This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi,

Im trying to load a MIB in tshark for parsing some OIDs to text values. I've read that I need to modify the files:

/.wireshark/preferences /.wireshark/smipaths ~/.wireshark/smimodules

but the problem is that I cannot find those files in my machine. The wireshark was installed as root and I cannot find this ".wireshark" folder. Inside the wireshark directory (/usr/share/wireshark) I have only the following files:

AUTHORS-SHORT COPYING dtds ipmap.html radius smi_modules wimaxasncp capinfos.html dfilters dumpcap.html manuf randpkt.html text2pcap.html wireshark-filter.html cfilters dftest.html editcap.html mergecap.html rawshark.html tpncp wireshark.html colorfilters diameter help pdml2html.xsl services tshark.html ws.css

I'm using a Red Hat Enterprise Linux Server release 6.5.

asked 13 Mar '17, 06:08

psh1982's gravatar image

psh1982
6113
accept rate: 0%


This .wireshark directory should be available in your home directory. What your home directory is depends on the account you use to run Wireshark. Your normal user account should be based in /home, but if you run it as the root user it should be found in /root.

permanent link

answered 13 Mar '17, 12:14

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

I appreciate your reply, but I cannot find the wireshark directory in /root:

[[email protected] ~]# pwd /root [[email protected] ~]# cd .wireshark bash: cd: .wireshark: No such file or directory [[email protected] ~]# find / -name .wireshark [[email protected] ~]#

(15 Mar '17, 02:48) psh1982

To get the directories used by tshark you can run tshark -G folders.

The values of Personal configuration and Global configuration lists the directory where your files should be located.

For SNMP decoding you have to use the preference nameres.load_smi_modules: TRUE (in the preferences file or using the -o option).

To specify the folder(s) where your MIB files are located use the file smi_paths.

To specify the MIBs to load use the file smi_modules.

permanent link

answered 14 Mar '17, 00:11

Uli's gravatar image

Uli
9031515
accept rate: 29%

edited 14 Mar '17, 00:16

I don´t have the "tshark -G folders" enabled:

 [[email protected] sysadmin]# tshark -G folders
    tshark: Invalid "folders" option for -G flag, enter -G ? for more help.
    [[email protected] sysadmin]# tshark -G ?
    TShark 1.8.10 (SVN Rev Unknown from unknown)

    Usage: tshark -G [report]

    Glossary table reports:
      -G [fields]              dump glossary in original format and exit
      -G fields2               dump glossary in format 2 and exit
      -G fields3               dump glossary in format 3 and exit
      -G protocols             dump protocols in registration database and exit
      -G values                dump value, range, true/false strings and exit
      -G ftypes                dump field type basic and descriptive names
      -G decodes               dump "layer type"/"decode as" associations and exit
      -G heuristic-decodes     dump heuristic dissector tables

    Preference reports:
      -G defaultprefs          dump default preferences and exit
      -G currentprefs          dump current preferences and exit

I cannot find also the .wireshark directory in /root:

[[email protected] ~]# pwd
/root 
[[email protected] ~]# cd .wireshark
bash: cd: .wireshark: No such file or directory
[[email protected] ~]# find / -name .wireshark
[[email protected] ~]#
(15 Mar '17, 02:44) psh1982

Ah, I'm sorry. The tshark -G folders option is only available in the current master branch (2.3.X).

The personal configuration should be in $HOME/.wireshark. If this directory is missing you have to create it mkdir $HOME/.wireshark/

(15 Mar '17, 04:58) Uli

thanks for answering again :)

I've created the files but I get a warning:

[[email protected] .wireshark]# sudo tshark -i any -d udp.port==9000,snmp -f "port 9000" -O snmp -R snmp.value.octets==38:38:2d:37:33:2d:38:34:2d:35:33:2d:30:30:2d:30:30:2d:30:38:2d:46:32 -c 1 | egrep "Object Name|Value"

** (process:2955): WARNING **: /root/.wireshark/preferences line 1: No such preference "nameres.load_smi_modules" (applying your preferences once should remove this warning)

The directory and files created:

[[email protected] .wireshark]# ls -l
total 12
-rw-r--r-- 1 root root 31 Mar 15 16:57 preferences
-rw-r--r-- 1 root root 17 Mar 15 17:10 smi_modules
-rw-r--r-- 1 root root 22 Mar 15 17:11 smi_paths
[[email protected] .wireshark]# cat preferences
nameres.load_smi_modules: TRUE
[[email protected] .wireshark]# cat smi_modules
"SMIP-TRAPS-MIB"
[[email protected] .wireshark]# cat smi_paths
/usr/share/snmp/mibs/
(15 Mar '17, 09:22) psh1982

Just saw you're using an old, unsupported version (1.8.10). If I remember right option was prefs.load_smi_modules with this version.

(15 Mar '17, 12:32) Uli

Just looked at the code from back then, I think it was "name_resolve_load_smi_modules"

(15 Mar '17, 16:38) Jaap ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×43
×9

question asked: 13 Mar '17, 06:08

question was seen: 863 times

last updated: 15 Mar '17, 16:38

p​o​w​e​r​e​d by O​S​Q​A