This document (10085070) is provided subject to the disclaimer at the end of this document.
goal
How to decode SNMP traffic with Ethereal
fact
Ethereal 0.9.13
symptom
Ethereal will not decode SNMP traffic
Ethereal displays iso as the SNMP Object identifier name
fix
Ethereal can decode SNMP traffic via any valid SNMP MIB
The packet below is a HP Laserjet SNMP packet. Without the HP MIB the SNMP packet cannot display the object information. For this reason SNMP data can be very hard to read.
But, by downloading the MIB from the vendor, then Ethereal will automatically add the information from the MIB to the packet decode. Below is the same packet with the HP MIB.
SNMP packets contain an Object identifier. This value is specific to the vendors specification. Ethereal will display the MIB name that the Object ID was found in and then the lable for the ID. For example JETDIRECT3-MIB is the name of the vendors MIB file. The label found for the Object identifier is gdStatusBytes. Imeadiately following the Object identifier is the value for this label. In this case the value is 20.
On Windows, follow these directions for MIB support. On Unix based OS's please refer to ucd-snmp/net-snmp for more information and configuration.
To install a vendors MIB, just download the MIB from the vendors website and then copy it to the "\Program Files\Ethereal\snmp\mibs" directory. You can also set an environment variable called MIB_DIRS to tell Ethereal to use a different location for your MIB files instead of the default of "\Program Files\Ethereal\snmp\mibs".
By default, Ethereal only loads a small set of the MIB directory. To enable all the MIB's to load, then create an environment variable called "MIBS" and set the value to "ALL". To disable the MIB support just set the value to "NONE".
I have noticed that, on occasion, I might try to apply a specific MIB and afterwards Ethereal will fail to load. If you experience this type of situation, then remove the newly added files and then retry by copying each one back in (on a one by one basis) to determine the problem MIB. Some MIB's might not comply or work correctly with NET-SNMP which Ethereal uses for it's MIB support.
So how do you know what MIB to get? All I see in Ethereal is the Object identifier or iso.x.x.x.x.x.x.
If Ethereal displays "iso" as the beginning name of the Object identifier, then Ethereal cannot find a MIB that defines this Object. A good source to locate the MIB for this object is the MIB depot located at
Click on the Search link and then enter the MIB number as defined by Ethereal. For our example lets search for 1.3.6.1.2.1.1.3.0
After entering the Object identifier and clicking the Search button, then wait while the website searches all of it's defined MIBS. When the search is complete it returns a list of the MIBS that contains the OID we were searching for.
In our example we found 17 definitions for this OID from several different vendors. Now we could logically decide what the device is that we are talking to in the packet trace. Then download the correct MIB for that device. By clicking on the OID name we can get a description of the OID and what it's values might be. Once you have identified the MIB that you need for Ethereal, then go back to the Home page and then click on the MIB link. Select the correct vendor, and download the MIB.
.
note
Note: Ethereal is a free open source product. Novell does not provide support for this product. The purpose of this solution is to provide Novell employees and it's customers with information regarding the use of this free tool. To download, report issues, or to request for any enhancements, please consult the Ethereal website at http://www.ethereal.com.
document
| Document Title: | How to decode SNMP traffic with Ethereal |
| Document ID: | 10085070 |
| Solution ID: | NOVL91009 |
| Creation Date: | 14Jul2003 |
| Modified Date: | 15Jul2003 |
| Novell Product Class: | NetWare |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.
