\AppData\Roaming\Wireshark\smi_paths

# This file is automatically generated, DO NOT MODIFY.
"C:\x5cmibs"



-- Contents of c:\Users\username\AppData\Roaming\Wireshark\smi_modules

# This file is automatically generated, DO NOT MODIFY.
"IP-MIB"
"IF-MIB"
"TCP-MIB"
"UDP-MIB"
"SNMPv2-MIB"
"RFC1155-SMI"
"RFC1158-MIB"
"RFC-1212"
"RFC1213-MIB"
"IPV6-ICMP-MIB"
"IPV6-MIB"
"SNMP-COMMUNITY-MIB"
"SNMP-FRAMEWORK-MIB"
"SNMP-MPD-MIB"
"SNMP-NOTIFICATION-MIB"
"SNMP-PROXY-MIB"
"SNMP-TARGET-MIB"
"SNMP-USER-BASED-SM-MIB"
"SNMP-USM-DH-OBJECTS-MIB"
"SNMP-VIEW-BASED-ACM-MIB"
"SNMPv2-SMI"
"SNMPv2-CONF"
"SNMPv2-TC"
"HOST-RESOURCES-MIB"
"IANA-PRINTER-MIB"
"IANA-CHARSET-MIB"
"Printer-MIB"
"IPV6-TC"
"BROTHER-MIB"
"SNMPv2-MIB"
"IANAifType-MIB"




NOTICE - This message and any attached files may contain information that is confidential, legally privileged or 
proprietary. It is intended only for use by the intended recipient. If you are not the intended recipient or the person 
responsible for delivering the message to the intended recipient, be advised that you have received this message in 
error. Any dissemination, copying, use or re-transmission of this message or attachment, or the disclosure of any 
information therein, is strictly forbidden. BlueScope Steel Limited does not represent or guarantee that this message 
or attachment is free of errors, virus or interference.

If you have received this message in error please notify the sender immediately and delete the message. Any views 
expressed in this email are not necessarily the views of BlueScope Steel Limited.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault