Re: net-SNMP on windows getting decryption error

Mark Christiansen Mon, 29 Oct 2018 06:35:33 -0700

On Sun, Oct 28, 2018 at 7:30 PM Bart Van Assche <bvanass...@acm.org> wrote:


> On 10/23/18 6:00 AM, Mark Christiansen wrote:
> > Does anybody have ideas of what could be going wrong here?
> >
> > I built net-SNMP 5.8 for my Windows 10 machine. I set up my snmpd.conf
> > file as shown below where I added the same users as I have on my
> > Linux machine called aurelius. I get the following responses when I run
> > snmpgetnext for the two servers:
> >
> > C:\Users\markw>snmpgetnext -v 3 -l authPriv -u user3 -a MD5 -A
> > user3password -x DES -X user3encryption aurelius .1.3
> > SNMPv2-MIB::sysDescr.0 = STRING: Linux aurelius 3.13.0-40-generic
> > #69-Ubuntu SMP Thu Nov 13 17:56:26 UTC 2014 i686
> >
> > C:\Users\markw>snmpgetnext -v 3 -l authPriv -u user3 -a MD5 -A
> > user3password -x DES -X user3encryption localhost .1.3
> > snmpgetnext: Decryption error
>
> The behavior of the encryption code should be consistent on Windows and
> Linux, at least if both have been compiled with the same encryption
> support (OpenSSL or internal). Adding appropriate debug flags at the
> agent and client side will probably provide a better insight in what's
> going on. Flags that probably will yield interesting information are -d
> and -D
>
> netsnmp_udp_parse_security,netsnmp_udp6_parse_security,netsnmp_unix_parse_security,tls,tsm.
>
>
Thanks, Bart.

Okay, I ran the following on my Linux box using net-snmp version 5.7.2 for
a baseline of what I can expect to happen.

markwc@aurelius ~$ snmpgetnext -v 2c -u user1 -c public localhost .1.3
iso.3.6.1.2.1.1.1.0 = STRING: "Linux aurelius 3.13.0-40-generic #69-Ubuntu
SMP Thu Nov 13 17:56:26 UTC 2014 i686"
markwc@aurelius ~$ snmpgetnext -v 3 -l auth -u user2 -a MD5 -A
user2password localhost .1.3
iso.3.6.1.2.1.1.1.0 = STRING: "Linux aurelius 3.13.0-40-generic #69-Ubuntu
SMP Thu Nov 13 17:56:26 UTC 2014 i686"
markwc@aurelius ~$ snmpgetnext -v 3 -l authPriv -u user3 -a MD5 -A
user3password -x DES -X user3encryption localhost .1.3
iso.3.6.1.2.1.1.1.0 = STRING: "Linux aurelius 3.13.0-40-generic #69-Ubuntu
SMP Thu Nov 13 17:56:26 UTC 2014 i686"


Then I ran the following on my Windows box with my 5.8 that I built to
access my Linux box.

C:\Users\markw>snmpgetnext -v 2c -c public -u user1 aurelius .1.3
SNMPv2-MIB::sysDescr.0 = STRING: Linux aurelius 3.13.0-40-generic
#69-Ubuntu SMP Thu Nov 13 17:56:26 UTC 2014 i686

C:\Users\markw>snmpgetnext -v 3 -l auth -u user2 -a MD5 -A user2password
aurelius .1.3
SNMPv2-MIB::sysDescr.0 = STRING: Linux aurelius 3.13.0-40-generic
#69-Ubuntu SMP Thu Nov 13 17:56:26 UTC 2014 i686

C:\Users\markw>snmpgetnext -v 3 -l authPriv -u user3 -a MD5 -A
user3password -x DES -X user3encryption aurelius .1.3
SNMPv2-MIB::sysDescr.0 = STRING: Linux aurelius 3.13.0-40-generic
#69-Ubuntu SMP Thu Nov 13 17:56:26 UTC 2014 i686


Finally I ran the following on my Windows box to access the local server:

C:\Users\markw>snmpgetnext -v 2c -c public -u user1 localhost .1.3
SNMPv2-MIB::sysDescr.0 = STRING: Windows DESKTOP-6FJOPTT 10.0.17134 Windows
10 Enterprise Intel64 Family 6 Model 26 Stepping 4

C:\Users\markw>snmpgetnext -v 3 -l auth -u user2 -a MD5 -A user2password
localhost .1.3
SNMPv2-MIB::sysDescr.0 = STRING: Windows DESKTOP-6FJOPTT 10.0.17134 Windows
10 Enterprise Intel64 Family 6 Model 26 Stepping 4

C:\Users\markw>snmpgetnext -v 3 -l authPriv -u user3 -a MD5 -A
user3password -x DES -X user3encryption localhost .1.3
snmpgetnext: Decryption error


The attached file contains the output of snmpd for the Windows box calls to
snmpgetnext using the debug options you gave me. I do not know expected
debug outputs. Do we have a guide for that or is there something you can
tell me by looking at the output?

Also, how can I know for sure if I built it to use OpenSSL? Does the fact
that that snmpgetnext works for the version 3 SNMP when talking to the
Linux box indicate that?

Thanks.
Mark.

C:\Users\markw>snmpd -d 
-Dnetsnmp_udp_parse_security,netsnmp_udp6_parse_security,netsnmp_unix_parse_security,tls,tsm
registered debug token netsnmp_udp_parse_security, 1
registered debug token netsnmp_udp6_parse_security, 1
registered debug token netsnmp_unix_parse_security, 1
registered debug token tls, 1
registered debug token tsm, 1
netsnmp_udp_parse_security: <"public", 0.0.0.0/0.0.0.0> => "comm3"
netsnmp_udp_parse_security: <"private", 0.0.0.0/0.0.0.0> => "comm4"
Turning on AgentX master support.
NET-SNMP version 5.8

Received 34 byte packet from UDP: [127.0.0.1]:61065->[127.0.0.1]:161
0000: 30 20 02 01  01 04 06 70  75 62 6C 69  63 A1 13 02    0 .....public¡..
0016: 02 10 48 02  01 00 02 01  00 30 07 30  05 06 01 2B    ..H......0.0...+
0032: 05 00                                                 ..


Sending 135 bytes to UDP: [127.0.0.1]:61065->[127.0.0.1]:161
0000: 30 81 84 02  01 01 04 06  70 75 62 6C  69 63 A2 77    0.,.....public¢w
0016: 02 02 10 48  02 01 00 02  01 00 30 6B  30 69 06 08    ...H......0k0i..
0032: 2B 06 01 02  01 01 01 00  04 5D 57 69  6E 64 6F 77    +........]Window
0048: 73 20 44 45  53 4B 54 4F  50 2D 36 46  4A 4F 50 54    s DESKTOP-6FJOPT
0064: 54 20 31 30  2E 30 2E 31  37 31 33 34  20 57 69 6E    T 10.0.17134 Win
0080: 64 6F 77 73  20 31 30 20  45 6E 74 65  72 70 72 69    dows 10 Enterpri
0096: 73 65 20 49  6E 74 65 6C  36 34 20 46  61 6D 69 6C    se Intel64 Famil
0112: 79 20 36 20  4D 6F 64 65  6C 20 32 36  20 53 74 65    y 6 Model 26 Ste
0128: 70 70 69 6E  67 20 34                                 pping 4


Received 59 byte packet from UDP: [127.0.0.1]:61068->[127.0.0.1]:161
0000: 30 39 02 01  03 30 0E 02  02 3C D9 02  02 05 C0 04    09...0...<U...A.
0016: 01 04 02 01  03 04 10 30  0E 04 00 02  01 00 02 01    .......0........
0032: 00 04 00 04  00 04 00 30  12 04 00 04  00 A0 0C 02    .......0..... ..
0048: 02 13 6A 02  01 00 02 01  00 30 00                    ..j......0.


Sending 110 bytes to UDP: [127.0.0.1]:61068->[127.0.0.1]:161
0000: 30 6C 02 01  03 30 0E 02  02 3C D9 02  02 05 C0 04    0l...0...<U...A.
0016: 01 00 02 01  03 04 21 30  1F 04 11 80  00 1F 88 80    ......!0........
0032: 0C 56 00 00  18 C4 CA 5B  00 00 00 00  02 01 54 02    .V...ÄE[......T.
0048: 01 12 04 00  04 00 04 00  30 34 04 11  80 00 1F 88    ........04......
0064: 80 0C 56 00  00 18 C4 CA  5B 00 00 00  00 04 00 A8    ..V...ÄE[......"
0080: 1D 02 02 13  6A 02 01 00  02 01 00 30  11 30 0F 06    ....j......0.0..
0096: 0A 2B 06 01  06 03 0F 01  01 04 00 41  01 01          .+.........A..


Received 117 byte packet from UDP: [127.0.0.1]:61068->[127.0.0.1]:161
0000: 30 73 02 01  03 30 0E 02  02 3C D8 02  02 05 C0 04    0s...0...<O...A.
0016: 01 05 02 01  03 04 32 30  30 04 11 80  00 1F 88 80    ......200.......
0032: 0C 56 00 00  18 C4 CA 5B  00 00 00 00  02 01 54 02    .V...ÄE[......T.
0048: 01 12 04 05  75 73 65 72  32 04 0C 11  1B 20 5A 27    ....user2.... Z'
0064: D6 B6 1B 77  3E 74 73 04  00 30 2A 04  11 80 00 1F    Ö.w>ts..0*.....
0080: 88 80 0C 56  00 00 18 C4  CA 5B 00 00  00 00 04 00    ...V...ÄE[......
0096: A1 13 02 02  13 69 02 01  00 02 01 00  30 07 30 05    ¡....i......0.0.
0112: 06 01 2B 05  00                                       ..+..


Sending 219 bytes to UDP: [127.0.0.1]:61068->[127.0.0.1]:161
0000: 30 81 D8 02  01 03 30 0E  02 02 3C D8  02 02 05 C0    0.O...0...<O...A
0016: 04 01 01 02  01 03 04 32  30 30 04 11  80 00 1F 88    .......200......
0032: 80 0C 56 00  00 18 C4 CA  5B 00 00 00  00 02 01 54    ..V...ÄE[......T
0048: 02 01 12 04  05 75 73 65  72 32 04 0C  2F 1C 9A D0    .....user2../.sD
0064: C9 02 F5 43  68 46 B4 5A  04 00 30 81  8E 04 11 80    É.oChF'Z..0.Z...
0080: 00 1F 88 80  0C 56 00 00  18 C4 CA 5B  00 00 00 00    .....V...ÄE[....
0096: 04 00 A2 77  02 02 13 69  02 01 00 02  01 00 30 6B    ..¢w...i......0k
0112: 30 69 06 08  2B 06 01 02  01 01 01 00  04 5D 57 69    0i..+........]Wi
0128: 6E 64 6F 77  73 20 44 45  53 4B 54 4F  50 2D 36 46    ndows DESKTOP-6F
0144: 4A 4F 50 54  54 20 31 30  2E 30 2E 31  37 31 33 34    JOPTT 10.0.17134
0160: 20 57 69 6E  64 6F 77 73  20 31 30 20  45 6E 74 65     Windows 10 Ente
0176: 72 70 72 69  73 65 20 49  6E 74 65 6C  36 34 20 46    rprise Intel64 F
0192: 61 6D 69 6C  79 20 36 20  4D 6F 64 65  6C 20 32 36    amily 6 Model 26
0208: 20 53 74 65  70 70 69 6E  67 20 34                     Stepping 4


Received 59 byte packet from UDP: [127.0.0.1]:50250->[127.0.0.1]:161
0000: 30 39 02 01  03 30 0E 02  02 67 97 02  02 05 C0 04    09...0...g-...A.
0016: 01 04 02 01  03 04 10 30  0E 04 00 02  01 00 02 01    .......0........
0032: 00 04 00 04  00 04 00 30  12 04 00 04  00 A0 0C 02    .......0..... ..
0048: 02 62 7A 02  01 00 02 01  00 30 00                    .bz......0.


Sending 110 bytes to UDP: [127.0.0.1]:50250->[127.0.0.1]:161
0000: 30 6C 02 01  03 30 0E 02  02 67 97 02  02 05 C0 04    0l...0...g-...A.
0016: 01 00 02 01  03 04 21 30  1F 04 11 80  00 1F 88 80    ......!0........
0032: 0C 56 00 00  18 C4 CA 5B  00 00 00 00  02 01 54 02    .V...ÄE[......T.
0048: 01 1D 04 00  04 00 04 00  30 34 04 11  80 00 1F 88    ........04......
0064: 80 0C 56 00  00 18 C4 CA  5B 00 00 00  00 04 00 A8    ..V...ÄE[......"
0080: 1D 02 02 62  7A 02 01 00  02 01 00 30  11 30 0F 06    ...bz......0.0..
0096: 0A 2B 06 01  06 03 0F 01  01 04 00 41  01 02          .+.........A..


Received 132 byte packet from UDP: [127.0.0.1]:50250->[127.0.0.1]:161
0000: 30 81 81 02  01 03 30 0E  02 02 67 96  02 02 05 C0    0.....0...g-...A
0016: 04 01 07 02  01 03 04 3A  30 38 04 11  80 00 1F 88    .......:08......
0032: 80 0C 56 00  00 18 C4 CA  5B 00 00 00  00 02 01 54    ..V...ÄE[......T
0048: 02 01 1D 04  05 75 73 65  72 33 04 0C  DD E7 1A FA    .....user3..Yç.ú
0064: A7 F9 75 85  25 2E E2 56  04 08 00 00  00 01 DB E2    ùu.%.âV......Uâ
0080: 9D 63 04 30  07 94 28 0C  93 B3 DE 00  2D 73 59 A3    .c.0."(."3_.-sY£
0096: A1 16 F8 11  23 99 70 CD  0C BB 66 6A  B9 21 28 2D    ¡.o.#.pI.»fj1!(-
0112: BC 35 E2 F0  B5 35 64 EF  29 75 35 D7  FD 86 29 96    ¼5âdµ5dï)u5xy+)-
0128: 42 75 B6 C2                                           BuA


Sending 114 bytes to UDP: [127.0.0.1]:50250->[127.0.0.1]:161
0000: 30 70 02 01  03 30 0E 02  02 67 96 02  02 05 C0 04    0p...0...g-...A.
0016: 01 00 02 01  03 04 26 30  24 04 11 80  00 1F 88 80    ......&0$.......
0032: 0C 56 00 00  18 C4 CA 5B  00 00 00 00  02 01 54 02    .V...ÄE[......T.
0048: 01 1D 04 05  75 73 65 72  33 04 00 04  00 30 33 04    ....user3....03.
0064: 11 80 00 1F  88 80 0C 56  00 00 18 C4  CA 5B 00 00    .......V...ÄE[..
0080: 00 00 04 00  A8 1C 02 01  00 02 01 00  02 01 00 30    ...."..........0
0096: 11 30 0F 06  0A 2B 06 01  06 03 0F 01  01 06 00 41    .0...+.........A
0112: 01 01                                                 ..

_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: net-SNMP on windows getting decryption error

Reply via email to