[SNMP4J] usmStatsNotInTimeWindows and then usmStatsWrongDigests
Frank Fock
fock at agentpp.com
Tue Nov 1 21:25:43 CET 2011
Hi Adi,
The problem seems to be that the manager (SNMP4J) resets
its MPv3 cache, because enigne boots and engine time are
reset (0 and 7 instead 1 and 2861+7+x).
At time x after the first successful request was sent, someone
deleted the Snmp instance and/or the contained MPv3
object or used a second Snmp instance with a new MPv3
instance which did not had any cache entry for the specific
SNMPv3 target engine ID.
Best regards,
Frank
Am 25.10.2011 13:38, schrieb Adi Leibovich:
> Hi guys,
>
> We have a simple manager built over SNMP4J where we encounter the following situation:
>
> 1. Manager is trying to discover agent's engine id
> 2. Agent is returning report in response
> 3. Manager is sending set request
> 4. Agent is sending usmStatsNotInTimeWindows report
> 5. Manager tries to recover (I think) and sends another set request, agent responds
> 6. After 7 secs, manager seems to send another request, which cannot be decrypted by wireshark, and is answered by usmStatsWrongDigests which my java wrapper then receives in the response pdu.
>
> Please see wireshark log below. Would very much appreciate your assistance on this.
>
> Thanks and regards,
> Adi
>
>
>
> No. Time Source Destination Protocol Info
> 248 47.515406 172.16.10.136 10.31.130.211 SNMP set-request
>
> Frame 248: 103 bytes on wire (824 bits), 103 bytes captured (824 bits)
> Arrival Time: Oct 23, 2011 15:06:33.579156000 Jerusalem Standard Time
> Epoch Time: 1319375193.579156000 seconds
> [Time delta from previous captured frame: 0.002905000 seconds]
> [Time delta from previous displayed frame: 5.038972000 seconds]
> [Time since reference or first frame: 47.515406000 seconds]
> Frame Number: 248
> Frame Length: 103 bytes (824 bits)
> Capture Length: 103 bytes (824 bits)
> [Frame is marked: False]
> [Frame is ignored: False]
> [Protocols in frame: eth:ip:udp:snmp]
> [Coloring Rule Name: Checksum Errors]
> [Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || mstp.checksum_bad==1]
> Ethernet II, Src: Vmware_a8:00:cd (00:50:56:a8:00:cd), Dst: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
> Destination: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
> Source: Vmware_a8:00:cd (00:50:56:a8:00:cd)
> Type: IP (0x0800)
> Internet Protocol, Src: 172.16.10.136 (172.16.10.136), Dst: 10.31.130.211 (10.31.130.211)
> User Datagram Protocol, Src Port: 61587 (61587), Dst Port: snmp (161)
> Simple Network Management Protocol
> msgVersion: snmpv3 (3)
> msgGlobalData
> msgID: 1659088532
> msgMaxSize: 65535
> msgFlags: 04
> .... .1.. = Reportable: Set
> .... ..0. = Encrypted: Not set
> .... ...0 = Authenticated: Not set
> msgSecurityModel: USM (3)
> msgAuthoritativeEngineID:<MISSING>
> msgAuthoritativeEngineBoots: 0
> msgAuthoritativeEngineTime: 0
> msgUserName:
> msgAuthenticationParameters:<MISSING>
> msgPrivacyParameters:<MISSING>
> msgData: plaintext (0)
> plaintext
>
> No. Time Source Destination Protocol Info
> 253 48.330148 10.31.130.211 172.16.10.136 SNMP report 1.3.6.1.6.3.15.1.1.4.0
>
> Frame 253: 143 bytes on wire (1144 bits), 143 bytes captured (1144 bits)
> Arrival Time: Oct 23, 2011 15:06:34.393898000 Jerusalem Standard Time
> Epoch Time: 1319375194.393898000 seconds
> [Time delta from previous captured frame: 0.206651000 seconds]
> [Time delta from previous displayed frame: 0.814742000 seconds]
> [Time since reference or first frame: 48.330148000 seconds]
> Frame Number: 253
> Frame Length: 143 bytes (1144 bits)
> Capture Length: 143 bytes (1144 bits)
> [Frame is marked: False]
> [Frame is ignored: False]
> [Protocols in frame: eth:ip:udp:snmp]
> [Coloring Rule Name: UDP]
> [Coloring Rule String: udp]
> Ethernet II, Src: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d), Dst: Vmware_a8:00:cd (00:50:56:a8:00:cd)
> Destination: Vmware_a8:00:cd (00:50:56:a8:00:cd)
> Source: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
> Type: IP (0x0800)
> Internet Protocol, Src: 10.31.130.211 (10.31.130.211), Dst: 172.16.10.136 (172.16.10.136)
> User Datagram Protocol, Src Port: snmp (161), Dst Port: 61587 (61587)
> Simple Network Management Protocol
> msgVersion: snmpv3 (3)
> msgGlobalData
> msgID: 1659088532
> msgMaxSize: 65507
> msgFlags: 00
> .... .0.. = Reportable: Not set
> .... ..0. = Encrypted: Not set
> .... ...0 = Authenticated: Not set
> msgSecurityModel: USM (3)
> msgAuthoritativeEngineID: 800084a303000000000000
> msgAuthoritativeEngineBoots: 1
> msgAuthoritativeEngineTime: 2860
> msgUserName:
> msgAuthenticationParameters:<MISSING>
> msgPrivacyParameters:<MISSING>
> msgData: plaintext (0)
> plaintext
>
> No. Time Source Destination Protocol Info
> 254 48.364614 172.16.10.136 10.31.130.211 SNMP set-request 1.3.6.1.4.1.33955.1.6.1.2.1.1.10.28.10.49.51.49.57.51.55.53.49.57.51 1.3.6.1.4.1.33955.1.6.1.2.1.1.16.28.10.49.51.49.57.51.55.53.49.57.51
>
> Frame 254: 227 bytes on wire (1816 bits), 227 bytes captured (1816 bits)
> Arrival Time: Oct 23, 2011 15:06:34.428364000 Jerusalem Standard Time
> Epoch Time: 1319375194.428364000 seconds
> [Time delta from previous captured frame: 0.034466000 seconds]
> [Time delta from previous displayed frame: 0.034466000 seconds]
> [Time since reference or first frame: 48.364614000 seconds]
> Frame Number: 254
> Frame Length: 227 bytes (1816 bits)
> Capture Length: 227 bytes (1816 bits)
> [Frame is marked: False]
> [Frame is ignored: False]
> [Protocols in frame: eth:ip:udp:snmp]
> [Coloring Rule Name: Checksum Errors]
> [Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || mstp.checksum_bad==1]
> Ethernet II, Src: Vmware_a8:00:cd (00:50:56:a8:00:cd), Dst: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
> Destination: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
> Source: Vmware_a8:00:cd (00:50:56:a8:00:cd)
> Type: IP (0x0800)
> Internet Protocol, Src: 172.16.10.136 (172.16.10.136), Dst: 10.31.130.211 (10.31.130.211)
> User Datagram Protocol, Src Port: 61587 (61587), Dst Port: snmp (161)
> Simple Network Management Protocol
> msgVersion: snmpv3 (3)
> msgGlobalData
> msgID: 1659088533
> msgMaxSize: 65535
> msgFlags: 07
> .... .1.. = Reportable: Set
> .... ..1. = Encrypted: Set
> .... ...1 = Authenticated: Set
> msgSecurityModel: USM (3)
> msgAuthoritativeEngineID: 800084a303000000000000
> msgAuthoritativeEngineBoots: 0
> msgAuthoritativeEngineTime: 0
> msgUserName: MrBetter
> msgAuthenticationParameters: 1ffc3dfedef9a2947fd9c6bb
> [Authentication: OK]
> [Expert Info (Chat/Checksum): SNMP Authentication OK]
> [Message: SNMP Authentication OK]
> [Severity level: Chat]
> [Group: Checksum]
> msgPrivacyParameters: d454b4a134c47db2
> msgData: encryptedPDU (1)
> encryptedPDU: 5c1cc1c1814af5343f1de8813ea1b1d94d149a867a4eaa8f...
> Decrypted ScopedPDU: 3063040b800084a3030000000000000400a35202047829cc...
> contextEngineID: 800084a303000000000000
> contextName:<MISSING>
> data: set-request (3)
>
> No. Time Source Destination Protocol Info
> 261 49.267412 10.31.130.211 172.16.10.136 SNMP report 1.3.6.1.6.3.15.1.1.2.0
>
> Frame 261: 163 bytes on wire (1304 bits), 163 bytes captured (1304 bits)
> Arrival Time: Oct 23, 2011 15:06:35.331162000 Jerusalem Standard Time
> Epoch Time: 1319375195.331162000 seconds
> [Time delta from previous captured frame: 0.081422000 seconds]
> [Time delta from previous displayed frame: 0.902798000 seconds]
> [Time since reference or first frame: 49.267412000 seconds]
> Frame Number: 261
> Frame Length: 163 bytes (1304 bits)
> Capture Length: 163 bytes (1304 bits)
> [Frame is marked: False]
> [Frame is ignored: False]
> [Protocols in frame: eth:ip:udp:snmp]
> [Coloring Rule Name: UDP]
> [Coloring Rule String: udp]
> Ethernet II, Src: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d), Dst: Vmware_a8:00:cd (00:50:56:a8:00:cd)
> Destination: Vmware_a8:00:cd (00:50:56:a8:00:cd)
> Source: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
> Type: IP (0x0800)
> Internet Protocol, Src: 10.31.130.211 (10.31.130.211), Dst: 172.16.10.136 (172.16.10.136)
> User Datagram Protocol, Src Port: snmp (161), Dst Port: 61587 (61587)
> Simple Network Management Protocol
> msgVersion: snmpv3 (3)
> msgGlobalData
> msgID: 1659088533
> msgMaxSize: 65507
> msgFlags: 01
> .... .0.. = Reportable: Not set
> .... ..0. = Encrypted: Not set
> .... ...1 = Authenticated: Set
> msgSecurityModel: USM (3)
> msgAuthoritativeEngineID: 800084a303000000000000
> msgAuthoritativeEngineBoots: 1
> msgAuthoritativeEngineTime: 2861
> msgUserName: MrBetter
> msgAuthenticationParameters: 579447283bb669aeb84ea214
> [Authentication: OK]
> [Expert Info (Chat/Checksum): SNMP Authentication OK]
> [Message: SNMP Authentication OK]
> [Severity level: Chat]
> [Group: Checksum]
> msgPrivacyParameters:<MISSING>
> msgData: plaintext (0)
> plaintext
>
> No. Time Source Destination Protocol Info
> 262 49.267973 172.16.10.136 10.31.130.211 SNMP set-request 1.3.6.1.4.1.33955.1.6.1.2.1.1.10.28.10.49.51.49.57.51.55.53.49.57.51 1.3.6.1.4.1.33955.1.6.1.2.1.1.16.28.10.49.51.49.57.51.55.53.49.57.51
>
> Frame 262: 228 bytes on wire (1824 bits), 228 bytes captured (1824 bits)
> Arrival Time: Oct 23, 2011 15:06:35.331723000 Jerusalem Standard Time
> Epoch Time: 1319375195.331723000 seconds
> [Time delta from previous captured frame: 0.000561000 seconds]
> [Time delta from previous displayed frame: 0.000561000 seconds]
> [Time since reference or first frame: 49.267973000 seconds]
> Frame Number: 262
> Frame Length: 228 bytes (1824 bits)
> Capture Length: 228 bytes (1824 bits)
> [Frame is marked: False]
> [Frame is ignored: False]
> [Protocols in frame: eth:ip:udp:snmp]
> [Coloring Rule Name: Checksum Errors]
> [Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || mstp.checksum_bad==1]
> Ethernet II, Src: Vmware_a8:00:cd (00:50:56:a8:00:cd), Dst: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
> Destination: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
> Source: Vmware_a8:00:cd (00:50:56:a8:00:cd)
> Type: IP (0x0800)
> Internet Protocol, Src: 172.16.10.136 (172.16.10.136), Dst: 10.31.130.211 (10.31.130.211)
> User Datagram Protocol, Src Port: 61587 (61587), Dst Port: snmp (161)
> Simple Network Management Protocol
> msgVersion: snmpv3 (3)
> msgGlobalData
> msgID: 1659088534
> msgMaxSize: 65535
> msgFlags: 07
> .... .1.. = Reportable: Set
> .... ..1. = Encrypted: Set
> .... ...1 = Authenticated: Set
> msgSecurityModel: USM (3)
> msgAuthoritativeEngineID: 800084a303000000000000
> msgAuthoritativeEngineBoots: 1
> msgAuthoritativeEngineTime: 2861
> msgUserName: MrBetter
> msgAuthenticationParameters: 5eb84434b01403fd966d2f7f
> [Authentication: OK]
> [Expert Info (Chat/Checksum): SNMP Authentication OK]
> [Message: SNMP Authentication OK]
> [Severity level: Chat]
> [Group: Checksum]
> msgPrivacyParameters: d454b4a134c47db3
> msgData: encryptedPDU (1)
> encryptedPDU: 179e8d4cbafeb5c27404009541a22c8a89a6c348fcafafd6...
> Decrypted ScopedPDU: 3063040b800084a3030000000000000400a35202047829cc...
> contextEngineID: 800084a303000000000000
> contextName:<MISSING>
> data: set-request (3)
>
> No. Time Source Destination Protocol Info
> 278 52.435699 10.31.130.211 172.16.10.136 SNMP get-response 1.3.6.1.4.1.33955.1.6.1.2.1.1.10.28.10.49.51.49.57.51.55.53.49.57.51 1.3.6.1.4.1.33955.1.6.1.2.1.1.16.28.10.49.51.49.57.51.55.53.49.57.51
>
> Frame 278: 228 bytes on wire (1824 bits), 228 bytes captured (1824 bits)
> Arrival Time: Oct 23, 2011 15:06:38.499449000 Jerusalem Standard Time
> Epoch Time: 1319375198.499449000 seconds
> [Time delta from previous captured frame: 0.551820000 seconds]
> [Time delta from previous displayed frame: 3.167726000 seconds]
> [Time since reference or first frame: 52.435699000 seconds]
> Frame Number: 278
> Frame Length: 228 bytes (1824 bits)
> Capture Length: 228 bytes (1824 bits)
> [Frame is marked: False]
> [Frame is ignored: False]
> [Protocols in frame: eth:ip:udp:snmp]
> [Coloring Rule Name: UDP]
> [Coloring Rule String: udp]
> Ethernet II, Src: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d), Dst: Vmware_a8:00:cd (00:50:56:a8:00:cd)
> Destination: Vmware_a8:00:cd (00:50:56:a8:00:cd)
> Source: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
> Type: IP (0x0800)
> Internet Protocol, Src: 10.31.130.211 (10.31.130.211), Dst: 172.16.10.136 (172.16.10.136)
> User Datagram Protocol, Src Port: snmp (161), Dst Port: 61587 (61587)
> Simple Network Management Protocol
> msgVersion: snmpv3 (3)
> msgGlobalData
> msgID: 1659088534
> msgMaxSize: 65507
> msgFlags: 03
> .... .0.. = Reportable: Not set
> .... ..1. = Encrypted: Set
> .... ...1 = Authenticated: Set
> msgSecurityModel: USM (3)
> msgAuthoritativeEngineID: 800084a303000000000000
> msgAuthoritativeEngineBoots: 1
> msgAuthoritativeEngineTime: 2864
> msgUserName: MrBetter
> msgAuthenticationParameters: 60acce3b350fcf1ea1c1da74
> [Authentication: OK]
> [Expert Info (Chat/Checksum): SNMP Authentication OK]
> [Message: SNMP Authentication OK]
> [Severity level: Chat]
> [Group: Checksum]
> msgPrivacyParameters: 4c450787fcbffc8f
> msgData: encryptedPDU (1)
> encryptedPDU: ee5f69f715a115723e50b91b45dc5c031a099feac59928a1...
> Decrypted ScopedPDU: 3063040b800084a3030000000000000400a25202047829cc...
> contextEngineID: 800084a303000000000000
> contextName:<MISSING>
> data: get-response (2)
>
> No. Time Source Destination Protocol Info
> 319 59.514700 172.16.10.136 10.31.130.211 SNMP Source port: 61587 Destination port: snmp
>
> Frame 319: 227 bytes on wire (1816 bits), 227 bytes captured (1816 bits)
> Arrival Time: Oct 23, 2011 15:06:45.578450000 Jerusalem Standard Time
> Epoch Time: 1319375205.578450000 seconds
> [Time delta from previous captured frame: 1.016220000 seconds]
> [Time delta from previous displayed frame: 7.079001000 seconds]
> [Time since reference or first frame: 59.514700000 seconds]
> Frame Number: 319
> Frame Length: 227 bytes (1816 bits)
> Capture Length: 227 bytes (1816 bits)
> [Frame is marked: False]
> [Frame is ignored: False]
> [Protocols in frame: eth:ip:udp:snmp]
> [Coloring Rule Name: Checksum Errors]
> [Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || mstp.checksum_bad==1]
> Ethernet II, Src: Vmware_a8:00:cd (00:50:56:a8:00:cd), Dst: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
> Destination: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
> Source: Vmware_a8:00:cd (00:50:56:a8:00:cd)
> Type: IP (0x0800)
> Internet Protocol, Src: 172.16.10.136 (172.16.10.136), Dst: 10.31.130.211 (10.31.130.211)
> User Datagram Protocol, Src Port: 61587 (61587), Dst Port: snmp (161)
> Simple Network Management Protocol
> msgVersion: snmpv3 (3)
> msgGlobalData
> msgID: 1659088535
> msgMaxSize: 65535
> msgFlags: 07
> .... .1.. = Reportable: Set
> .... ..1. = Encrypted: Set
> .... ...1 = Authenticated: Set
> msgSecurityModel: USM (3)
> msgAuthoritativeEngineID: 800084a303000000000000
> msgAuthoritativeEngineBoots: 0
> msgAuthoritativeEngineTime: 7
> msgUserName: MrBetter
> msgAuthenticationParameters: bd7d316fe0c9150f73cef028
> [Authentication: Failed calculated = 0b f5 d0 43 d2 a5 8f 3f 24 3a 76 1f]
> [Expert Info (Warn/Checksum): SNMP Authentication Error]
> [Message: SNMP Authentication Error]
> [Severity level: Warn]
> [Group: Checksum]
> msgPrivacyParameters: d454b4a134c47db6
> msgData: encryptedPDU (1)
> encryptedPDU: c61e4435a2fa3229f921f4764ba79a622de31d4ddbc85017...
> Decrypted ScopedPDU: 928470e411e135c67707c5ee918fc738865e9cdd7e4c5db4...
> BER Error: Sequence expected but class:CONTEXT(2) primitive tag:18 was unexpected
> [Expert Info (Warn/Malformed): BER Error: Sequence expected]
> [Message: BER Error: Sequence expected]
> [Severity level: Warn]
> [Group: Malformed]
>
> No. Time Source Destination Protocol Info
> 320 61.119184 10.31.130.211 172.16.10.136 SNMP report 1.3.6.1.6.3.15.1.1.5.0
>
> Frame 320: 151 bytes on wire (1208 bits), 151 bytes captured (1208 bits)
> Arrival Time: Oct 23, 2011 15:06:47.182934000 Jerusalem Standard Time
> Epoch Time: 1319375207.182934000 seconds
> [Time delta from previous captured frame: 1.604484000 seconds]
> [Time delta from previous displayed frame: 1.604484000 seconds]
> [Time since reference or first frame: 61.119184000 seconds]
> Frame Number: 320
> Frame Length: 151 bytes (1208 bits)
> Capture Length: 151 bytes (1208 bits)
> [Frame is marked: False]
> [Frame is ignored: False]
> [Protocols in frame: eth:ip:udp:snmp]
> [Coloring Rule Name: UDP]
> [Coloring Rule String: udp]
> Ethernet II, Src: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d), Dst: Vmware_a8:00:cd (00:50:56:a8:00:cd)
> Destination: Vmware_a8:00:cd (00:50:56:a8:00:cd)
> Source: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
> Type: IP (0x0800)
> Internet Protocol, Src: 10.31.130.211 (10.31.130.211), Dst: 172.16.10.136 (172.16.10.136)
> User Datagram Protocol, Src Port: snmp (161), Dst Port: 61587 (61587)
> Simple Network Management Protocol
> msgVersion: snmpv3 (3)
> msgGlobalData
> msgID: 1659088535
> msgMaxSize: 65507
> msgFlags: 00
> .... .0.. = Reportable: Not set
> .... ..0. = Encrypted: Not set
> .... ...0 = Authenticated: Not set
> msgSecurityModel: USM (3)
> msgAuthoritativeEngineID: 800084a303000000000000
> msgAuthoritativeEngineBoots: 1
> msgAuthoritativeEngineTime: 2873
> msgUserName: MrBetter
> msgAuthenticationParameters:<MISSING>
> msgPrivacyParameters:<MISSING>
> msgData: plaintext (0)
> plaintext
>
>
> _______________________________________________
> SNMP4J mailing list
> SNMP4J at agentpp.org
> http://lists.agentpp.org/mailman/listinfo/snmp4j
More information about the SNMP4J
mailing list