Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] snmp decoding ...ubuntu smi issue ?... different then on win

From: Andrew Hood <ajhood@xxxxxxxxx>
Date: Tue, 18 Jan 2011 23:14:30 +1100
Sandor, Todd (Todd) wrote:
> Hi:
> 
> I had a couple of Ubuntu newbie problems getting Wireshark installed on Unbuntu that included SMI to allow snmp decoding and was finally able to get it to a point where I could configure SMI paths and SMI modules ...
> I also have a Wireshark on an XP box ...
> 
> I'm using a shared SMI path (same mib files, same SMI modules names) and when I attempt to decode exactly the same .pcap file on the XP and Ubuntu, I get errors only on Ubuntu (and doesn't perform the decoding) but on the XP version it works fine.   Was going to resort to just use the XP version, but thought I would send out an email asking if other people experience this behavior?  (I use Ubuntu mainly, it's a little bit of a pain to have to use my XP box for this ...)...
> 
> Is this just expected behavior under Ubuntu (weaker smi library support?)....I was suggested I use smilint and I did an initial stab at this (admit a some-what weak one), but even the "Standardized MIBs" has some have issues (ones under /var/lib/mibs)...
> 
> Anyone have any suggestions?
> 
>  On Unbuntu I observe:
> 
> 
>>Stopped processing module RFC1213-MIB due to error(s) to prevent potential crash in libsmi.
>>Module's conformance level: 1.
>>See details at:
>>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560325
> 
> ...
> Then after added a SMI path and some private SMI module names on startup I get:
> 
> 
>>Stopped processing module TIMETRA-SERV-MIB due to error(s) to prevent potential crash in libsmi.
>>Module's conformance level: 1.
>>See details at:
>>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560325

What version of libsmi does Ubuntu have? The current one is 0.4.8, but I
tend to use the one in Subversion.

Are your MIBs ones that come with Ubuntu, some other package, or the
ones from libsmi? libsmi's parser is extremely strict and many other
sources have less than perfect (to be polite) syntax and semantics.
Frank and Juergen fix the MIBs they include in libsmi so they are correct.

If you want to include other MIBs you really have to make sure you have
all the IMPORTS, and that smilint accepts all the MIBs as valid with the
"-l 3" option at a minimum. "-l 4" would be better.

Despite the fact that libsmi runs perfectly on 64 bit Unix systems I
have not managed to get it to compile for 64 bit Windows. Now there is a
64 bit box in the house I might give it another try so i can have a 64
bit Wireshark that does SNMP decodes.

Andrew
-- 
There's no point in being grown up if you can't be childish sometimes.
                -- Dr. Who