Ask Your Question
0

MIB decoding for varying devices.

asked 2019-03-04 22:51:07 +0000

ejhellertc gravatar image

updated 2019-03-04 22:58:50 +0000

Hi, I work with devices that use SNMP for transferring data. Different manufacturers have device specific variations of a common MIB. Is there a way to save and load a MIB path configuration for different devices so that I can decode the OID with the correct MIB? Thanks, Ed.

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
1

answered 2019-03-05 01:21:44 +0000

cmaynard gravatar image

updated 2019-03-05 01:32:43 +0000

The smi_paths file isn't saved per-profile, so unfortunately you can't use different profiles to solve your problem, at least not without a Wireshark enhancement to support this. You can file such an enhancement request on the Wireshark Bug Tracker if you like.

Alternatively, you might be able to accomplish this by specifying the path as a Wireshark option when Wireshark is started. For example, on Windows I tested this with:

wireshark -o "uat:smi_paths:\"C:\x5cWireshark\x5cmibs\""

If there's already a path specified, the default on Windows being C:\Program Files\Wireshark\snmp\mibs you will likely have to either remove that path first using Edit -> Preferences... -> Name Resolution -> SMI (MIB and PIB) paths -> Edit -> Select entry -> click [-] or just delete/rename the smi_paths file, as this command-line uat option only appends the path, so the first path is still going to be active.

Note that this does come with an annoying side-effect in that Wireshark pops up a dialog indicating that, "Wireshark needs to be restarted for these changes to take effect". At the moment, I'm unable to test whether that's really true or not (i.e., that you have to save the preference and restart Wireshark), but if that is the case, then obviously this method won't work all that well.

All in all, the best way to work around smi_paths not currently being saved per profile might be to wrap Wireshark in a script or batch file where you first copy the desired smi_paths file to your Wireshark personal configuration folder and then start Wireshark. For example (again, on Windows):

@echo off
set batfile=%~nx0

if /i ["%~1"] == ["-h"] goto usage
if ["%~1"] == [""] goto usage
if not exist %1 (
    echo File not found.
    goto :eof
)

move /y %APPDATA%\Wireshark\smi_paths %APPDATA%\Wireshark\smi_paths_save
copy /y %1 %APPDATA%\Wireshark\smi_paths
wireshark
move /y %APPDATA%\Wireshark\smi_paths_save %APPDATA%\Wireshark\smi_paths
goto :eof

:usage
    echo %batfile% ^<file^>

So, after first creating the various smi_paths files containing paths to per-manufacturer mibs, you could invoke the batch file as:

ws_smi_paths.bat manuf1_smi_paths

or

ws_smi_paths.bat manuf2_smi_paths

… and so on.

edit flag offensive delete link more

Comments

The reason for the need to reload Wireshark is that the library used to work with the MIBs (libsmi) does not support reconfiguration. That is why profile switching doesn't really work well for SMI paths. The real problem is that manufacturers have device specific variations of a common MIB, that should not be.

Jaap gravatar imageJaap ( 2019-03-05 07:51:26 +0000 )edit

@cmaynard: Thanks for the quick response. I was afraid that the answer was going to be something like this. I had anticipated that I would have to do some file tracking to deal with this, but hoped that I was wrong. @Jaap: Yes, modifying a common MIB is a bad thing, but nonetheless, it is something that we have to deal with. The other problem is that different manufacturers develop proprietary MIB extensions on their own OID branch, but sometimes the name of the MIB is the same as another device's. Even different versions of the same device firmware might have vastly different MIBs, but the same DESCRIPTION. We have an application that communicates with these different devices and it uses an smi.conf file to delineate the variations in MIB configurations using tags.

ejhellertc gravatar imageejhellertc ( 2019-03-05 13:38:46 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-03-04 22:51:07 +0000

Seen: 857 times

Last updated: Mar 05 '19