This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Exporting SNMP OID values from wireshark capture?

0

I am trying to figure out how I can export the SNMP OID values that wireshark picked up. My issue is that when I export the raw data it is all together and not seperated.

All I want to to is get only the actual SNMP values it is sending back. When I open up the packet in wireshark I can see it neatly presented.

Can anyone offer any assistance?

Also could you help me do the same with tshark, the command line for wireshark?

EDIT: As you can see it is sending the values back in hex, this is exactly what I am looking for. I want to export each individual value to a text file.

asked 25 Mar '14, 01:06

Joe%20Page's gravatar image

Joe Page
6335
accept rate: 0%

edited 25 Mar '14, 01:08

In Wireshark you could create a column for the field, export it as CSV and customize it in Excel.

(25 Mar '14, 01:58) Roland

One Answer:

0

Please try this

tshark.exe -nr input.pcap -Y "snmp" -T fields -e frame.number -e snmp.name -E header=yes -E separator=;

Hint: If -Y does not work on your system, try -R.

Sample output:

frame.number;snmp.name
1;1.3.6.1.2.1.1.2.0
2;1.3.6.1.2.1.1.2.0
3;1.3.6.1.2.1.1.5.0,1.3.6.1.2.1.1.6.0
4;1.3.6.1.2.1.1.5.0,1.3.6.1.2.1.1.6.0

Obviously you can add more fields with -e xxxx (see the display filter reference guide).

Regards
Kurt

answered 26 Mar '14, 08:13

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 26 Mar '14, 08:13