Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAM Custom Capture Filter configuration

I need to create a filter to capture SNMP writes. Does anyone know what data, mask, and offset bytes to use with snmp base?

I believe that I am looking for the third byte in the SNMP PDU to be 03 for SetRequest. The data should be 03? The offset should then be 3 (for third byte)? and the mask FF?

2 REPLIES
Silver

Re: NAM Custom Capture Filter configuration

There's actually a pretty easy solution...basically:

(1) Go to Setup->Monitor->Protocol Directory

(2) Create a new protocol at the TCP port 5190 called whatever they want

(3) Go to Capture->Settings and select the new protocol they created for their simple capture filter

In case you still want to use the custom filter, here is how to set up a filter for TCP source port 5190:

1. Go to Capture > Custom Filter > Capture Filters

2. Create a new capture filter, give it some name (e.g. tcp-port-5190)

3. Select TCP for Protocol

4. Enter "14 46" (w/out the quotation) for Data (0x1446 is the port number

5190 in hex)

5. For source port, enter "0" for Offset (for destination port, enter "2").

Select "tcp" for Base. (the src port is at offset 0 from the start of

the TCP header)

6. Click "Apply" to save your filter and select it when you start capture

New Member

Re: NAM Custom Capture Filter configuration

NAM capture filters for SNMP probably can't be done. The problem is that you must create the filter useing the "SNMP UDP" packet type and then offset so many bytes within that SNMP packet to find the SNMP PDU Type byte.

This would work if it weren't for one of the fields in the SNMP PDU having varying lengths and therefore changing the offset for each length.

The SNMP Message Type field may be 8, 9, or 10 bytes in length. This makes it impossible to give an exact offset value to triger on for the SetRequest A3 value.

387
Views
0
Helpful
2
Replies