Hi Wireshark experts
I use SNMP walk for capture some mac address and find after 4.x version some mac address will auto display as ASCII but before 4.x it display normal. Is there some code change ?
There was a code change to address issue 16900 which was included in Wireshark version 3.4.0 and later. This change results in an OCTET STRING being presented as an ASCII string only when all octets contain printable ASCII values. This heuristic does sometimes give a false positive, e.g., when it so happens that all the octets of a MAC address happen to be all printable ASCII values, as the question shows.
An issue could be raised to request to show OCTET STRINGs as bytes always, and as an ASCII string only in addition to it, when the heuristic suggests it is an ASCII string.
In this case ifPhysAddress -> PhysAddress -> OCTET STRING so working as coded.
Could there be a SNMP preference setting to display OIDs of type PhysAddress as hex?
There is code in epan/oids.c handle MAC address OIDs:{"MacAddress",SMI_BASETYPE_UNKNOWN,ðer_type},
ifPhysAddress OBJECT-TYPE
SYNTAX PhysAddress
PhysAddress ::= TEXTUAL-CONVENTION
DISPLAY-HINT "1x:"
STATUS current
DESCRIPTION
"Represents media- or physical-level addresses."
SYNTAX OCTET STRING
Asked: 2023-01-02 01:36:18 +0000
Seen: 122 times
Last updated: Jan 04 '23
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
Can you show a snippet of text of what you refer to?
if i use 3.x wireshark open the SNMP output for mac is as 38 7c 76 4a 21 20 if use 4.x will display as ASCII output 8|vJ!
What does the MIB define as syntax for this object? Probably OCTET STRING.
Then this is probably a consequence of issue 16900
What is the OID (mib variable) you're looking at?
Not Mib checking only OID output result display is different