Hi Adi, The problem seems to be that the manager (SNMP4J) resets its MPv3 cache, because enigne boots and engine time are reset (0 and 7 instead 1 and 2861+7+x).
At time x after the first successful request was sent, someone deleted the Snmp instance and/or the contained MPv3 object or used a second Snmp instance with a new MPv3 instance which did not had any cache entry for the specific SNMPv3 target engine ID. Best regards, Frank Am 25.10.2011 13:38, schrieb Adi Leibovich: > Hi guys, > > We have a simple manager built over SNMP4J where we encounter the following > situation: > > 1. Manager is trying to discover agent's engine id > 2. Agent is returning report in response > 3. Manager is sending set request > 4. Agent is sending usmStatsNotInTimeWindows report > 5. Manager tries to recover (I think) and sends another set request, agent > responds > 6. After 7 secs, manager seems to send another request, which cannot be > decrypted by wireshark, and is answered by usmStatsWrongDigests which my java > wrapper then receives in the response pdu. > > Please see wireshark log below. Would very much appreciate your assistance on > this. > > Thanks and regards, > Adi > > > > No. Time Source Destination Protocol Info > 248 47.515406 172.16.10.136 10.31.130.211 SNMP > set-request > > Frame 248: 103 bytes on wire (824 bits), 103 bytes captured (824 bits) > Arrival Time: Oct 23, 2011 15:06:33.579156000 Jerusalem Standard Time > Epoch Time: 1319375193.579156000 seconds > [Time delta from previous captured frame: 0.002905000 seconds] > [Time delta from previous displayed frame: 5.038972000 seconds] > [Time since reference or first frame: 47.515406000 seconds] > Frame Number: 248 > Frame Length: 103 bytes (824 bits) > Capture Length: 103 bytes (824 bits) > [Frame is marked: False] > [Frame is ignored: False] > [Protocols in frame: eth:ip:udp:snmp] > [Coloring Rule Name: Checksum Errors] > [Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || > ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || > mstp.checksum_bad==1] > Ethernet II, Src: Vmware_a8:00:cd (00:50:56:a8:00:cd), Dst: Cisco_d3:f5:5d > (e0:5f:b9:d3:f5:5d) > Destination: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d) > Source: Vmware_a8:00:cd (00:50:56:a8:00:cd) > Type: IP (0x0800) > Internet Protocol, Src: 172.16.10.136 (172.16.10.136), Dst: 10.31.130.211 > (10.31.130.211) > User Datagram Protocol, Src Port: 61587 (61587), Dst Port: snmp (161) > Simple Network Management Protocol > msgVersion: snmpv3 (3) > msgGlobalData > msgID: 1659088532 > msgMaxSize: 65535 > msgFlags: 04 > .... .1.. = Reportable: Set > .... ..0. = Encrypted: Not set > .... ...0 = Authenticated: Not set > msgSecurityModel: USM (3) > msgAuthoritativeEngineID:<MISSING> > msgAuthoritativeEngineBoots: 0 > msgAuthoritativeEngineTime: 0 > msgUserName: > msgAuthenticationParameters:<MISSING> > msgPrivacyParameters:<MISSING> > msgData: plaintext (0) > plaintext > > No. Time Source Destination Protocol Info > 253 48.330148 10.31.130.211 172.16.10.136 SNMP > report 1.3.6.1.6.3.15.1.1.4.0 > > Frame 253: 143 bytes on wire (1144 bits), 143 bytes captured (1144 bits) > Arrival Time: Oct 23, 2011 15:06:34.393898000 Jerusalem Standard Time > Epoch Time: 1319375194.393898000 seconds > [Time delta from previous captured frame: 0.206651000 seconds] > [Time delta from previous displayed frame: 0.814742000 seconds] > [Time since reference or first frame: 48.330148000 seconds] > Frame Number: 253 > Frame Length: 143 bytes (1144 bits) > Capture Length: 143 bytes (1144 bits) > [Frame is marked: False] > [Frame is ignored: False] > [Protocols in frame: eth:ip:udp:snmp] > [Coloring Rule Name: UDP] > [Coloring Rule String: udp] > Ethernet II, Src: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d), Dst: Vmware_a8:00:cd > (00:50:56:a8:00:cd) > Destination: Vmware_a8:00:cd (00:50:56:a8:00:cd) > Source: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d) > Type: IP (0x0800) > Internet Protocol, Src: 10.31.130.211 (10.31.130.211), Dst: 172.16.10.136 > (172.16.10.136) > User Datagram Protocol, Src Port: snmp (161), Dst Port: 61587 (61587) > Simple Network Management Protocol > msgVersion: snmpv3 (3) > msgGlobalData > msgID: 1659088532 > msgMaxSize: 65507 > msgFlags: 00 > .... .0.. = Reportable: Not set > .... ..0. = Encrypted: Not set > .... ...0 = Authenticated: Not set > msgSecurityModel: USM (3) > msgAuthoritativeEngineID: 800084a303000000000000 > msgAuthoritativeEngineBoots: 1 > msgAuthoritativeEngineTime: 2860 > msgUserName: > msgAuthenticationParameters:<MISSING> > msgPrivacyParameters:<MISSING> > msgData: plaintext (0) > plaintext > > No. Time Source Destination Protocol Info > 254 48.364614 172.16.10.136 10.31.130.211 SNMP > set-request > 1.3.6.1.4.1.33955.1.6.1.2.1.1.10.28.10.49.51.49.57.51.55.53.49.57.51 > 1.3.6.1.4.1.33955.1.6.1.2.1.1.16.28.10.49.51.49.57.51.55.53.49.57.51 > > Frame 254: 227 bytes on wire (1816 bits), 227 bytes captured (1816 bits) > Arrival Time: Oct 23, 2011 15:06:34.428364000 Jerusalem Standard Time > Epoch Time: 1319375194.428364000 seconds > [Time delta from previous captured frame: 0.034466000 seconds] > [Time delta from previous displayed frame: 0.034466000 seconds] > [Time since reference or first frame: 48.364614000 seconds] > Frame Number: 254 > Frame Length: 227 bytes (1816 bits) > Capture Length: 227 bytes (1816 bits) > [Frame is marked: False] > [Frame is ignored: False] > [Protocols in frame: eth:ip:udp:snmp] > [Coloring Rule Name: Checksum Errors] > [Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || > ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || > mstp.checksum_bad==1] > Ethernet II, Src: Vmware_a8:00:cd (00:50:56:a8:00:cd), Dst: Cisco_d3:f5:5d > (e0:5f:b9:d3:f5:5d) > Destination: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d) > Source: Vmware_a8:00:cd (00:50:56:a8:00:cd) > Type: IP (0x0800) > Internet Protocol, Src: 172.16.10.136 (172.16.10.136), Dst: 10.31.130.211 > (10.31.130.211) > User Datagram Protocol, Src Port: 61587 (61587), Dst Port: snmp (161) > Simple Network Management Protocol > msgVersion: snmpv3 (3) > msgGlobalData > msgID: 1659088533 > msgMaxSize: 65535 > msgFlags: 07 > .... .1.. = Reportable: Set > .... ..1. = Encrypted: Set > .... ...1 = Authenticated: Set > msgSecurityModel: USM (3) > msgAuthoritativeEngineID: 800084a303000000000000 > msgAuthoritativeEngineBoots: 0 > msgAuthoritativeEngineTime: 0 > msgUserName: MrBetter > msgAuthenticationParameters: 1ffc3dfedef9a2947fd9c6bb > [Authentication: OK] > [Expert Info (Chat/Checksum): SNMP Authentication OK] > [Message: SNMP Authentication OK] > [Severity level: Chat] > [Group: Checksum] > msgPrivacyParameters: d454b4a134c47db2 > msgData: encryptedPDU (1) > encryptedPDU: 5c1cc1c1814af5343f1de8813ea1b1d94d149a867a4eaa8f... > Decrypted ScopedPDU: > 3063040b800084a3030000000000000400a35202047829cc... > contextEngineID: 800084a303000000000000 > contextName:<MISSING> > data: set-request (3) > > No. Time Source Destination Protocol Info > 261 49.267412 10.31.130.211 172.16.10.136 SNMP > report 1.3.6.1.6.3.15.1.1.2.0 > > Frame 261: 163 bytes on wire (1304 bits), 163 bytes captured (1304 bits) > Arrival Time: Oct 23, 2011 15:06:35.331162000 Jerusalem Standard Time > Epoch Time: 1319375195.331162000 seconds > [Time delta from previous captured frame: 0.081422000 seconds] > [Time delta from previous displayed frame: 0.902798000 seconds] > [Time since reference or first frame: 49.267412000 seconds] > Frame Number: 261 > Frame Length: 163 bytes (1304 bits) > Capture Length: 163 bytes (1304 bits) > [Frame is marked: False] > [Frame is ignored: False] > [Protocols in frame: eth:ip:udp:snmp] > [Coloring Rule Name: UDP] > [Coloring Rule String: udp] > Ethernet II, Src: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d), Dst: Vmware_a8:00:cd > (00:50:56:a8:00:cd) > Destination: Vmware_a8:00:cd (00:50:56:a8:00:cd) > Source: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d) > Type: IP (0x0800) > Internet Protocol, Src: 10.31.130.211 (10.31.130.211), Dst: 172.16.10.136 > (172.16.10.136) > User Datagram Protocol, Src Port: snmp (161), Dst Port: 61587 (61587) > Simple Network Management Protocol > msgVersion: snmpv3 (3) > msgGlobalData > msgID: 1659088533 > msgMaxSize: 65507 > msgFlags: 01 > .... .0.. = Reportable: Not set > .... ..0. = Encrypted: Not set > .... ...1 = Authenticated: Set > msgSecurityModel: USM (3) > msgAuthoritativeEngineID: 800084a303000000000000 > msgAuthoritativeEngineBoots: 1 > msgAuthoritativeEngineTime: 2861 > msgUserName: MrBetter > msgAuthenticationParameters: 579447283bb669aeb84ea214 > [Authentication: OK] > [Expert Info (Chat/Checksum): SNMP Authentication OK] > [Message: SNMP Authentication OK] > [Severity level: Chat] > [Group: Checksum] > msgPrivacyParameters:<MISSING> > msgData: plaintext (0) > plaintext > > No. Time Source Destination Protocol Info > 262 49.267973 172.16.10.136 10.31.130.211 SNMP > set-request > 1.3.6.1.4.1.33955.1.6.1.2.1.1.10.28.10.49.51.49.57.51.55.53.49.57.51 > 1.3.6.1.4.1.33955.1.6.1.2.1.1.16.28.10.49.51.49.57.51.55.53.49.57.51 > > Frame 262: 228 bytes on wire (1824 bits), 228 bytes captured (1824 bits) > Arrival Time: Oct 23, 2011 15:06:35.331723000 Jerusalem Standard Time > Epoch Time: 1319375195.331723000 seconds > [Time delta from previous captured frame: 0.000561000 seconds] > [Time delta from previous displayed frame: 0.000561000 seconds] > [Time since reference or first frame: 49.267973000 seconds] > Frame Number: 262 > Frame Length: 228 bytes (1824 bits) > Capture Length: 228 bytes (1824 bits) > [Frame is marked: False] > [Frame is ignored: False] > [Protocols in frame: eth:ip:udp:snmp] > [Coloring Rule Name: Checksum Errors] > [Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || > ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || > mstp.checksum_bad==1] > Ethernet II, Src: Vmware_a8:00:cd (00:50:56:a8:00:cd), Dst: Cisco_d3:f5:5d > (e0:5f:b9:d3:f5:5d) > Destination: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d) > Source: Vmware_a8:00:cd (00:50:56:a8:00:cd) > Type: IP (0x0800) > Internet Protocol, Src: 172.16.10.136 (172.16.10.136), Dst: 10.31.130.211 > (10.31.130.211) > User Datagram Protocol, Src Port: 61587 (61587), Dst Port: snmp (161) > Simple Network Management Protocol > msgVersion: snmpv3 (3) > msgGlobalData > msgID: 1659088534 > msgMaxSize: 65535 > msgFlags: 07 > .... .1.. = Reportable: Set > .... ..1. = Encrypted: Set > .... ...1 = Authenticated: Set > msgSecurityModel: USM (3) > msgAuthoritativeEngineID: 800084a303000000000000 > msgAuthoritativeEngineBoots: 1 > msgAuthoritativeEngineTime: 2861 > msgUserName: MrBetter > msgAuthenticationParameters: 5eb84434b01403fd966d2f7f > [Authentication: OK] > [Expert Info (Chat/Checksum): SNMP Authentication OK] > [Message: SNMP Authentication OK] > [Severity level: Chat] > [Group: Checksum] > msgPrivacyParameters: d454b4a134c47db3 > msgData: encryptedPDU (1) > encryptedPDU: 179e8d4cbafeb5c27404009541a22c8a89a6c348fcafafd6... > Decrypted ScopedPDU: > 3063040b800084a3030000000000000400a35202047829cc... > contextEngineID: 800084a303000000000000 > contextName:<MISSING> > data: set-request (3) > > No. Time Source Destination Protocol Info > 278 52.435699 10.31.130.211 172.16.10.136 SNMP > get-response > 1.3.6.1.4.1.33955.1.6.1.2.1.1.10.28.10.49.51.49.57.51.55.53.49.57.51 > 1.3.6.1.4.1.33955.1.6.1.2.1.1.16.28.10.49.51.49.57.51.55.53.49.57.51 > > Frame 278: 228 bytes on wire (1824 bits), 228 bytes captured (1824 bits) > Arrival Time: Oct 23, 2011 15:06:38.499449000 Jerusalem Standard Time > Epoch Time: 1319375198.499449000 seconds > [Time delta from previous captured frame: 0.551820000 seconds] > [Time delta from previous displayed frame: 3.167726000 seconds] > [Time since reference or first frame: 52.435699000 seconds] > Frame Number: 278 > Frame Length: 228 bytes (1824 bits) > Capture Length: 228 bytes (1824 bits) > [Frame is marked: False] > [Frame is ignored: False] > [Protocols in frame: eth:ip:udp:snmp] > [Coloring Rule Name: UDP] > [Coloring Rule String: udp] > Ethernet II, Src: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d), Dst: Vmware_a8:00:cd > (00:50:56:a8:00:cd) > Destination: Vmware_a8:00:cd (00:50:56:a8:00:cd) > Source: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d) > Type: IP (0x0800) > Internet Protocol, Src: 10.31.130.211 (10.31.130.211), Dst: 172.16.10.136 > (172.16.10.136) > User Datagram Protocol, Src Port: snmp (161), Dst Port: 61587 (61587) > Simple Network Management Protocol > msgVersion: snmpv3 (3) > msgGlobalData > msgID: 1659088534 > msgMaxSize: 65507 > msgFlags: 03 > .... .0.. = Reportable: Not set > .... ..1. = Encrypted: Set > .... ...1 = Authenticated: Set > msgSecurityModel: USM (3) > msgAuthoritativeEngineID: 800084a303000000000000 > msgAuthoritativeEngineBoots: 1 > msgAuthoritativeEngineTime: 2864 > msgUserName: MrBetter > msgAuthenticationParameters: 60acce3b350fcf1ea1c1da74 > [Authentication: OK] > [Expert Info (Chat/Checksum): SNMP Authentication OK] > [Message: SNMP Authentication OK] > [Severity level: Chat] > [Group: Checksum] > msgPrivacyParameters: 4c450787fcbffc8f > msgData: encryptedPDU (1) > encryptedPDU: ee5f69f715a115723e50b91b45dc5c031a099feac59928a1... > Decrypted ScopedPDU: > 3063040b800084a3030000000000000400a25202047829cc... > contextEngineID: 800084a303000000000000 > contextName:<MISSING> > data: get-response (2) > > No. Time Source Destination Protocol Info > 319 59.514700 172.16.10.136 10.31.130.211 SNMP > Source port: 61587 Destination port: snmp > > Frame 319: 227 bytes on wire (1816 bits), 227 bytes captured (1816 bits) > Arrival Time: Oct 23, 2011 15:06:45.578450000 Jerusalem Standard Time > Epoch Time: 1319375205.578450000 seconds > [Time delta from previous captured frame: 1.016220000 seconds] > [Time delta from previous displayed frame: 7.079001000 seconds] > [Time since reference or first frame: 59.514700000 seconds] > Frame Number: 319 > Frame Length: 227 bytes (1816 bits) > Capture Length: 227 bytes (1816 bits) > [Frame is marked: False] > [Frame is ignored: False] > [Protocols in frame: eth:ip:udp:snmp] > [Coloring Rule Name: Checksum Errors] > [Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || > ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || > mstp.checksum_bad==1] > Ethernet II, Src: Vmware_a8:00:cd (00:50:56:a8:00:cd), Dst: Cisco_d3:f5:5d > (e0:5f:b9:d3:f5:5d) > Destination: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d) > Source: Vmware_a8:00:cd (00:50:56:a8:00:cd) > Type: IP (0x0800) > Internet Protocol, Src: 172.16.10.136 (172.16.10.136), Dst: 10.31.130.211 > (10.31.130.211) > User Datagram Protocol, Src Port: 61587 (61587), Dst Port: snmp (161) > Simple Network Management Protocol > msgVersion: snmpv3 (3) > msgGlobalData > msgID: 1659088535 > msgMaxSize: 65535 > msgFlags: 07 > .... .1.. = Reportable: Set > .... ..1. = Encrypted: Set > .... ...1 = Authenticated: Set > msgSecurityModel: USM (3) > msgAuthoritativeEngineID: 800084a303000000000000 > msgAuthoritativeEngineBoots: 0 > msgAuthoritativeEngineTime: 7 > msgUserName: MrBetter > msgAuthenticationParameters: bd7d316fe0c9150f73cef028 > [Authentication: Failed calculated = 0b f5 d0 43 d2 a5 8f 3f 24 3a > 76 1f] > [Expert Info (Warn/Checksum): SNMP Authentication Error] > [Message: SNMP Authentication Error] > [Severity level: Warn] > [Group: Checksum] > msgPrivacyParameters: d454b4a134c47db6 > msgData: encryptedPDU (1) > encryptedPDU: c61e4435a2fa3229f921f4764ba79a622de31d4ddbc85017... > Decrypted ScopedPDU: > 928470e411e135c67707c5ee918fc738865e9cdd7e4c5db4... > BER Error: Sequence expected but class:CONTEXT(2) primitive > tag:18 was unexpected > [Expert Info (Warn/Malformed): BER Error: Sequence > expected] > [Message: BER Error: Sequence expected] > [Severity level: Warn] > [Group: Malformed] > > No. Time Source Destination Protocol Info > 320 61.119184 10.31.130.211 172.16.10.136 SNMP > report 1.3.6.1.6.3.15.1.1.5.0 > > Frame 320: 151 bytes on wire (1208 bits), 151 bytes captured (1208 bits) > Arrival Time: Oct 23, 2011 15:06:47.182934000 Jerusalem Standard Time > Epoch Time: 1319375207.182934000 seconds > [Time delta from previous captured frame: 1.604484000 seconds] > [Time delta from previous displayed frame: 1.604484000 seconds] > [Time since reference or first frame: 61.119184000 seconds] > Frame Number: 320 > Frame Length: 151 bytes (1208 bits) > Capture Length: 151 bytes (1208 bits) > [Frame is marked: False] > [Frame is ignored: False] > [Protocols in frame: eth:ip:udp:snmp] > [Coloring Rule Name: UDP] > [Coloring Rule String: udp] > Ethernet II, Src: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d), Dst: Vmware_a8:00:cd > (00:50:56:a8:00:cd) > Destination: Vmware_a8:00:cd (00:50:56:a8:00:cd) > Source: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d) > Type: IP (0x0800) > Internet Protocol, Src: 10.31.130.211 (10.31.130.211), Dst: 172.16.10.136 > (172.16.10.136) > User Datagram Protocol, Src Port: snmp (161), Dst Port: 61587 (61587) > Simple Network Management Protocol > msgVersion: snmpv3 (3) > msgGlobalData > msgID: 1659088535 > msgMaxSize: 65507 > msgFlags: 00 > .... .0.. = Reportable: Not set > .... ..0. = Encrypted: Not set > .... ...0 = Authenticated: Not set > msgSecurityModel: USM (3) > msgAuthoritativeEngineID: 800084a303000000000000 > msgAuthoritativeEngineBoots: 1 > msgAuthoritativeEngineTime: 2873 > msgUserName: MrBetter > msgAuthenticationParameters:<MISSING> > msgPrivacyParameters:<MISSING> > msgData: plaintext (0) > plaintext > > > _______________________________________________ > SNMP4J mailing list > SNMP4J@agentpp.org > http://lists.agentpp.org/mailman/listinfo/snmp4j _______________________________________________ SNMP4J mailing list SNMP4J@agentpp.org http://lists.agentpp.org/mailman/listinfo/snmp4j