) button and the packets list will be cleared.The SNMP Packet Analyzer can be used to analyze all SNMP packets sent and received by MIB Explorer and in addition packets you provide as a hex string. By default the packet capturing is disabled to save resources and increase overall performance.
The panel is the second to right tab of the panel. It is divided into three areas:
1. The top most pane contains a list of all captured packets with their source and destination addresses, their transport, size and content (as a hex string). Packets you have entered manually for analysis have an all zero source and target address with UDP as transport.
2. The left pane contains the SNMP message structure of the selected message as a tree. The tree reflects the SNMPv1, v2c, or v3 message format defined using the Abstract Syntax Notation 1 (ASN.1). The tool tips of the tree nodes and the node text provide you with information about the messages's encoding according to the Basic Encoding Rules (BER).
3. The right pane displays the selected packet as a hex dump with a view of the printable characters on the right. The above selected BER element (node) is highlighted through bold text within the message's hex dump.
Captured packets can be saved into a capture XML file. The XML schema for the capture file format can be found in the xsd directory of the MIB Explorer installation. Capture files can be opened later at any time to continue analysis
Pro Edition
The packet analyzer of MIB Explorer Pro tries to decrypt the scoped PDU of SNMPv3 DES, 3DES or AES encrypted messages on the fly when displaying the messages BER structure. When the security credentials have been changed or are not identical with those used by the message sender, then the structure tree may contain a "BER error..." node below the "Encrypted Scoped PDU:..." node. This node does not actually indicate an error - it is just caused by an incorrect decryption of the scoped PDU due to non-matching security credentials.
When you click on a node within an encrypted scoped PDU then the scoped PDU will be displayed decrypted in the hex dump at the appropriate place. Because decrypted PDUs may have less payload bytes than their encrypted counter part, it may contain superfluous bytes at its end.
To Start Packet Capturing
1. Select the Packets tab from the tools panel.
2. Click on the toggle button. MIB Explorer will start to capture all SNMP packets send and received via the configured transport mappings.
To Stop Packet Capturing
1. Select the tab from the tools panel.
2. Click on the toggle button to deselect it. MIB Explorer immediately stops capturing packets.
To Clear Packet List
1. Select the tab from the tools panel.
2. Click on the () button and the packets list will be cleared.
To Save Packet List
1. Select the tab from the tools panel.
2. Click on the (
) button.
3. Specify a (new) XML file to store the captured packets (those currently in the packet list).
4. Click to save the file.
To Open a Packet List
1. Select the tab from the tools panel.
2. Click on the (
) button.
3. Specify a previously saved captured packets XML file.
4. Click on to load the packets into the packets list. Any already listed packets will be removed and replaced by the packets in the loaded file.
To Manually Analyse (Decode) a Packet
1. Select the tab from the tools panel.
2. Click on the (
) button.
3. Enter a complete SNMP message in hexadecimal format (bytes separated by a colon) and press .
4. The message will be added to the packet list. Click on it in the list to analyse its structure and content.