Sometimes ServiceNow Technical Support will request customers to submit a Wireshark Packet trace when troubleshooting configuration items discovered via SNMP.  These devices include switches, routers, printers, UPS, load balancers etc.  Wireshark Packet Trace for devices using SNMPv3 only are encrypted.  As below:

Decrypting SNMPv3 Wireshark Packet Trace

To decrypt SNMPV3 Packet Trace you would need the SNMPV3 credentials, particularly, the username, authentication model, password, privacy protocol, and privacy password.  These can be configured in Wireshark Protocol preferences as below:


 1. From click Edit then Preferences from the Menu:



2. A pop-up window will appear called Wireshark - Preferences.  From the left pane and under Protocols, scroll down and click on SNMP:



3. After choosing SNMP another window will pop-up. On the right pane click Edit on Users Table:



4. Click the "+" icon to create new record and enter corresponding credentials and click ok to save.  Note that Engine ID is optional:



Sample decrypted SNMPv3 Wireshark Packet Trace


Additional Information

If you attach the packet trace file to an incident for example, this will still be encrypted and ServiceNow cannot decrypt the packet trace unless you share the credentials.  To date there is no functionality in Wireshark to save or export a decrypted SNMPv3 Packet Trace.  For more information please refer to SNMP wiki page.

Article Information

Last Updated:2019-05-21 11:47:10