Wireshark mailing list archives
Re: tshark: How to capture SNMP traps (UDP port 162) that might be fragmented?
From: Peter Valdemar Mørch <peter () morch com>
Date: Fri, 14 Dec 2012 10:17:50 +0100
Thank you for your reply. I can see that I have been a little unclear with my words. I'm fine with capturing more than SNMP. Hard disk space is cheap and even all UDP is manageable in size for us. I would just like to end up after post-processing with all SNMP traps including fragmented ones, using only TShark. To this end, I tried your suggestion:
tshark -2 -r unfiltered.pcap -R snmp -w snmp.pcap
To which I got: Segmentation fault (core dumped) I've created a tiny .pcap file containing two frames - a single two-fragment SNMP trap - that also exhibits this. It is attached. Hope the mailing list allows attachments... I'm just surprised it doesn't seem possible. Again, thank you for your reply! Peter
tshark -v
TShark 1.8.2 Copyright 1998-2012 Gerald Combs <gerald () wireshark org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with GLib 2.34.0, with libpcap, with libz 1.2.7, with POSIX capabilities (Linux), with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python, with GnuTLS 2.12.14, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP. Running on Linux 3.5.0-17-generic, with locale en_US.UTF-8, with libpcap version 1.3.0, with libz 1.2.7. Built using gcc 4.7.2. -- Peter Valdemar Mørch http://www.morch.com
Attachment:
linkDownFragmented.pcap
Description:
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- tshark: How to capture SNMP traps (UDP port 162) that might be fragmented? Peter Valdemar Mørch (Dec 13)
- Re: tshark: How to capture SNMP traps (UDP port 162) that might be fragmented? Guy Harris (Dec 13)
- Re: tshark: How to capture SNMP traps (UDP port 162) that might be fragmented? Peter Valdemar Mørch (Dec 14)
- Re: tshark: How to capture SNMP traps (UDP port 162) that might be fragmented? Bill Meier (Dec 14)
- Re: tshark: How to capture SNMP traps (UDP port 162) that might be fragmented? Sake Blok (Dec 15)
- Re: tshark: How to capture SNMP traps (UDP port 162) that might be fragmented? Guy Harris (Dec 15)
- Re: tshark: How to capture SNMP traps (UDP port 162) that might be fragmented? Peter Valdemar Mørch (Dec 17)
- Re: tshark: How to capture SNMP traps (UDP port 162) that might be fragmented? Peter Valdemar Mørch (Dec 14)
- Re: tshark: How to capture SNMP traps (UDP port 162) that might be fragmented? Guy Harris (Dec 13)