Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snmp decoding ...ubuntu smi issue ?... different then on windows XP ...?

From: "Sandor, Todd (Todd)" <todd.sandor () alcatel-lucent com>
Date: Tue, 18 Jan 2011 14:56:41 -0600

Thxs for the response ... more in line ...

-----Original Message-----
From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Andrew Hood
Sent: Tuesday, January 18, 2011 7:15 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] snmp decoding ...ubuntu smi issue ?... different then on windows XP ...?

Sandor, Todd (Todd) wrote:

Hi:

I had a couple of Ubuntu newbie problems getting Wireshark installed on Unbuntu that included SMI to allow snmp 
decoding and was finally able to get it to a point where I could configure SMI paths and SMI modules ...
I also have a Wireshark on an XP box ...

I'm using a shared SMI path (same mib files, same SMI modules names) and when I attempt to decode exactly the same 
.pcap file on the XP and Ubuntu, I get errors only on Ubuntu (and doesn't perform the decoding) but on the XP version 
it works fine.   Was going to resort to just use the XP version, but thought I would send out an email asking if 
other people experience this behavior?  (I use Ubuntu mainly, it's a little bit of a pain to have to use my XP box 
for this ...)...

Is this just expected behavior under Ubuntu (weaker smi library support?)....I was suggested I use smilint and I did 
an initial stab at this (admit a some-what weak one), but even the "Standardized MIBs" has some have issues (ones 
under /var/lib/mibs)...

Anyone have any suggestions?

 On Unbuntu I observe:



Stopped processing module RFC1213-MIB due to error(s) to prevent potential crash in libsmi.
Module's conformance level: 1.
See details at:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560325


...
Then after added a SMI path and some private SMI module names on startup I get:



Stopped processing module TIMETRA-SERV-MIB due to error(s) to prevent potential crash in libsmi.
Module's conformance level: 1.
See details at:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560325


What version of libsmi does Ubuntu have? The current one is 0.4.8, but I
tend to use the one in Subversion.

Todd> According to "About Wireshark", it using SMI 0.4.8 ...

Are your MIBs ones that come with Ubuntu, some other package, or the
ones from libsmi? libsmi's parser is extremely strict and many other
sources have less than perfect (to be polite) syntax and semantics.
Frank and Juergen fix the MIBs they include in libsmi so they are correct.

Todd> Not sure exactly, possibly with Ubuntu, how do I determine this? 
Todd> Notes:
* there are some mibs in directories /var/lib/mibs/iana and /var/lib/mibs/ietf   File /etc/smi.conf "path" points to 
/usr/share/mibs/ which have symbolic links to the ones in /var/lib/mibs ...
* I did purge of the smi library(s), but these mibs were left in place " sudo apt-get purge libsmi2-common libsmi2-dev 
libsmi2ldbl", so ... (technically they should be removed if they were part of this install, no?), so this might be part 
of Ubuntu or ?
* I removed my wireshark configuration for SMI Path and SMI modules I added, but still get error " Stopped processing 
module RFC1213-MIB due to error(s) to prevent potential crash in libsmi." ...
* I then moved /var/lib/mibs/ietf/RFC1213-MIB somewhere else, then started wireshark again and got the same 
RFC1212-MIB, thus Wireshark must not be using this directory (/etc/smi.conf path points to them via sym-links in 
/usr/share/mibs/...

Todd> If Frank/Juergen fixed the mibs, where are the put when you install the libsmi?

If you want to include other MIBs you really have to make sure you have
all the IMPORTS, and that smilint accepts all the MIBs as valid with the
"-l 3" option at a minimum. "-l 4" would be better.

Todd> If can get base to work, I look into using private mibs and work through smilint, etc., I'm a newbie and part of 
my issue are finger issues right now...

Despite the fact that libsmi runs perfectly on 64 bit Unix systems I
have not managed to get it to compile for 64 bit Windows. Now there is a
64 bit box in the house I might give it another try so i can have a 64
bit Wireshark that does SNMP decodes.

Andrew
-- 
There's no point in being grown up if you can't be childish sometimes.
                -- Dr. Who
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: