[SNMP4J] usmStatsNotInTimeWindows and then usmStatsWrongDigests
Adi Leibovich
adilei at matrix.co.il
Tue Oct 25 13:38:03 CEST 2011
Hi guys,
We have a simple manager built over SNMP4J where we encounter the following situation:
1. Manager is trying to discover agent's engine id
2. Agent is returning report in response
3. Manager is sending set request
4. Agent is sending usmStatsNotInTimeWindows report
5. Manager tries to recover (I think) and sends another set request, agent responds
6. After 7 secs, manager seems to send another request, which cannot be decrypted by wireshark, and is answered by usmStatsWrongDigests which my java wrapper then receives in the response pdu.
Please see wireshark log below. Would very much appreciate your assistance on this.
Thanks and regards,
Adi
No. Time Source Destination Protocol Info
248 47.515406 172.16.10.136 10.31.130.211 SNMP set-request
Frame 248: 103 bytes on wire (824 bits), 103 bytes captured (824 bits)
Arrival Time: Oct 23, 2011 15:06:33.579156000 Jerusalem Standard Time
Epoch Time: 1319375193.579156000 seconds
[Time delta from previous captured frame: 0.002905000 seconds]
[Time delta from previous displayed frame: 5.038972000 seconds]
[Time since reference or first frame: 47.515406000 seconds]
Frame Number: 248
Frame Length: 103 bytes (824 bits)
Capture Length: 103 bytes (824 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:udp:snmp]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || mstp.checksum_bad==1]
Ethernet II, Src: Vmware_a8:00:cd (00:50:56:a8:00:cd), Dst: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
Destination: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
Source: Vmware_a8:00:cd (00:50:56:a8:00:cd)
Type: IP (0x0800)
Internet Protocol, Src: 172.16.10.136 (172.16.10.136), Dst: 10.31.130.211 (10.31.130.211)
User Datagram Protocol, Src Port: 61587 (61587), Dst Port: snmp (161)
Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 1659088532
msgMaxSize: 65535
msgFlags: 04
.... .1.. = Reportable: Set
.... ..0. = Encrypted: Not set
.... ...0 = Authenticated: Not set
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: <MISSING>
msgAuthoritativeEngineBoots: 0
msgAuthoritativeEngineTime: 0
msgUserName:
msgAuthenticationParameters: <MISSING>
msgPrivacyParameters: <MISSING>
msgData: plaintext (0)
plaintext
No. Time Source Destination Protocol Info
253 48.330148 10.31.130.211 172.16.10.136 SNMP report 1.3.6.1.6.3.15.1.1.4.0
Frame 253: 143 bytes on wire (1144 bits), 143 bytes captured (1144 bits)
Arrival Time: Oct 23, 2011 15:06:34.393898000 Jerusalem Standard Time
Epoch Time: 1319375194.393898000 seconds
[Time delta from previous captured frame: 0.206651000 seconds]
[Time delta from previous displayed frame: 0.814742000 seconds]
[Time since reference or first frame: 48.330148000 seconds]
Frame Number: 253
Frame Length: 143 bytes (1144 bits)
Capture Length: 143 bytes (1144 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:udp:snmp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d), Dst: Vmware_a8:00:cd (00:50:56:a8:00:cd)
Destination: Vmware_a8:00:cd (00:50:56:a8:00:cd)
Source: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
Type: IP (0x0800)
Internet Protocol, Src: 10.31.130.211 (10.31.130.211), Dst: 172.16.10.136 (172.16.10.136)
User Datagram Protocol, Src Port: snmp (161), Dst Port: 61587 (61587)
Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 1659088532
msgMaxSize: 65507
msgFlags: 00
.... .0.. = Reportable: Not set
.... ..0. = Encrypted: Not set
.... ...0 = Authenticated: Not set
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: 800084a303000000000000
msgAuthoritativeEngineBoots: 1
msgAuthoritativeEngineTime: 2860
msgUserName:
msgAuthenticationParameters: <MISSING>
msgPrivacyParameters: <MISSING>
msgData: plaintext (0)
plaintext
No. Time Source Destination Protocol Info
254 48.364614 172.16.10.136 10.31.130.211 SNMP set-request 1.3.6.1.4.1.33955.1.6.1.2.1.1.10.28.10.49.51.49.57.51.55.53.49.57.51 1.3.6.1.4.1.33955.1.6.1.2.1.1.16.28.10.49.51.49.57.51.55.53.49.57.51
Frame 254: 227 bytes on wire (1816 bits), 227 bytes captured (1816 bits)
Arrival Time: Oct 23, 2011 15:06:34.428364000 Jerusalem Standard Time
Epoch Time: 1319375194.428364000 seconds
[Time delta from previous captured frame: 0.034466000 seconds]
[Time delta from previous displayed frame: 0.034466000 seconds]
[Time since reference or first frame: 48.364614000 seconds]
Frame Number: 254
Frame Length: 227 bytes (1816 bits)
Capture Length: 227 bytes (1816 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:udp:snmp]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || mstp.checksum_bad==1]
Ethernet II, Src: Vmware_a8:00:cd (00:50:56:a8:00:cd), Dst: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
Destination: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
Source: Vmware_a8:00:cd (00:50:56:a8:00:cd)
Type: IP (0x0800)
Internet Protocol, Src: 172.16.10.136 (172.16.10.136), Dst: 10.31.130.211 (10.31.130.211)
User Datagram Protocol, Src Port: 61587 (61587), Dst Port: snmp (161)
Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 1659088533
msgMaxSize: 65535
msgFlags: 07
.... .1.. = Reportable: Set
.... ..1. = Encrypted: Set
.... ...1 = Authenticated: Set
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: 800084a303000000000000
msgAuthoritativeEngineBoots: 0
msgAuthoritativeEngineTime: 0
msgUserName: MrBetter
msgAuthenticationParameters: 1ffc3dfedef9a2947fd9c6bb
[Authentication: OK]
[Expert Info (Chat/Checksum): SNMP Authentication OK]
[Message: SNMP Authentication OK]
[Severity level: Chat]
[Group: Checksum]
msgPrivacyParameters: d454b4a134c47db2
msgData: encryptedPDU (1)
encryptedPDU: 5c1cc1c1814af5343f1de8813ea1b1d94d149a867a4eaa8f...
Decrypted ScopedPDU: 3063040b800084a3030000000000000400a35202047829cc...
contextEngineID: 800084a303000000000000
contextName: <MISSING>
data: set-request (3)
No. Time Source Destination Protocol Info
261 49.267412 10.31.130.211 172.16.10.136 SNMP report 1.3.6.1.6.3.15.1.1.2.0
Frame 261: 163 bytes on wire (1304 bits), 163 bytes captured (1304 bits)
Arrival Time: Oct 23, 2011 15:06:35.331162000 Jerusalem Standard Time
Epoch Time: 1319375195.331162000 seconds
[Time delta from previous captured frame: 0.081422000 seconds]
[Time delta from previous displayed frame: 0.902798000 seconds]
[Time since reference or first frame: 49.267412000 seconds]
Frame Number: 261
Frame Length: 163 bytes (1304 bits)
Capture Length: 163 bytes (1304 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:udp:snmp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d), Dst: Vmware_a8:00:cd (00:50:56:a8:00:cd)
Destination: Vmware_a8:00:cd (00:50:56:a8:00:cd)
Source: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
Type: IP (0x0800)
Internet Protocol, Src: 10.31.130.211 (10.31.130.211), Dst: 172.16.10.136 (172.16.10.136)
User Datagram Protocol, Src Port: snmp (161), Dst Port: 61587 (61587)
Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 1659088533
msgMaxSize: 65507
msgFlags: 01
.... .0.. = Reportable: Not set
.... ..0. = Encrypted: Not set
.... ...1 = Authenticated: Set
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: 800084a303000000000000
msgAuthoritativeEngineBoots: 1
msgAuthoritativeEngineTime: 2861
msgUserName: MrBetter
msgAuthenticationParameters: 579447283bb669aeb84ea214
[Authentication: OK]
[Expert Info (Chat/Checksum): SNMP Authentication OK]
[Message: SNMP Authentication OK]
[Severity level: Chat]
[Group: Checksum]
msgPrivacyParameters: <MISSING>
msgData: plaintext (0)
plaintext
No. Time Source Destination Protocol Info
262 49.267973 172.16.10.136 10.31.130.211 SNMP set-request 1.3.6.1.4.1.33955.1.6.1.2.1.1.10.28.10.49.51.49.57.51.55.53.49.57.51 1.3.6.1.4.1.33955.1.6.1.2.1.1.16.28.10.49.51.49.57.51.55.53.49.57.51
Frame 262: 228 bytes on wire (1824 bits), 228 bytes captured (1824 bits)
Arrival Time: Oct 23, 2011 15:06:35.331723000 Jerusalem Standard Time
Epoch Time: 1319375195.331723000 seconds
[Time delta from previous captured frame: 0.000561000 seconds]
[Time delta from previous displayed frame: 0.000561000 seconds]
[Time since reference or first frame: 49.267973000 seconds]
Frame Number: 262
Frame Length: 228 bytes (1824 bits)
Capture Length: 228 bytes (1824 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:udp:snmp]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || mstp.checksum_bad==1]
Ethernet II, Src: Vmware_a8:00:cd (00:50:56:a8:00:cd), Dst: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
Destination: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
Source: Vmware_a8:00:cd (00:50:56:a8:00:cd)
Type: IP (0x0800)
Internet Protocol, Src: 172.16.10.136 (172.16.10.136), Dst: 10.31.130.211 (10.31.130.211)
User Datagram Protocol, Src Port: 61587 (61587), Dst Port: snmp (161)
Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 1659088534
msgMaxSize: 65535
msgFlags: 07
.... .1.. = Reportable: Set
.... ..1. = Encrypted: Set
.... ...1 = Authenticated: Set
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: 800084a303000000000000
msgAuthoritativeEngineBoots: 1
msgAuthoritativeEngineTime: 2861
msgUserName: MrBetter
msgAuthenticationParameters: 5eb84434b01403fd966d2f7f
[Authentication: OK]
[Expert Info (Chat/Checksum): SNMP Authentication OK]
[Message: SNMP Authentication OK]
[Severity level: Chat]
[Group: Checksum]
msgPrivacyParameters: d454b4a134c47db3
msgData: encryptedPDU (1)
encryptedPDU: 179e8d4cbafeb5c27404009541a22c8a89a6c348fcafafd6...
Decrypted ScopedPDU: 3063040b800084a3030000000000000400a35202047829cc...
contextEngineID: 800084a303000000000000
contextName: <MISSING>
data: set-request (3)
No. Time Source Destination Protocol Info
278 52.435699 10.31.130.211 172.16.10.136 SNMP get-response 1.3.6.1.4.1.33955.1.6.1.2.1.1.10.28.10.49.51.49.57.51.55.53.49.57.51 1.3.6.1.4.1.33955.1.6.1.2.1.1.16.28.10.49.51.49.57.51.55.53.49.57.51
Frame 278: 228 bytes on wire (1824 bits), 228 bytes captured (1824 bits)
Arrival Time: Oct 23, 2011 15:06:38.499449000 Jerusalem Standard Time
Epoch Time: 1319375198.499449000 seconds
[Time delta from previous captured frame: 0.551820000 seconds]
[Time delta from previous displayed frame: 3.167726000 seconds]
[Time since reference or first frame: 52.435699000 seconds]
Frame Number: 278
Frame Length: 228 bytes (1824 bits)
Capture Length: 228 bytes (1824 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:udp:snmp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d), Dst: Vmware_a8:00:cd (00:50:56:a8:00:cd)
Destination: Vmware_a8:00:cd (00:50:56:a8:00:cd)
Source: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
Type: IP (0x0800)
Internet Protocol, Src: 10.31.130.211 (10.31.130.211), Dst: 172.16.10.136 (172.16.10.136)
User Datagram Protocol, Src Port: snmp (161), Dst Port: 61587 (61587)
Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 1659088534
msgMaxSize: 65507
msgFlags: 03
.... .0.. = Reportable: Not set
.... ..1. = Encrypted: Set
.... ...1 = Authenticated: Set
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: 800084a303000000000000
msgAuthoritativeEngineBoots: 1
msgAuthoritativeEngineTime: 2864
msgUserName: MrBetter
msgAuthenticationParameters: 60acce3b350fcf1ea1c1da74
[Authentication: OK]
[Expert Info (Chat/Checksum): SNMP Authentication OK]
[Message: SNMP Authentication OK]
[Severity level: Chat]
[Group: Checksum]
msgPrivacyParameters: 4c450787fcbffc8f
msgData: encryptedPDU (1)
encryptedPDU: ee5f69f715a115723e50b91b45dc5c031a099feac59928a1...
Decrypted ScopedPDU: 3063040b800084a3030000000000000400a25202047829cc...
contextEngineID: 800084a303000000000000
contextName: <MISSING>
data: get-response (2)
No. Time Source Destination Protocol Info
319 59.514700 172.16.10.136 10.31.130.211 SNMP Source port: 61587 Destination port: snmp
Frame 319: 227 bytes on wire (1816 bits), 227 bytes captured (1816 bits)
Arrival Time: Oct 23, 2011 15:06:45.578450000 Jerusalem Standard Time
Epoch Time: 1319375205.578450000 seconds
[Time delta from previous captured frame: 1.016220000 seconds]
[Time delta from previous displayed frame: 7.079001000 seconds]
[Time since reference or first frame: 59.514700000 seconds]
Frame Number: 319
Frame Length: 227 bytes (1816 bits)
Capture Length: 227 bytes (1816 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:udp:snmp]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || mstp.checksum_bad==1]
Ethernet II, Src: Vmware_a8:00:cd (00:50:56:a8:00:cd), Dst: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
Destination: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
Source: Vmware_a8:00:cd (00:50:56:a8:00:cd)
Type: IP (0x0800)
Internet Protocol, Src: 172.16.10.136 (172.16.10.136), Dst: 10.31.130.211 (10.31.130.211)
User Datagram Protocol, Src Port: 61587 (61587), Dst Port: snmp (161)
Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 1659088535
msgMaxSize: 65535
msgFlags: 07
.... .1.. = Reportable: Set
.... ..1. = Encrypted: Set
.... ...1 = Authenticated: Set
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: 800084a303000000000000
msgAuthoritativeEngineBoots: 0
msgAuthoritativeEngineTime: 7
msgUserName: MrBetter
msgAuthenticationParameters: bd7d316fe0c9150f73cef028
[Authentication: Failed calculated = 0b f5 d0 43 d2 a5 8f 3f 24 3a 76 1f]
[Expert Info (Warn/Checksum): SNMP Authentication Error]
[Message: SNMP Authentication Error]
[Severity level: Warn]
[Group: Checksum]
msgPrivacyParameters: d454b4a134c47db6
msgData: encryptedPDU (1)
encryptedPDU: c61e4435a2fa3229f921f4764ba79a622de31d4ddbc85017...
Decrypted ScopedPDU: 928470e411e135c67707c5ee918fc738865e9cdd7e4c5db4...
BER Error: Sequence expected but class:CONTEXT(2) primitive tag:18 was unexpected
[Expert Info (Warn/Malformed): BER Error: Sequence expected]
[Message: BER Error: Sequence expected]
[Severity level: Warn]
[Group: Malformed]
No. Time Source Destination Protocol Info
320 61.119184 10.31.130.211 172.16.10.136 SNMP report 1.3.6.1.6.3.15.1.1.5.0
Frame 320: 151 bytes on wire (1208 bits), 151 bytes captured (1208 bits)
Arrival Time: Oct 23, 2011 15:06:47.182934000 Jerusalem Standard Time
Epoch Time: 1319375207.182934000 seconds
[Time delta from previous captured frame: 1.604484000 seconds]
[Time delta from previous displayed frame: 1.604484000 seconds]
[Time since reference or first frame: 61.119184000 seconds]
Frame Number: 320
Frame Length: 151 bytes (1208 bits)
Capture Length: 151 bytes (1208 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:udp:snmp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d), Dst: Vmware_a8:00:cd (00:50:56:a8:00:cd)
Destination: Vmware_a8:00:cd (00:50:56:a8:00:cd)
Source: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
Type: IP (0x0800)
Internet Protocol, Src: 10.31.130.211 (10.31.130.211), Dst: 172.16.10.136 (172.16.10.136)
User Datagram Protocol, Src Port: snmp (161), Dst Port: 61587 (61587)
Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 1659088535
msgMaxSize: 65507
msgFlags: 00
.... .0.. = Reportable: Not set
.... ..0. = Encrypted: Not set
.... ...0 = Authenticated: Not set
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: 800084a303000000000000
msgAuthoritativeEngineBoots: 1
msgAuthoritativeEngineTime: 2873
msgUserName: MrBetter
msgAuthenticationParameters: <MISSING>
msgPrivacyParameters: <MISSING>
msgData: plaintext (0)
plaintext
More information about the SNMP4J
mailing list