[SNMP4J] SNMP4J/NET-SNMP Interoperability issue?
Rodrigues, Rui 1. (NSN - PT/Amadora)
rui.1.rodrigues at nsn.com
Tue Jun 28 10:55:59 CEST 2011
Hello,
When using wrong credentials, the agent answer is a report and not a get-response. The report comes with the error in the varbind list. In this case 1.3.6.1.6.3.15.1.1.5.0 is UsmStatsWrongDigests.
You can have other kind of errors for wrong credentials:
oidUsmStatsUnsupportedSecLevels "1.3.6.1.6.3.15.1.1.1.0" -> wrong protocols
oidUsmStatsUnknownUserNames "1.3.6.1.6.3.15.1.1.3.0" -> wrong user names
oidUsmStatsWrongDigests "1.3.6.1.6.3.15.1.1.5.0" -> wrong password
oidUsmStatsDecryptionErrors "1.3.6.1.6.3.15.1.1.6.0"
So you need to check if you received a report instead of a response and treat it accordingly.
I hope it helps.
Regards,
RAR
-----Original Message-----
From: snmp4j-bounces at agentpp.org [mailto:snmp4j-bounces at agentpp.org] On Behalf Of ext Adi Leibovich
Sent: Tuesday, June 28, 2011 9:50 AM
To: SNMP4J at agentpp.org
Subject: [SNMP4J] SNMP4J/NET-SNMP Interoperability issue?
Hi Guys,
I am using SNMP4J to send out V3 SET PDUs to remote NET-SNMP based agents.
The PDU goes out with AuthSHA and PrivAES128.
Whenever there is an encryption problem, e.g.: wrong passphrase, wrong encryption method, I get a response PDU with not errors, so my application thinks all went well, despite the SET having failed.
I am really not sure whether this is an SNMP4J problem, as wireshark shows (below) that the response PDU coming back from NET-SNMP has no error.
=========== Beginning of response PDU from the agent to my application with a wrong privacy passphrase===============================================
No. Time Source Destination Protocol Info
11213 50.968502 192.168.170.2 10.20.15.31 SNMP report 1.3.6.1.6.3.15.1.1.5.0
Frame 11213: 152 bytes on wire (1216 bits), 152 bytes captured (1216 bits) Ethernet II, Src: Cisco_c1:78:4d (00:1d:45:c1:78:4d), Dst: Vmware_9b:15:e6 (00:50:56:9b:15:e6) Internet Protocol, Src: 192.168.170.2 (192.168.170.2), Dst: 10.20.15.31 (10.20.15.31) User Datagram Protocol, Src Port: snmp (161), Dst Port: 62964 (62964) Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 593963951
msgMaxSize: 65507
msgFlags: 00
.... .0.. = Reportable: Not set
.... ..0. = Encrypted: Not set
.... ...0 = Authenticated: Not set
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: 800084a303001348006c03
1... .... = Engine ID Conformance: RFC3411 (SNMPv3)
Engine Enterprise ID: Better Place (33955)
Engine ID Format: MAC address (3)
Engine ID Data: MAC address: ArtilaEl_00:6c:03 (00:13:48:00:6c:03)
msgAuthoritativeEngineBoots: 1
msgAuthoritativeEngineTime: 67045
msgUserName: MrBetter
msgAuthenticationParameters: <MISSING>
msgPrivacyParameters: <MISSING>
msgData: plaintext (0)
plaintext
contextEngineID: 800084a303001348006c03
1... .... = Engine ID Conformance: RFC3411 (SNMPv3)
Engine Enterprise ID: Better Place (33955)
Engine ID Format: MAC address (3)
Engine ID Data: MAC address: ArtilaEl_00:6c:03 (00:13:48:00:6c:03)
contextName: <MISSING>
data: report (8)
report
request-id: 0
error-status: noError (0)
error-index: 0
variable-bindings: 1 item
1.3.6.1.6.3.15.1.1.5.0:
Object Name: 1.3.6.1.6.3.15.1.1.5.0 (iso.3.6.1.6.3.15.1.1.5.0)
================== END of response PDU from the agent to my application with a wrong privacy passphrase==================================================
================== Beginning of response PDU from the agent to my application with a working passphrase==================================================
No. Time Source Destination Protocol Info
497744 2212.114608 192.168.170.2 10.20.15.31 SNMP report 1.3.6.1.6.3.15.1.1.2.0
Frame 497744: 163 bytes on wire (1304 bits), 163 bytes captured (1304 bits) Ethernet II, Src: Cisco_c1:78:4d (00:1d:45:c1:78:4d), Dst: Vmware_9b:15:e6 (00:50:56:9b:15:e6) Internet Protocol, Src: 192.168.170.2 (192.168.170.2), Dst: 10.20.15.31 (10.20.15.31) User Datagram Protocol, Src Port: snmp (161), Dst Port: 59523 (59523) Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 294083199
msgMaxSize: 65507
msgFlags: 01
.... .0.. = Reportable: Not set
.... ..0. = Encrypted: Not set
.... ...1 = Authenticated: Set
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: 800084a303001348006c03
1... .... = Engine ID Conformance: RFC3411 (SNMPv3)
Engine Enterprise ID: Better Place (33955)
Engine ID Format: MAC address (3)
Engine ID Data: MAC address: ArtilaEl_00:6c:03 (00:13:48:00:6c:03)
msgAuthoritativeEngineBoots: 1
msgAuthoritativeEngineTime: 1833
msgUserName: MrErKrlr
msgAuthenticationParameters: b17c228272f3b49ede4400b2
[Authentication: OK]
[Expert Info (Chat/Checksum): SNMP Authentication OK]
msgPrivacyParameters: <MISSING>
msgData: plaintext (0)
plaintext
contextEngineID: 800084a303001348006c03
1... .... = Engine ID Conformance: RFC3411 (SNMPv3)
Engine Enterprise ID: Better Place (33955)
Engine ID Format: MAC address (3)
Engine ID Data: MAC address: ArtilaEl_00:6c:03 (00:13:48:00:6c:03)
contextName: <MISSING>
data: report (8)
report
request-id: 0
error-status: noError (0)
error-index: 0
variable-bindings: 1 item
1.3.6.1.6.3.15.1.1.2.0:
Object Name: 1.3.6.1.6.3.15.1.1.2.0 (iso.3.6.1.6.3.15.1.1.2.0)
============ End of response PDU from the agent to my application with a working passphrase==================================================
As you can see, both PDUs have no errors.
Could you tell me what you think? Is this a NET-SNMP issue?
Thanks!
Adi
Adi Leibowitz |Products Manager - Software Group, Matrix IT adilei at matrix.co.il | M: +972(0)544959876 | T: +972(0)99598738
_______________________________________________
SNMP4J mailing list
SNMP4J at agentpp.org
http://lists.agentpp.org/mailman/listinfo/snmp4j
More information about the SNMP4J
mailing list