1
votes

I have a pcap file containing tons of snmp packets.

I would like to export those packet to a file but as printable text the same way as we can do using wireshark Click packet -> right click -> copy -> Bytes -> Printable Text Only.

I looked around and found tshark can do this but need to specify a field name and this is where I have a problem. I cant figure out what field should be used.

For example if I specify "tshark -Tfields -e snmp.data -r tcpdump.pcap" then I am going to get the amount of item in the data list and not printable text.

This post was interesting but data.data seems not working for snmp traps.

Another try I did is the "tshark -Tfields -e snmp.variable_bindings -r tcpdump.pcap", but this is also not going to display any bytes or printable text.

Hope somebody can help.

1

1 Answers

1
votes

I finally found the answer.

The field to use was snmp.value.octets.

So the final command is "tshark -V -Tfields -e snmp.value.octets -r tcpdump.pcap" and this will print octets.

Remain to convert the octets to a printable char using an external script.

Hope this help anybody in the same situation.