Wireshark · Wireshark-users: [Wireshark-users] filter SNMP traps on enterprise

Wireshark-users: [Wireshark-users] filter SNMP traps on enterprise

From: Tony Barratt <tbarratt@xxxxxxxxxxx>

Date: Wed, 22 Jul 2009 16:13:17 +0100

Hello List,

I have just installed wireshark 1.2.1 on Windows and I want to use it toanalyze some SNMP traps collect on a linux box with tcpdump,using tcpdump -nnvvXSs 1514 -i eth0 -C 15 udp and port 162 -w bert.cap.If I understand correctly from using google this will allow for trapanalysis.

Have now loaded a 10 min capture file into wireshark, There are over 100000 packets within.I need to filter stuff out but the source is always the same because thetraps arrive via a trap forwarder.One trap I am very interested in is demandNbrCallDetails or because Idont have the mibs loaded 1.3.6.1.4.1.9.9.26.2.0.4.

Can someone please tell me if I can look inside the trap and filter onsay the enterprise ( 1.3.6.1.3.1.1.5 for example)

or the agent-addr (196.168.12.12 for example) ?

Thanks v much in advance

Tony

Follow-Ups:
- Re: [Wireshark-users] filter SNMP traps on enterprise
  - From: j . snelders

Prev by Date: Re: [Wireshark-users] LAPD decode problem
Next by Date: [Wireshark-users] Why are there a lot of ARP traffic in a network?
Previous by thread: [Wireshark-users] help ragarding wireshark
Next by thread: Re: [Wireshark-users] filter SNMP traps on enterprise
Index(es):
- Date
- Thread