2010-07-09

Resolving SNMP OID in snmpbulkwalk and tshark

This isn't exactly esoteric science but at least for me it has been too hard and I've rather looked up OIDs manually, which makes little sense in the long run.

NET-SNMP

First of all, you probably want to set system wide version and community, so you never need to type them on snmpbulkwalk
# cat /etc/snmp/snmp.conf defVersion 2c defCommunity supersecret #
Also I prefer to have vendor MIBs for my user only, as I might want to load lot of them, which will give lot of warnings, which other users may not want.
# cat ~/.snmp/snmp.conf mibs +ALL #
Instead of +ALL you could add named MIBs which to load, ~/.snmp/mibs/ directory is searched for users MIBs. You could start by uncompressing ftp://ftp.cisco.com/pub/mibs/v2/v2.tar.gz there. Now you should be able to snmpbulkwalk router by giving just its name, no version, no community and OIDs should be resolved.

WIRESHARK/TSHARK

To me this is more useful than net-snmp, to lab what type of traps router would send and in what situation. For some weird reason wireshark/tshark doesn't honour net-snmp settings, but needs its own settings.
# cat ~/.wireshark/prefefences name_resolve: mtC name_resolve_load_smi_modules: TRUE snmp.display_oid: TRUE snmp.desegment: TRUE snmp.var_in_tree: TRUE # cat ~/.wireshark/smi_paths "/home/WINRARISU/.snmp/mibs" # cat ~/.wireshark/smi_modules "IP-MIB" "IF-MIB" "TCP-MIB" "UDP-MIB" "SNMPv2-MIB" "RFC1213-MIB" "IPV6-ICMP-MIB" "IPV6-MIB" "SNMP-COMMUNITY-MIB" "SNMP-FRAMEWORK-MIB" "SNMP-MPD-MIB" "SNMP-NOTIFICATION-MIB" "SNMP-PROXY-MIB" "SNMP-TARGET-MIB" "SNMP-USER-BASED-SM-MIB" "SNMP-USM-DH-OBJECTS-MIB" "SNMP-VIEW-BASED-ACM-MIB" "BGP4-MIB" "CISCO-BGP4-MIB" "MPLS-LDP-CAPABILITY" "MPLS-LDP-GENERIC-STD-MIB" "MPLS-LDP-STD-MIB" "CISCO-IETF-ISIS-CAPABILITY" "CISCO-IETF-ISIS-MIB" #
Now 'tshark port snmp-trap or port snmp' should happily display resolved names as well. To decide which MIBs to add in smi_modules you can use 'snmptranslate OID' to translate given OID to its symbolic name for easy grep against your MIB dir.

No comments:

Post a comment