Using the PCAP SNMP Parser

This chapter contains the following sections:

Using the PCAP SNMP Parser

The PCAP SNMP parser is a tool to analyze SNMP packets captured in .pcap format. It runs on the switch and generates a statistics report for all of the SNMP get, getnext, getbulk, set, trap, and response requests sent to the switch.

To use the PCAP SNMP parser, use one of the following commands:

  • debug packet-analysis snmp [mgmt0 | inband] duration seconds [output-file] [keep-pcap] —Captures packets for a specified number of seconds using Tshark, saves them in a temporary .pcap file, and then analyzes them based on this .pcap file.

    The results are saved in the output file or printed to the console, if the output file is not specified. The temporary .pcap file is deleted by default, unless you use the keep-pcap option. Packet capture can be performed on the management interface (mgmt0), which is the default, or the inband interface.

    Examples:

    switch# debug packet-analysis snmp duration 100
    
    switch# debug packet-analysis snmp duration 100 bootflash:snmp_stats.log
    
    switch# debug packet-analysis snmp duration 100 bootflash:snmp_stats.log keep-pcap
    
    switch# debug packet-analysis snmp inband duration 100
    
    switch# debug packet-analysis snmp inband duration 100 bootflash:snmp_stats.log
    
    switch# debug packet-analysis snmp inband duration 100 bootflash:snmp_stats.log keep-pcap
    
    
  • debug packet-analysis snmp input-pcap-file [output-file]—Analyzes the captured packets on an existing .pcap file.

    Examples:

    switch# debug packet-analysis snmp bootflash:snmp.pcap
    
    switch# debug packet-analysis snmp bootflash:snmp.pcap bootflash:snmp_stats.log
    
    

The following example shows a sample statistics report for the debug packet-analysis snmp [mgmt0 | inband] duration command :

switch# debug packet-analysis snmp duration 10
Capturing on eth0
36
wireshark-cisco-mtc-dissector: ethertype=0xde09, devicetype=0x0
wireshark-broadcom-rcpu-dissector: ethertype=0xde08, devicetype=0x0

Started analyzing. It may take several minutes, please wait!

Statistics Report
-----------------------------------------
SNMP Packet Capture Duration: 0 seconds
Total Hosts: 1
Total Requests: 18
Total Responses: 18
Total GET: 0
Total GETNEXT: 0
Total WALK: 1 (NEXT: 18)
Total GETBULK: 0
Total BULKWALK: 0 (BULK: 0)
Total SET: 0
Total TRAP: 0
Total INFORM: 0

Hosts         GET  GETNEXT  WALK(NEXT) GETBULK  BULKWALK(BULK) SET  TRAP  INFORM  RESPONSE
------------------------------------------------------------------------------------------
10.22.27.244   0     0        1(18)      0         0(0)         0    0      0       18

Sessions
--------
1

MIB Objects GET  GETNEXT  WALK(NEXT) GETBULK(Non_rep/Max_rep) BULKWALK(BULK, Non_rep/Max_rep)
---------------------------------------------------------------------------------------------
ifName      0       0        1(18)      0                        0                             

SET     Hosts
--------------------
0       10.22.27.244