This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Lets say I have a set-request with 3 variable-bindings. The first OID is set to an int, second OID is set to an octet string, and third OID is set to an int. When I use tshark to write the pcap to a csv file, use the following command:

tshark -r C:\mypcap.pcapng -Y "frame.number==24 and !snmp.value.null" -T fields -e snmp.value.int -e snmp.value.octets -E header=y -E separator=,

This prints out all the data I need however it is impossible to see what OIDs match up with what values, since the values are printed in order based on type and not OID. So the result of the above query would show int,int,octet string when the actual order in the packet is int, octet string, int. Is there a different display filter combination for variable-bindings that will show me what each OID was set to?

asked 11 Jan '15, 17:56

lp4968's gravatar image

lp4968
11334
accept rate: 0%


I have prepared a short groovy script to cover this issue. In my case I convert pcap files to snmpset scripts. I am extracting OID int g32 and octet values. Then I check the OID type with snmptranslate command. Finally when I know the type I take first value from concrete type.

I can share my script if you are interested.

The prerequisite is that you have snmp tools package installed in your system and have all MIBs you are interested in.

permanent link

answered 12 Jan '16, 04:52

Bartosz%20Michalik's gravatar image

Bartosz Mich...
61
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×832
×43
×9
×2
×1

question asked: 11 Jan '15, 17:56

question was seen: 2,467 times

last updated: 12 Jan '16, 04:52

p​o​w​e​r​e​d by O​S​Q​A