Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] SNMP OctetString display

From: "Bruynooghe, Joost" <JBruynoo@xxxxxxxxx>
Date: Tue, 15 May 2012 05:29:13 -0400
On Mon, 14 May 2012 23:58:06 -0700, Guy Harris wrote:


> What happens if:
>
> 1) your version of Wireshark is built with libsmi

That's what I have:

TShark 1.4.8
..., with SMI 0.4.8,...



> 2) OID resolution is enabled in the "Name Resolution" preferences

Yes, I have that enabled (and the MIBs added in path and modules).
The OIDs etc are correctly expanded to human-readable text in the Wireshark display.
Numeric and enumerated values are decoded correctly, it's only the OctetString values I had an issue with.



> 3) the MIB entry for the variable binding in question has a SYNTAX of, for example, DisplayString?

This is what I was missing. The MIBs I have only defined the SYNTAX as "OCTET STRING". After changing that to "DisplayString" (and importing DisplayString from SNMPv2-TC) in the MIB, I get some of the strings displayed correctly.

I still have a problem with malformed traps (Expert Info (Warn/Malformed): No instance sub-id in scalar value), where Wireshark doesn't honour the SYNTAX from the MIB.
This is a problem on the device generating the trap though, nothing to do with Wireshark.

Since I can't fix the device sending the traps, I'll stick with the hack of defining OctetString as FT_STRING.


Many thanks for your assistance.