I am having an issue in both Tshark and Wireshark. I am trying to export packet details from SNMP response packets that I receive. When viewing the packet details in both Tshark and wireshark they seem to only show a certain amount of characters for the field values I am trying to get. So this in turn makes the data incomplete. Here is an example of this:
As you can see the Value ends with "..." to signify that it continues. How can I get these full values? Preferably in TShark although if you know how in Wireshark, that can set me on the right track atleast.
Every Object's value seems to cut off as long as it exceeds a certain length of chars. I want to be able to get the full value without it cutting off.
I have tried using the field options in wireshark to display only those fields, although none of them seem to return any values except for the "snmp.value.oid" field. The full syntax I used was:
tshark -i 1 -R "snmp" -O "snmp" -T fields -e snmp.value.oid -e snmp.value.octets -V
Also here is an image of the SNMP packet details, as you can see the ones labeled Values(octetstring) which is the returned value that I am looking at grabbing ends in "..." They have been shortened significantly and I would like to grab the full value.
asked 30 Mar '14, 17:31
Please try this:
If -Y does not work, please use -R instead.
Then parse the output and convert it to whatever format you need.
See also the other SNMP fields: http://www.wireshark.org/docs/dfref/s/snmp.html
answered 31 Mar '14, 01:35
Kurt Knochner ♦