Hello, I've done a bit of searching, but I cannot seem to find an appropriate answer. I've seen wireshark displays before where you can capture on port 162 and see all the trap oids and varbinds. I'm in the process right now of writing trap definitions for an NMS suite, and need to see the trap contents, rather than hex or un-normalized trap garble. Currently, I sent a test trap from a test box of mine, and in the "data" section of the packet capture, it displays hex on one side and some of the trap information spaced between "...." and other garbled text. How do I get wireshark to display this as a list of OID's? This is the view I have of a trap, which is basically very unhelpful asked 21 Aug '15, 10:44  James Newman |
One Answer:
0x0800 means the frame contains an IPv4 packet. Try an SNMP sample capture from here and check if it's being displayed correctly. answered 21 Aug '15, 11:47  Roland I tried the b6300a.cap file and it displays Protocol SNMP correctly and I can see varbinds. Any idea why my capture is not being registered as SNMP? (21 Aug '15, 11:53) James Newman How did you capture the traffic? Can you please post a link to the packet capture. (21 Aug '15, 13:38) Roland |
Also, I notice that the SNMP layer of the packet is not even displayed. It's being seen as protocol 0x0800 instead of SNMP. Any idea what's going on? I'm very confused =(
I am on 1.12.7 release btw