Date: Thu, 23 Jul 2009 15:15:03 +0200
From: j.snelders@xxxxxxxxxx
Subject: Re: [Wireshark-users] filter SNMP traps on enterprise
To: "Community support list for Wireshark"
<wireshark-users@xxxxxxxxxxxxx>
Message-ID: <4A542FF20000BF6F@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="US-ASCII"
Graag gedaan:-)
Do you get matches when you use those filters?
snmp.name == 1.3.6.1.4.1.9.9.26.2.0.1
or
snmp.name == 1.3.6.1.4.1.9.9.26.2.0.1 || snmp.name == 1.3.6.1.4.1.9.9.26.2.0.2
|| snmp.name == 1.3.6.1.4.1.9.9.26.2.0.3 || snmp.name == 1.3.6.1.4.1.9.9.26.2.0.4
Thanks
Joan
On Thu, 23 Jul 2009 11:24:54 +0100 Tony Barratt wrote:
Bedankt!
Tried that.
If use filter ="snmp.name contains 1.3.6.1.4.1.9.9.26" I get a subset of
trapd (still 10 000s) of traps roughly in line with what I am expecting.
For example:
..
SNMPv2-MIB::snmpTrapOID.0 (1.3.6.1.6.3.1.1.4.1.0): 1.3.6.1.4.1.9.9.26.2.0.2
(SNMPv2SMI::enterprises.9.9.26.2.0.2)
..
Actually I am looking for 1.3.6.1.4.1.9.9.26.2.0.1 to 1.3.6.1.4.1.9.9.26.2.0.4
traps.
But if I use filter =="snmp.name contains 1.3.6.1.4.1.9.9.26.2"
I get no matches.
Which is mysterious cos I was expecting for sure to match this line ->
SNMPv2-MIB::snmpTrapOID.0
(1.3.6.1.6.3.1.1.4.1.0): 1.3.6.1.4.1.9.9.26.2.0.2
Any suggestions?
TIA
Tony
Date: Wed, 22 Jul 2009 23:25:51 +0200
From: "Sake Blok" <sake@xxxxxxxxxx>
Subject: Re: [Wireshark-users] e: filter SNMP traps on enterprise
To: "Community support list for Wireshark"
<wireshark-users@xxxxxxxxxxxxx>
Message-ID: <8239C94436C44C3EB21EF85335434535@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"
yes, you can use "snmp.name contains 1.3.6.1.4.1" as a display filter within
Wireshark too :-)
Cheers,
