Re: SNMP OctetString display

[Guy Harris <guy () alum mit edu>]

On May 14, 2012, at 6:03 AM, Bruynooghe, Joost wrote:

> When decoding SNMP messages in wireshark (using version 1.4.8 in my case), all "Octet String" values appear as hex 
> strings in the GUI rather then being shown as human-readable strings.

What happens if:

        1) your version of Wireshark is built with libsmi:

$ ./tshark -v
TShark 1.7.2 (SVN Rev 42622 from /trunk)

Copyright 1998-2012 Gerald Combs <gerald () wireshark org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.29.8, with libpcap, with libz 1.2.3, without POSIX
capabilities, with SMI 0.4.8 ...
              ^^^^^^^^^^^^^^

        2) OID resolution is enabled in the "Name Resolution" preferences;

        3) the MIB entry for the variable binding in question has a SYNTAX of, for example, DisplayString?

At least for me, that causes the value to show up as a string, because the value is not put into the protocol tree as 
the "snmp.value.octets" file, but is put in as the "SNMPv2-MIB.sysDescr" field, which is given a type of FT_STRING as 
it's a DisplayString.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe