[SNMP4J] Snmp v2 invalid community string
Frank Fock
fock at agentpp.com
Fri Dec 3 20:24:04 CET 2010
Hi,
Pleas quote the RFC and paragraph that
requires to send an authorizationError
on a request with an unknown community.
For (4) the response is undefined.
(You cannot decode something useful
from a encrypted PDU with a wrong
privacy passphrase).
To complete your summary you have to
list also the SNMP counter updates.
(2) BTW, is not returned by the agent
but by the USM of the command sender.
Best regards,
Frank
On 03.12.2010 09:09, gangadhar katakam wrote:
> Hi Frank,
>
> Thank you for your quick reply.
> If the request gets timeout, will i get null pdu in the response or any error
> message like as shown in the point no:4? - as per the below example in my
> earlier reply.
>
> I just went through the snmp standard, it says "authorizationError" when we send
> wrong community string.
> Please let me know the expected behavior.
>
>
> I tried with SNMP V3 credentials. I just want to explain all possible scenarios
> so that it might be useful for all other audiences.
>
> 1) If we send an Invalid V3 username?
> Ans: I am getting an ReportPdu in the TableEvent with [1.3.6.1.6.3.15.1.1.3.0 =
> 1] i.e. usmStatsUnknownUserNames.
>
> 2) If we send authentication password less than 8 characters?
> Ans: USM passphrases must be at least 8 bytes long (RFC3414 ยง11.2)
>
> 3) If we send invalid authentication password?
> Ans: Getting an ReportPdu in the TableEvent with [1.3.6.1.6.3.15.1.1.5.0 = 1]
> i.e. usmStatsWrongDigests.
>
> 4) If we send invalid Privacy password?
> Ans: Getting an ErrorMessage in the TableEvent with "Request timed out". Here as
> it is also a wrong digest, shall we get usmStatsWrongDigests instead of timing
> out?
>
> Please correct me if i am wrong.
>
> Thanks& Regards,
> Gangadhar.Katakam
>
>
>
> ________________________________
> From: Frank Fock<fock at agentpp.com>
> To: snmp4j at agentpp.org
> Sent: Fri, December 3, 2010 7:56:34 AM
> Subject: Re: [SNMP4J] Snmp v2 invalid community string
>
> Hi,
>
> The SNMP standard requires that a message
> with a wrong community is not answered by
> the agent at all.
> Thus, you will always get a timeout.
>
> Best regards,
> Frank
>
> On 02.12.2010 11:03, gangadhar katakam wrote:
>> Hi,
>>
>> I have written sample to code to fetch data from switch using snmp v2
> community
>> string. I gave correct community string, i am able to get the data but if i
>> give
>> wrong community string, i am not getting proper error. is it an expected
>> behavior?
>>
>> I am expecting either an exception or response with invalid community string
>> oid
>> and its value in the response i.e. [1.3.6.1.6.3.6.1.2.3.0]. but i am not
>> getting
>> any of the above said items.
>>
>> Please let me know the expected behavior.
>>
>> Here is the sample code i am using:
>>
>>
>>
>> Address targetAddress = GenericAddress.parse("udp:10.31.88.93/161");
>> TransportMapping transport = new DefaultUdpTransportMapping();
>> PDU pdu = new PDU();
>> Snmp snmp = new Snmp(transport);
>> CommunityTarget target = new CommunityTarget();
>> target.setVersion(SnmpConstants.version2c);
>> target.setAddress(targetAddress);
>> target.setCommunity(new OctetString("private12"));
>> transport.listen();
>>
>> pdu.add(new VariableBinding(new OID("1.3.6.1.2.1.2.1.0")));
>> pdu.setType(PDU.GET);
>>
>> ResponseEvent response = snmp.get(pdu, target);
>> PDU pduResponse = response.getResponse();
>> System.out.println("pdu response:::"+pduResponse);
>> Vector vbs = pduResponse.getVariableBindings();
>> System.out.println("Variable Bindings:::"+vbs);
>>
>> Thanks& Regards,
>> Gangadhar.Katakam
>>
>>
>>
>> _______________________________________________
>> SNMP4J mailing list
>> SNMP4J at agentpp.org
>> http://lists.agentpp.org/mailman/listinfo/snmp4j
>
--
AGENT++
http://www.agentpp.com
http://www.snmp4j.com
http://www.mibexplorer.com
http://www.mibdesigner.com
More information about the SNMP4J
mailing list