protocol show as UDP instead of SNMP

asked 2019-04-03 07:45:00 +0000

mikodell gravatar image

I have a small pcap of an snmp v3 report then get for sysUpTime.0
I've added the right v3 username, encryption and privacy protocols and their respective passwords into the User Table under preferences->SNMP
I've added the path to the MIB directory.
But Wireshark doesn't appear to recognise the data as SNMP.
When I open the pcap, the Protocol column shows as UDP, not SNMP.
I tried right click -> decode as ... and looked for SNMP, in the list of Current values, but it isn't there.
I've uninstalled and reinstalled WS, I am on the latest version.
What am I doing wrong?

You may also get an answer faster if you provide a link to the packet capture (hosted on dropbox, gdrive, etc.).

Ross Jacobs gravatar imageRoss Jacobs ( 2019-04-03 13:56:04 +0000 )edit

So you right clicked on a UDP packet, popped up "Decode As...", double-clicked the "Current" column in the new row, and clicked on the right-hand end of the item that showed up, and the scrollable list doesn't have SNMP but has other protocols?

Guy Harris gravatar imageGuy Harris ( 2019-04-03 21:15:35 +0000 )edit

answered 2019-04-03 09:31:51 +0000

grahamb gravatar image

Check in the list of enabled protocols (Analyze | Enabled Protocols ...) that SNMP is enabled.

What port is your traffic on?

Thank you grahamb SNMP was the only protocol unchecked in Analzye->Enabled protocols 🤦‍♂️

mikodell gravatar imagemikodell ( 2019-04-04 00:31:35 +0000 )edit

@mikodell, Great, if an answer has solved your issue, please accept it so others will know that by checking the checkmark icon to the left pf the answer.

grahamb gravatar imagegrahamb ( 2019-04-04 09:26:03 +0000 )edit

