Thxs for the response ... more in line ... -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Andrew Hood Sent: Tuesday, January 18, 2011 7:15 AM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] snmp decoding ...ubuntu smi issue ?... different then on windows XP ...?
Sandor, Todd (Todd) wrote: > Hi: > > I had a couple of Ubuntu newbie problems getting Wireshark installed on > Unbuntu that included SMI to allow snmp decoding and was finally able to get > it to a point where I could configure SMI paths and SMI modules ... > I also have a Wireshark on an XP box ... > > I'm using a shared SMI path (same mib files, same SMI modules names) and when > I attempt to decode exactly the same .pcap file on the XP and Ubuntu, I get > errors only on Ubuntu (and doesn't perform the decoding) but on the XP > version it works fine. Was going to resort to just use the XP version, but > thought I would send out an email asking if other people experience this > behavior? (I use Ubuntu mainly, it's a little bit of a pain to have to use > my XP box for this ...)... > > Is this just expected behavior under Ubuntu (weaker smi library > support?)....I was suggested I use smilint and I did an initial stab at this > (admit a some-what weak one), but even the "Standardized MIBs" has some have > issues (ones under /var/lib/mibs)... > > Anyone have any suggestions? > > On Unbuntu I observe: > > >>Stopped processing module RFC1213-MIB due to error(s) to prevent potential >>crash in libsmi. >>Module's conformance level: 1. >>See details at: >>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560325 > > ... > Then after added a SMI path and some private SMI module names on startup I > get: > > >>Stopped processing module TIMETRA-SERV-MIB due to error(s) to prevent >>potential crash in libsmi. >>Module's conformance level: 1. >>See details at: >>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560325 What version of libsmi does Ubuntu have? The current one is 0.4.8, but I tend to use the one in Subversion. Todd> According to "About Wireshark", it using SMI 0.4.8 ... Are your MIBs ones that come with Ubuntu, some other package, or the ones from libsmi? libsmi's parser is extremely strict and many other sources have less than perfect (to be polite) syntax and semantics. Frank and Juergen fix the MIBs they include in libsmi so they are correct. Todd> Not sure exactly, possibly with Ubuntu, how do I determine this? Todd> Notes: * there are some mibs in directories /var/lib/mibs/iana and /var/lib/mibs/ietf File /etc/smi.conf "path" points to /usr/share/mibs/ which have symbolic links to the ones in /var/lib/mibs ... * I did purge of the smi library(s), but these mibs were left in place " sudo apt-get purge libsmi2-common libsmi2-dev libsmi2ldbl", so ... (technically they should be removed if they were part of this install, no?), so this might be part of Ubuntu or ? * I removed my wireshark configuration for SMI Path and SMI modules I added, but still get error " Stopped processing module RFC1213-MIB due to error(s) to prevent potential crash in libsmi." ... * I then moved /var/lib/mibs/ietf/RFC1213-MIB somewhere else, then started wireshark again and got the same RFC1212-MIB, thus Wireshark must not be using this directory (/etc/smi.conf path points to them via sym-links in /usr/share/mibs/... Todd> If Frank/Juergen fixed the mibs, where are the put when you install the libsmi? If you want to include other MIBs you really have to make sure you have all the IMPORTS, and that smilint accepts all the MIBs as valid with the "-l 3" option at a minimum. "-l 4" would be better. Todd> If can get base to work, I look into using private mibs and work through smilint, etc., I'm a newbie and part of my issue are finger issues right now... Despite the fact that libsmi runs perfectly on 64 bit Unix systems I have not managed to get it to compile for 64 bit Windows. Now there is a 64 bit box in the house I might give it another try so i can have a 64 bit Wireshark that does SNMP decodes. Andrew -- There's no point in being grown up if you can't be childish sometimes. -- Dr. Who ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
