I'm using Wireshark 1.12.0 to analyze SNMP captures for timeouts. I have tried to examine Wireshark SNMP Display Filter Reference (https://www.wireshark.org/docs/dfref/s/snmp.html) without much success in figuring out the correct filters.
Can someone please point me to how I can find out the answer to the following questions:
1). What is the Wireshark display filter to identify SNMP requests that take more than X seconds to respond to?
2). What is the Wireshark display filter to identify SNMP requests that do not have corresponding responses?
Your assistance is greatly appreciated, thank you in advance.
asked 22 Sep '14, 21:48
edited 23 Sep '14, 05:39
I think you're out of luck, the SNMP dissector doesn't do any request\response tracking, so there's nothing to filter on.
You can probably achieve your requirements by some form of scripting, either internally in Wireshark using Lua or possibly MATE, or externally using the scripting technology of your choice to parse tshark output.
You could raise an enhancement request on the Wireshark Bugzilla to add request\response tracking to the SNMP dissector.
answered 23 Sep '14, 06:28