Hi guys, We have a simple manager built over SNMP4J where we encounter the following situation:
1. Manager is trying to discover agent's engine id 2. Agent is returning report in response 3. Manager is sending set request 4. Agent is sending usmStatsNotInTimeWindows report 5. Manager tries to recover (I think) and sends another set request, agent responds 6. After 7 secs, manager seems to send another request, which cannot be decrypted by wireshark, and is answered by usmStatsWrongDigests which my java wrapper then receives in the response pdu. Please see wireshark log below. Would very much appreciate your assistance on this. Thanks and regards, Adi No. Time Source Destination Protocol Info 248 47.515406 172.16.10.136 10.31.130.211 SNMP set-request Frame 248: 103 bytes on wire (824 bits), 103 bytes captured (824 bits) Arrival Time: Oct 23, 2011 15:06:33.579156000 Jerusalem Standard Time Epoch Time: 1319375193.579156000 seconds [Time delta from previous captured frame: 0.002905000 seconds] [Time delta from previous displayed frame: 5.038972000 seconds] [Time since reference or first frame: 47.515406000 seconds] Frame Number: 248 Frame Length: 103 bytes (824 bits) Capture Length: 103 bytes (824 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:udp:snmp] [Coloring Rule Name: Checksum Errors] [Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || mstp.checksum_bad==1] Ethernet II, Src: Vmware_a8:00:cd (00:50:56:a8:00:cd), Dst: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d) Destination: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d) Source: Vmware_a8:00:cd (00:50:56:a8:00:cd) Type: IP (0x0800) Internet Protocol, Src: 172.16.10.136 (172.16.10.136), Dst: 10.31.130.211 (10.31.130.211) User Datagram Protocol, Src Port: 61587 (61587), Dst Port: snmp (161) Simple Network Management Protocol msgVersion: snmpv3 (3) msgGlobalData msgID: 1659088532 msgMaxSize: 65535 msgFlags: 04 .... .1.. = Reportable: Set .... ..0. = Encrypted: Not set .... ...0 = Authenticated: Not set msgSecurityModel: USM (3) msgAuthoritativeEngineID: <MISSING> msgAuthoritativeEngineBoots: 0 msgAuthoritativeEngineTime: 0 msgUserName: msgAuthenticationParameters: <MISSING> msgPrivacyParameters: <MISSING> msgData: plaintext (0) plaintext No. Time Source Destination Protocol Info 253 48.330148 10.31.130.211 172.16.10.136 SNMP report 1.3.6.1.6.3.15.1.1.4.0 Frame 253: 143 bytes on wire (1144 bits), 143 bytes captured (1144 bits) Arrival Time: Oct 23, 2011 15:06:34.393898000 Jerusalem Standard Time Epoch Time: 1319375194.393898000 seconds [Time delta from previous captured frame: 0.206651000 seconds] [Time delta from previous displayed frame: 0.814742000 seconds] [Time since reference or first frame: 48.330148000 seconds] Frame Number: 253 Frame Length: 143 bytes (1144 bits) Capture Length: 143 bytes (1144 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:udp:snmp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d), Dst: Vmware_a8:00:cd (00:50:56:a8:00:cd) Destination: Vmware_a8:00:cd (00:50:56:a8:00:cd) Source: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d) Type: IP (0x0800) Internet Protocol, Src: 10.31.130.211 (10.31.130.211), Dst: 172.16.10.136 (172.16.10.136) User Datagram Protocol, Src Port: snmp (161), Dst Port: 61587 (61587) Simple Network Management Protocol msgVersion: snmpv3 (3) msgGlobalData msgID: 1659088532 msgMaxSize: 65507 msgFlags: 00 .... .0.. = Reportable: Not set .... ..0. = Encrypted: Not set .... ...0 = Authenticated: Not set msgSecurityModel: USM (3) msgAuthoritativeEngineID: 800084a303000000000000 msgAuthoritativeEngineBoots: 1 msgAuthoritativeEngineTime: 2860 msgUserName: msgAuthenticationParameters: <MISSING> msgPrivacyParameters: <MISSING> msgData: plaintext (0) plaintext No. Time Source Destination Protocol Info 254 48.364614 172.16.10.136 10.31.130.211 SNMP set-request 1.3.6.1.4.1.33955.1.6.1.2.1.1.10.28.10.49.51.49.57.51.55.53.49.57.51 1.3.6.1.4.1.33955.1.6.1.2.1.1.16.28.10.49.51.49.57.51.55.53.49.57.51 Frame 254: 227 bytes on wire (1816 bits), 227 bytes captured (1816 bits) Arrival Time: Oct 23, 2011 15:06:34.428364000 Jerusalem Standard Time Epoch Time: 1319375194.428364000 seconds [Time delta from previous captured frame: 0.034466000 seconds] [Time delta from previous displayed frame: 0.034466000 seconds] [Time since reference or first frame: 48.364614000 seconds] Frame Number: 254 Frame Length: 227 bytes (1816 bits) Capture Length: 227 bytes (1816 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:udp:snmp] [Coloring Rule Name: Checksum Errors] [Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || mstp.checksum_bad==1] Ethernet II, Src: Vmware_a8:00:cd (00:50:56:a8:00:cd), Dst: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d) Destination: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d) Source: Vmware_a8:00:cd (00:50:56:a8:00:cd) Type: IP (0x0800) Internet Protocol, Src: 172.16.10.136 (172.16.10.136), Dst: 10.31.130.211 (10.31.130.211) User Datagram Protocol, Src Port: 61587 (61587), Dst Port: snmp (161) Simple Network Management Protocol msgVersion: snmpv3 (3) msgGlobalData msgID: 1659088533 msgMaxSize: 65535 msgFlags: 07 .... .1.. = Reportable: Set .... ..1. = Encrypted: Set .... ...1 = Authenticated: Set msgSecurityModel: USM (3) msgAuthoritativeEngineID: 800084a303000000000000 msgAuthoritativeEngineBoots: 0 msgAuthoritativeEngineTime: 0 msgUserName: MrBetter msgAuthenticationParameters: 1ffc3dfedef9a2947fd9c6bb [Authentication: OK] [Expert Info (Chat/Checksum): SNMP Authentication OK] [Message: SNMP Authentication OK] [Severity level: Chat] [Group: Checksum] msgPrivacyParameters: d454b4a134c47db2 msgData: encryptedPDU (1) encryptedPDU: 5c1cc1c1814af5343f1de8813ea1b1d94d149a867a4eaa8f... Decrypted ScopedPDU: 3063040b800084a3030000000000000400a35202047829cc... contextEngineID: 800084a303000000000000 contextName: <MISSING> data: set-request (3) No. Time Source Destination Protocol Info 261 49.267412 10.31.130.211 172.16.10.136 SNMP report 1.3.6.1.6.3.15.1.1.2.0 Frame 261: 163 bytes on wire (1304 bits), 163 bytes captured (1304 bits) Arrival Time: Oct 23, 2011 15:06:35.331162000 Jerusalem Standard Time Epoch Time: 1319375195.331162000 seconds [Time delta from previous captured frame: 0.081422000 seconds] [Time delta from previous displayed frame: 0.902798000 seconds] [Time since reference or first frame: 49.267412000 seconds] Frame Number: 261 Frame Length: 163 bytes (1304 bits) Capture Length: 163 bytes (1304 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:udp:snmp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d), Dst: Vmware_a8:00:cd (00:50:56:a8:00:cd) Destination: Vmware_a8:00:cd (00:50:56:a8:00:cd) Source: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d) Type: IP (0x0800) Internet Protocol, Src: 10.31.130.211 (10.31.130.211), Dst: 172.16.10.136 (172.16.10.136) User Datagram Protocol, Src Port: snmp (161), Dst Port: 61587 (61587) Simple Network Management Protocol msgVersion: snmpv3 (3) msgGlobalData msgID: 1659088533 msgMaxSize: 65507 msgFlags: 01 .... .0.. = Reportable: Not set .... ..0. = Encrypted: Not set .... ...1 = Authenticated: Set msgSecurityModel: USM (3) msgAuthoritativeEngineID: 800084a303000000000000 msgAuthoritativeEngineBoots: 1 msgAuthoritativeEngineTime: 2861 msgUserName: MrBetter msgAuthenticationParameters: 579447283bb669aeb84ea214 [Authentication: OK] [Expert Info (Chat/Checksum): SNMP Authentication OK] [Message: SNMP Authentication OK] [Severity level: Chat] [Group: Checksum] msgPrivacyParameters: <MISSING> msgData: plaintext (0) plaintext No. Time Source Destination Protocol Info 262 49.267973 172.16.10.136 10.31.130.211 SNMP set-request 1.3.6.1.4.1.33955.1.6.1.2.1.1.10.28.10.49.51.49.57.51.55.53.49.57.51 1.3.6.1.4.1.33955.1.6.1.2.1.1.16.28.10.49.51.49.57.51.55.53.49.57.51 Frame 262: 228 bytes on wire (1824 bits), 228 bytes captured (1824 bits) Arrival Time: Oct 23, 2011 15:06:35.331723000 Jerusalem Standard Time Epoch Time: 1319375195.331723000 seconds [Time delta from previous captured frame: 0.000561000 seconds] [Time delta from previous displayed frame: 0.000561000 seconds] [Time since reference or first frame: 49.267973000 seconds] Frame Number: 262 Frame Length: 228 bytes (1824 bits) Capture Length: 228 bytes (1824 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:udp:snmp] [Coloring Rule Name: Checksum Errors] [Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || mstp.checksum_bad==1] Ethernet II, Src: Vmware_a8:00:cd (00:50:56:a8:00:cd), Dst: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d) Destination: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d) Source: Vmware_a8:00:cd (00:50:56:a8:00:cd) Type: IP (0x0800) Internet Protocol, Src: 172.16.10.136 (172.16.10.136), Dst: 10.31.130.211 (10.31.130.211) User Datagram Protocol, Src Port: 61587 (61587), Dst Port: snmp (161) Simple Network Management Protocol msgVersion: snmpv3 (3) msgGlobalData msgID: 1659088534 msgMaxSize: 65535 msgFlags: 07 .... .1.. = Reportable: Set .... ..1. = Encrypted: Set .... ...1 = Authenticated: Set msgSecurityModel: USM (3) msgAuthoritativeEngineID: 800084a303000000000000 msgAuthoritativeEngineBoots: 1 msgAuthoritativeEngineTime: 2861 msgUserName: MrBetter msgAuthenticationParameters: 5eb84434b01403fd966d2f7f [Authentication: OK] [Expert Info (Chat/Checksum): SNMP Authentication OK] [Message: SNMP Authentication OK] [Severity level: Chat] [Group: Checksum] msgPrivacyParameters: d454b4a134c47db3 msgData: encryptedPDU (1) encryptedPDU: 179e8d4cbafeb5c27404009541a22c8a89a6c348fcafafd6... Decrypted ScopedPDU: 3063040b800084a3030000000000000400a35202047829cc... contextEngineID: 800084a303000000000000 contextName: <MISSING> data: set-request (3) No. Time Source Destination Protocol Info 278 52.435699 10.31.130.211 172.16.10.136 SNMP get-response 1.3.6.1.4.1.33955.1.6.1.2.1.1.10.28.10.49.51.49.57.51.55.53.49.57.51 1.3.6.1.4.1.33955.1.6.1.2.1.1.16.28.10.49.51.49.57.51.55.53.49.57.51 Frame 278: 228 bytes on wire (1824 bits), 228 bytes captured (1824 bits) Arrival Time: Oct 23, 2011 15:06:38.499449000 Jerusalem Standard Time Epoch Time: 1319375198.499449000 seconds [Time delta from previous captured frame: 0.551820000 seconds] [Time delta from previous displayed frame: 3.167726000 seconds] [Time since reference or first frame: 52.435699000 seconds] Frame Number: 278 Frame Length: 228 bytes (1824 bits) Capture Length: 228 bytes (1824 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:udp:snmp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d), Dst: Vmware_a8:00:cd (00:50:56:a8:00:cd) Destination: Vmware_a8:00:cd (00:50:56:a8:00:cd) Source: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d) Type: IP (0x0800) Internet Protocol, Src: 10.31.130.211 (10.31.130.211), Dst: 172.16.10.136 (172.16.10.136) User Datagram Protocol, Src Port: snmp (161), Dst Port: 61587 (61587) Simple Network Management Protocol msgVersion: snmpv3 (3) msgGlobalData msgID: 1659088534 msgMaxSize: 65507 msgFlags: 03 .... .0.. = Reportable: Not set .... ..1. = Encrypted: Set .... ...1 = Authenticated: Set msgSecurityModel: USM (3) msgAuthoritativeEngineID: 800084a303000000000000 msgAuthoritativeEngineBoots: 1 msgAuthoritativeEngineTime: 2864 msgUserName: MrBetter msgAuthenticationParameters: 60acce3b350fcf1ea1c1da74 [Authentication: OK] [Expert Info (Chat/Checksum): SNMP Authentication OK] [Message: SNMP Authentication OK] [Severity level: Chat] [Group: Checksum] msgPrivacyParameters: 4c450787fcbffc8f msgData: encryptedPDU (1) encryptedPDU: ee5f69f715a115723e50b91b45dc5c031a099feac59928a1... Decrypted ScopedPDU: 3063040b800084a3030000000000000400a25202047829cc... contextEngineID: 800084a303000000000000 contextName: <MISSING> data: get-response (2) No. Time Source Destination Protocol Info 319 59.514700 172.16.10.136 10.31.130.211 SNMP Source port: 61587 Destination port: snmp Frame 319: 227 bytes on wire (1816 bits), 227 bytes captured (1816 bits) Arrival Time: Oct 23, 2011 15:06:45.578450000 Jerusalem Standard Time Epoch Time: 1319375205.578450000 seconds [Time delta from previous captured frame: 1.016220000 seconds] [Time delta from previous displayed frame: 7.079001000 seconds] [Time since reference or first frame: 59.514700000 seconds] Frame Number: 319 Frame Length: 227 bytes (1816 bits) Capture Length: 227 bytes (1816 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:udp:snmp] [Coloring Rule Name: Checksum Errors] [Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || mstp.checksum_bad==1] Ethernet II, Src: Vmware_a8:00:cd (00:50:56:a8:00:cd), Dst: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d) Destination: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d) Source: Vmware_a8:00:cd (00:50:56:a8:00:cd) Type: IP (0x0800) Internet Protocol, Src: 172.16.10.136 (172.16.10.136), Dst: 10.31.130.211 (10.31.130.211) User Datagram Protocol, Src Port: 61587 (61587), Dst Port: snmp (161) Simple Network Management Protocol msgVersion: snmpv3 (3) msgGlobalData msgID: 1659088535 msgMaxSize: 65535 msgFlags: 07 .... .1.. = Reportable: Set .... ..1. = Encrypted: Set .... ...1 = Authenticated: Set msgSecurityModel: USM (3) msgAuthoritativeEngineID: 800084a303000000000000 msgAuthoritativeEngineBoots: 0 msgAuthoritativeEngineTime: 7 msgUserName: MrBetter msgAuthenticationParameters: bd7d316fe0c9150f73cef028 [Authentication: Failed calculated = 0b f5 d0 43 d2 a5 8f 3f 24 3a 76 1f] [Expert Info (Warn/Checksum): SNMP Authentication Error] [Message: SNMP Authentication Error] [Severity level: Warn] [Group: Checksum] msgPrivacyParameters: d454b4a134c47db6 msgData: encryptedPDU (1) encryptedPDU: c61e4435a2fa3229f921f4764ba79a622de31d4ddbc85017... Decrypted ScopedPDU: 928470e411e135c67707c5ee918fc738865e9cdd7e4c5db4... BER Error: Sequence expected but class:CONTEXT(2) primitive tag:18 was unexpected [Expert Info (Warn/Malformed): BER Error: Sequence expected] [Message: BER Error: Sequence expected] [Severity level: Warn] [Group: Malformed] No. Time Source Destination Protocol Info 320 61.119184 10.31.130.211 172.16.10.136 SNMP report 1.3.6.1.6.3.15.1.1.5.0 Frame 320: 151 bytes on wire (1208 bits), 151 bytes captured (1208 bits) Arrival Time: Oct 23, 2011 15:06:47.182934000 Jerusalem Standard Time Epoch Time: 1319375207.182934000 seconds [Time delta from previous captured frame: 1.604484000 seconds] [Time delta from previous displayed frame: 1.604484000 seconds] [Time since reference or first frame: 61.119184000 seconds] Frame Number: 320 Frame Length: 151 bytes (1208 bits) Capture Length: 151 bytes (1208 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:udp:snmp] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d), Dst: Vmware_a8:00:cd (00:50:56:a8:00:cd) Destination: Vmware_a8:00:cd (00:50:56:a8:00:cd) Source: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d) Type: IP (0x0800) Internet Protocol, Src: 10.31.130.211 (10.31.130.211), Dst: 172.16.10.136 (172.16.10.136) User Datagram Protocol, Src Port: snmp (161), Dst Port: 61587 (61587) Simple Network Management Protocol msgVersion: snmpv3 (3) msgGlobalData msgID: 1659088535 msgMaxSize: 65507 msgFlags: 00 .... .0.. = Reportable: Not set .... ..0. = Encrypted: Not set .... ...0 = Authenticated: Not set msgSecurityModel: USM (3) msgAuthoritativeEngineID: 800084a303000000000000 msgAuthoritativeEngineBoots: 1 msgAuthoritativeEngineTime: 2873 msgUserName: MrBetter msgAuthenticationParameters: <MISSING> msgPrivacyParameters: <MISSING> msgData: plaintext (0) plaintext _______________________________________________ SNMP4J mailing list SNMP4J@agentpp.org http://lists.agentpp.org/mailman/listinfo/snmp4j
