This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I am looking at a large number of SNMP packets and want to be able to search them all for specific strings of human readable text. Here are some examples: "Loss" "LOS" "Loss Of Signal" "Loss of Enet link from Controller" If anyone has done anything similar, your feedback would be most welcome.

Thank you

Lars

asked 15 Jul '16, 14:13

Lars's gravatar image

Lars
6223
accept rate: 0%


You could try using a Wireshark Display Filter incorporating the "matches" (or "contains") operator.

An example:

snmp.var-bind_str matches "(?i)Los"

Replace snmp.var-bind_str with the appropriate field or fields if that's not the right one for your needs, or you could use a more generic filter, such as:

snmp and frame matches "(?i)Los"

If a case-insensitive match of "Los" is not restrictive enough, then you could always or together filters that meet your needs.

For example:

snmp.var-bind_str matches "^Loss" or snmp.var-bind_str contains "LOS"

Experiment a bit to find the filter that best meets your exact needs.

permanent link

answered 15 Jul '16, 14:45

cmaynard's gravatar image

cmaynard ♦♦
9.3k1038142
accept rate: 20%

I was able to use: snmp.value.octets contains "Loss"

I think with this type of string I can search the SNMP contents for any type of message now.

Thanks!

Lars

permanent link

answered 15 Jul '16, 16:27

Lars's gravatar image

Lars
6223
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×43

question asked: 15 Jul '16, 14:13

question was seen: 3,404 times

last updated: 15 Jul '16, 16:27

p​o​w​e​r​e​d by O​S​Q​A