This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Is it possible to filter SNMP packets looking for specific text in the values?

0

I am looking at a large number of SNMP packets and want to be able to search them all for specific strings of human readable text. Here are some examples: "Loss" "LOS" "Loss Of Signal" "Loss of Enet link from Controller" If anyone has done anything similar, your feedback would be most welcome.

Thank you

Lars

asked 15 Jul '16, 14:13

Lars's gravatar image

Lars
6223
accept rate: 0%

2 Answers:

0

You could try using a Wireshark Display Filter incorporating the "matches" (or "contains") operator.

An example:

snmp.var-bind_str matches "(?i)Los"

Replace snmp.var-bind_str with the appropriate field or fields if that's not the right one for your needs, or you could use a more generic filter, such as:

snmp and frame matches "(?i)Los"

If a case-insensitive match of "Los" is not restrictive enough, then you could always or together filters that meet your needs.

For example:

snmp.var-bind_str matches "^Loss" or snmp.var-bind_str contains "LOS"

Experiment a bit to find the filter that best meets your exact needs.

answered 15 Jul '16, 14:45

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%

0

I was able to use: snmp.value.octets contains "Loss"

I think with this type of string I can search the SNMP contents for any type of message now.

Thanks!

Lars

answered 15 Jul '16, 16:27

Lars's gravatar image

Lars
6223
accept rate: 0%