Wireshark-dev: Re: [Wireshark-dev] SNMP OctetString display
From: Guy Harris <[email protected]>
Date: Mon, 14 May 2012 23:58:06 -0700
On May 14, 2012, at 6:03 AM, Bruynooghe, Joost wrote:

> When decoding SNMP messages in wireshark (using version 1.4.8 in my case), all "Octet String" values appear as hex strings in the GUI rather then being shown as human-readable strings.

What happens if:

	1) your version of Wireshark is built with libsmi:

$ ./tshark -v
TShark 1.7.2 (SVN Rev 42622 from /trunk)

Copyright 1998-2012 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.29.8, with libpcap, with libz 1.2.3, without POSIX
capabilities, with SMI 0.4.8 ...
              ^^^^^^^^^^^^^^

	2) OID resolution is enabled in the "Name Resolution" preferences;

	3) the MIB entry for the variable binding in question has a SYNTAX of, for example, DisplayString?

At least for me, that causes the value to show up as a string, because the value is not put into the protocol tree as the "snmp.value.octets" file, but is put in as the "SNMPv2-MIB.sysDescr" field, which is given a type of FT_STRING as it's a DisplayString.