Gilles Galipeau wrote:
>I have downloaded ethereal package version 0.9.12 from
>http://prdownloads.sourceforge.net/ethereal/ethereal-setup-0.9.12.exe and I
>was wondereing why does the package includes the following folders and
>they're contents:
><installed directory>\diameter\...
>and
><installed directory>\snmp\mibs\...
>
>What are they there for?
>Are they mandatory?
I have tried to answer your questions below. The answers are based on the assumption
that you seem to
be using the Windows version (but are to some extent be relevant also for Ethereal on
other operating systems).
Regarding the "\snmp\mibs\" directory :
-----------------------------------------------------
The files in \snmp\mibs\ driectory includes some MIBs (MIB = Management Information
Base) that may be used when dissecting SNMP messages to translate numeric Object
identifiers to corresponding names. This translation is done using the NET-SNMP
library if it is available (this should be case if you have used the 0.9.12
installation package for Windows since it is built with NET-SNMP) and you have the
correct MIBs in the correct directory and NET-SNMP has been configured to load the
correct MIBs.
Simple Network Management Protocol
Version: 1
Community: security
PDU type: GET
Request Id: 0x77
Error Status: NO ERROR
Error Index: 0
Object identifier 1: 1.3.6.1.2.1.1.2.0 (SNMPv2-MIB::sysObjectID.0)
Value: NULL
Object identifier 2: 1.3.6.1.2.1.1.5.0 (SNMPv2-MIB::sysName.0)
Value: NULL
For more information about SNMP and MIBS you can check the SNMP FAQ:
http://isc.faqs.org/faqs/snmp-faq/part1/
http://isc.faqs.org/faqs/snmp-faq/part2/
In order for the translation to be done I think you have to set an environment
variable MIBS to indicate what
MIB files the NET-SNMP library shall load. I have the MIBS environment variable set to
ALL, meaning that
all files in the directory should be loaded.
You don't need to have the directory or any files in the \snmp\mibs\ directory if you
don't want, but then you will
not get the translation between OID and corresponding names that may be useful if you
are looking at SNMP
messages. It's more easy to undserstand "SNMPv2-MIB::sysName.0" than
"1.3.6.1.2.1.1.5.0".
It is possible to add more MIBs to the \snmp\mibs\ directory and get Ethereal to
translate OIDs to corresponding names
even for proprietary SNMP messages if you can find the relevant MIBs (they may be
included with the equipment or
possible to download from somewhere), e.g. :
http://www.somix.com/support/mib_resources.php
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
There could be some problems with getting Ethereal to startup if you have added a MIB
that has incorrect
syntax or similar. Ethereal may in some cases hang when NET-SNMP notices a problem
when parsing the MIBs.
Regarding the \diameter\ directory :
------------------------------------------------
The diameter dissector may use some dictionaries in XML format when dissecting
messages that it considers to be
diameter messages (with the default configuration messages to or from TCP or SCTP port
1812 will be dissected by
the Diameter dissector).
More information about Diameter protcol can be found on http://www.diameter.org
By updating the XML dictionaries in the /diameter/ directory it is possible to add
support for additional Command Codes and AVP Codes that are not included in the
default dictionaries without having to modify the source code of Ethereal. For example
if you
are dissecting 3GPP Diameter messages (http://www.3gpp.org/) you could make updates to
the dictionaries to add support
for the 3GPP specific Command Codes and AVP Codes.
In order to make the Diameter dissector to use the dictionaries in the \diameter\
directory you have to have libxml (http://xmlsoft.org) installed.
The windows binaries can be found from:
http://www.zlatkovic.com/projects/libxml/index.html
As I remember you have to put libxml2.dll and iconv.dll in C:/WINNT or similar.
If libxml is not installed or there is no files in the \diameter\ directory (or they
have faulty syntax or simlar) then the Diameter dissector will instead use a built in
dictionary that is limited to certain Command Codes and AVP codes.
If you are not interested in Diameter protcol at all you don't need to care about
installing libxml etc.
If you are not interested in Diameter protcol at all it may be good to configure the
default port number to 0 as
described in the following message:
http://www.ethereal.com/lists/ethereal-users/200209/msg00123.html
