OSQA is unmaintained. Help us figure out where to go from here.

Hi All,

I understood that it's possible to add SNMP MIB files into the Wireshark. The question is:

  • How could I add the MIB file there?

  • Eventually, when it's added, should I expect to read / write values from the device, like other SNMP applications, like MG-SOFT? Or it's merely here to help reading the capture traffic meaning instead of seeing OIDs in the capture file, I would see object names.

Kind regards, Nima

asked 02 Aug, 01:19

Nima's gravatar image

Nima
6113
accept rate: 0%

edited 02 Aug, 01:25

sindy's gravatar image

sindy
6.0k3850

Not a complete answer but may make the answer for the first part not important for you. Wireshark is a read only tool, i.e. it doesn't generate any traffic at all. So you'll only see SNMP messages which were sent by other sources (other machines and other applications running on the same machine where the capture was taken), and having the right MIB loaded only allows Wireshark to translate OIDs into human-readable form as you expect.

(02 Aug, 01:37) sindy

SNMP MIB configuration can be found in the Preferences, under Name Resolution.

First use SMI Paths to setup the list of paths where to look for the MIB files.

Second use SMI Modules to define the MIB modules (that is the module names found in the MIB files) to be loaded.

Once that is done mark the checkbox Enable OID resolution.

You will be asked to restart Wireshark, which is needed to actually load the modules from the MIB files.

The library used to resolve OIDs to names from the modules is rather picky on MIB module correctness. If there are bugs in the MIB modules it will complain loudly. You may mark the checkbox Suppress SMI errors, but it still may not work. Also make sure MIB modules where object and syntaxes are imported from can be loaded.

permanent link

answered 02 Aug, 04:41

Jaap's gravatar image

Jaap ♦
11.6k16101
accept rate: 14%

edited 02 Aug, 04:42

Thanks for the answer. I also found out that apparently, it's very important for Wireshark that mib file name must be the same as module name which is described inside that mib file. it directly means that you cannot use a shared mib file for several devices.

(02 Aug, 06:34) Nima

Ah yes, another peculiarity of libsmi, the library doing the real work for Wireshark. I don't understand your next comment though: '...it directly means that you cannot use a shared mib file for several devices.' If you want to have a MIB module specific per device type and the various device types have common objects, then collect these in a separate MIB and import them in your device type specific MIBs.

(02 Aug, 07:05) Jaap ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×42
×9

question asked: 02 Aug, 01:19

question was seen: 309 times

last updated: 02 Aug, 07:05

p​o​w​e​r​e​d by O​S​Q​A