Re: [SNMP4J] usmStatsNotInTimeWindows and then usmStatsWrongDigests

Tue, 01 Nov 2011 13:26:17 -0700 

Hi Adi,

The problem seems to be that the manager (SNMP4J) resets
its MPv3 cache, because enigne boots and engine time are
reset (0 and 7 instead 1 and 2861+7+x).

At time x after the first successful request was sent, someone
deleted the Snmp instance and/or the contained MPv3
object or used a second Snmp instance with a new MPv3
instance which did not had any cache entry for the specific
SNMPv3 target engine ID.

Best regards,
Frank

Am 25.10.2011 13:38, schrieb Adi Leibovich:
> Hi guys,
>
> We have a simple manager built over SNMP4J where we encounter the following 
> situation:
>
> 1. Manager is trying to discover agent's engine id
> 2. Agent is returning report in response
> 3. Manager is sending set request
> 4. Agent is sending usmStatsNotInTimeWindows report
> 5. Manager tries to recover (I think) and sends another set request, agent 
> responds
> 6. After 7 secs, manager seems to send another request, which cannot be 
> decrypted by wireshark, and is answered by usmStatsWrongDigests which my java 
> wrapper then receives in the response pdu.
>
> Please see wireshark log below. Would very much appreciate your assistance on 
> this.
>
> Thanks and regards,
> Adi
>
>
>
> No.     Time        Source                Destination           Protocol Info
>      248 47.515406   172.16.10.136         10.31.130.211         SNMP     
> set-request
>
> Frame 248: 103 bytes on wire (824 bits), 103 bytes captured (824 bits)
>      Arrival Time: Oct 23, 2011 15:06:33.579156000 Jerusalem Standard Time
>      Epoch Time: 1319375193.579156000 seconds
>      [Time delta from previous captured frame: 0.002905000 seconds]
>      [Time delta from previous displayed frame: 5.038972000 seconds]
>      [Time since reference or first frame: 47.515406000 seconds]
>      Frame Number: 248
>      Frame Length: 103 bytes (824 bits)
>      Capture Length: 103 bytes (824 bits)
>      [Frame is marked: False]
>      [Frame is ignored: False]
>      [Protocols in frame: eth:ip:udp:snmp]
>      [Coloring Rule Name: Checksum Errors]
>      [Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || 
> ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || 
> mstp.checksum_bad==1]
> Ethernet II, Src: Vmware_a8:00:cd (00:50:56:a8:00:cd), Dst: Cisco_d3:f5:5d 
> (e0:5f:b9:d3:f5:5d)
>      Destination: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
>      Source: Vmware_a8:00:cd (00:50:56:a8:00:cd)
>      Type: IP (0x0800)
> Internet Protocol, Src: 172.16.10.136 (172.16.10.136), Dst: 10.31.130.211 
> (10.31.130.211)
> User Datagram Protocol, Src Port: 61587 (61587), Dst Port: snmp (161)
> Simple Network Management Protocol
>      msgVersion: snmpv3 (3)
>      msgGlobalData
>          msgID: 1659088532
>          msgMaxSize: 65535
>          msgFlags: 04
>              .... .1.. = Reportable: Set
>              .... ..0. = Encrypted: Not set
>              .... ...0 = Authenticated: Not set
>          msgSecurityModel: USM (3)
>      msgAuthoritativeEngineID:<MISSING>
>      msgAuthoritativeEngineBoots: 0
>      msgAuthoritativeEngineTime: 0
>      msgUserName:
>      msgAuthenticationParameters:<MISSING>
>      msgPrivacyParameters:<MISSING>
>      msgData: plaintext (0)
>          plaintext
>
> No.     Time        Source                Destination           Protocol Info
>      253 48.330148   10.31.130.211         172.16.10.136         SNMP     
> report 1.3.6.1.6.3.15.1.1.4.0
>
> Frame 253: 143 bytes on wire (1144 bits), 143 bytes captured (1144 bits)
>      Arrival Time: Oct 23, 2011 15:06:34.393898000 Jerusalem Standard Time
>      Epoch Time: 1319375194.393898000 seconds
>      [Time delta from previous captured frame: 0.206651000 seconds]
>      [Time delta from previous displayed frame: 0.814742000 seconds]
>      [Time since reference or first frame: 48.330148000 seconds]
>      Frame Number: 253
>      Frame Length: 143 bytes (1144 bits)
>      Capture Length: 143 bytes (1144 bits)
>      [Frame is marked: False]
>      [Frame is ignored: False]
>      [Protocols in frame: eth:ip:udp:snmp]
>      [Coloring Rule Name: UDP]
>      [Coloring Rule String: udp]
> Ethernet II, Src: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d), Dst: Vmware_a8:00:cd 
> (00:50:56:a8:00:cd)
>      Destination: Vmware_a8:00:cd (00:50:56:a8:00:cd)
>      Source: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
>      Type: IP (0x0800)
> Internet Protocol, Src: 10.31.130.211 (10.31.130.211), Dst: 172.16.10.136 
> (172.16.10.136)
> User Datagram Protocol, Src Port: snmp (161), Dst Port: 61587 (61587)
> Simple Network Management Protocol
>      msgVersion: snmpv3 (3)
>      msgGlobalData
>          msgID: 1659088532
>          msgMaxSize: 65507
>          msgFlags: 00
>              .... .0.. = Reportable: Not set
>              .... ..0. = Encrypted: Not set
>              .... ...0 = Authenticated: Not set
>          msgSecurityModel: USM (3)
>      msgAuthoritativeEngineID: 800084a303000000000000
>      msgAuthoritativeEngineBoots: 1
>      msgAuthoritativeEngineTime: 2860
>      msgUserName:
>      msgAuthenticationParameters:<MISSING>
>      msgPrivacyParameters:<MISSING>
>      msgData: plaintext (0)
>          plaintext
>
> No.     Time        Source                Destination           Protocol Info
>      254 48.364614   172.16.10.136         10.31.130.211         SNMP     
> set-request 
> 1.3.6.1.4.1.33955.1.6.1.2.1.1.10.28.10.49.51.49.57.51.55.53.49.57.51 
> 1.3.6.1.4.1.33955.1.6.1.2.1.1.16.28.10.49.51.49.57.51.55.53.49.57.51
>
> Frame 254: 227 bytes on wire (1816 bits), 227 bytes captured (1816 bits)
>      Arrival Time: Oct 23, 2011 15:06:34.428364000 Jerusalem Standard Time
>      Epoch Time: 1319375194.428364000 seconds
>      [Time delta from previous captured frame: 0.034466000 seconds]
>      [Time delta from previous displayed frame: 0.034466000 seconds]
>      [Time since reference or first frame: 48.364614000 seconds]
>      Frame Number: 254
>      Frame Length: 227 bytes (1816 bits)
>      Capture Length: 227 bytes (1816 bits)
>      [Frame is marked: False]
>      [Frame is ignored: False]
>      [Protocols in frame: eth:ip:udp:snmp]
>      [Coloring Rule Name: Checksum Errors]
>      [Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || 
> ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || 
> mstp.checksum_bad==1]
> Ethernet II, Src: Vmware_a8:00:cd (00:50:56:a8:00:cd), Dst: Cisco_d3:f5:5d 
> (e0:5f:b9:d3:f5:5d)
>      Destination: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
>      Source: Vmware_a8:00:cd (00:50:56:a8:00:cd)
>      Type: IP (0x0800)
> Internet Protocol, Src: 172.16.10.136 (172.16.10.136), Dst: 10.31.130.211 
> (10.31.130.211)
> User Datagram Protocol, Src Port: 61587 (61587), Dst Port: snmp (161)
> Simple Network Management Protocol
>      msgVersion: snmpv3 (3)
>      msgGlobalData
>          msgID: 1659088533
>          msgMaxSize: 65535
>          msgFlags: 07
>              .... .1.. = Reportable: Set
>              .... ..1. = Encrypted: Set
>              .... ...1 = Authenticated: Set
>          msgSecurityModel: USM (3)
>      msgAuthoritativeEngineID: 800084a303000000000000
>      msgAuthoritativeEngineBoots: 0
>      msgAuthoritativeEngineTime: 0
>      msgUserName: MrBetter
>      msgAuthenticationParameters: 1ffc3dfedef9a2947fd9c6bb
>          [Authentication: OK]
>              [Expert Info (Chat/Checksum): SNMP Authentication OK]
>                  [Message: SNMP Authentication OK]
>                  [Severity level: Chat]
>                  [Group: Checksum]
>      msgPrivacyParameters: d454b4a134c47db2
>      msgData: encryptedPDU (1)
>          encryptedPDU: 5c1cc1c1814af5343f1de8813ea1b1d94d149a867a4eaa8f...
>              Decrypted ScopedPDU: 
> 3063040b800084a3030000000000000400a35202047829cc...
>                  contextEngineID: 800084a303000000000000
>                  contextName:<MISSING>
>                  data: set-request (3)
>
> No.     Time        Source                Destination           Protocol Info
>      261 49.267412   10.31.130.211         172.16.10.136         SNMP     
> report 1.3.6.1.6.3.15.1.1.2.0
>
> Frame 261: 163 bytes on wire (1304 bits), 163 bytes captured (1304 bits)
>      Arrival Time: Oct 23, 2011 15:06:35.331162000 Jerusalem Standard Time
>      Epoch Time: 1319375195.331162000 seconds
>      [Time delta from previous captured frame: 0.081422000 seconds]
>      [Time delta from previous displayed frame: 0.902798000 seconds]
>      [Time since reference or first frame: 49.267412000 seconds]
>      Frame Number: 261
>      Frame Length: 163 bytes (1304 bits)
>      Capture Length: 163 bytes (1304 bits)
>      [Frame is marked: False]
>      [Frame is ignored: False]
>      [Protocols in frame: eth:ip:udp:snmp]
>      [Coloring Rule Name: UDP]
>      [Coloring Rule String: udp]
> Ethernet II, Src: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d), Dst: Vmware_a8:00:cd 
> (00:50:56:a8:00:cd)
>      Destination: Vmware_a8:00:cd (00:50:56:a8:00:cd)
>      Source: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
>      Type: IP (0x0800)
> Internet Protocol, Src: 10.31.130.211 (10.31.130.211), Dst: 172.16.10.136 
> (172.16.10.136)
> User Datagram Protocol, Src Port: snmp (161), Dst Port: 61587 (61587)
> Simple Network Management Protocol
>      msgVersion: snmpv3 (3)
>      msgGlobalData
>          msgID: 1659088533
>          msgMaxSize: 65507
>          msgFlags: 01
>              .... .0.. = Reportable: Not set
>              .... ..0. = Encrypted: Not set
>              .... ...1 = Authenticated: Set
>          msgSecurityModel: USM (3)
>      msgAuthoritativeEngineID: 800084a303000000000000
>      msgAuthoritativeEngineBoots: 1
>      msgAuthoritativeEngineTime: 2861
>      msgUserName: MrBetter
>      msgAuthenticationParameters: 579447283bb669aeb84ea214
>          [Authentication: OK]
>              [Expert Info (Chat/Checksum): SNMP Authentication OK]
>                  [Message: SNMP Authentication OK]
>                  [Severity level: Chat]
>                  [Group: Checksum]
>      msgPrivacyParameters:<MISSING>
>      msgData: plaintext (0)
>          plaintext
>
> No.     Time        Source                Destination           Protocol Info
>      262 49.267973   172.16.10.136         10.31.130.211         SNMP     
> set-request 
> 1.3.6.1.4.1.33955.1.6.1.2.1.1.10.28.10.49.51.49.57.51.55.53.49.57.51 
> 1.3.6.1.4.1.33955.1.6.1.2.1.1.16.28.10.49.51.49.57.51.55.53.49.57.51
>
> Frame 262: 228 bytes on wire (1824 bits), 228 bytes captured (1824 bits)
>      Arrival Time: Oct 23, 2011 15:06:35.331723000 Jerusalem Standard Time
>      Epoch Time: 1319375195.331723000 seconds
>      [Time delta from previous captured frame: 0.000561000 seconds]
>      [Time delta from previous displayed frame: 0.000561000 seconds]
>      [Time since reference or first frame: 49.267973000 seconds]
>      Frame Number: 262
>      Frame Length: 228 bytes (1824 bits)
>      Capture Length: 228 bytes (1824 bits)
>      [Frame is marked: False]
>      [Frame is ignored: False]
>      [Protocols in frame: eth:ip:udp:snmp]
>      [Coloring Rule Name: Checksum Errors]
>      [Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || 
> ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || 
> mstp.checksum_bad==1]
> Ethernet II, Src: Vmware_a8:00:cd (00:50:56:a8:00:cd), Dst: Cisco_d3:f5:5d 
> (e0:5f:b9:d3:f5:5d)
>      Destination: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
>      Source: Vmware_a8:00:cd (00:50:56:a8:00:cd)
>      Type: IP (0x0800)
> Internet Protocol, Src: 172.16.10.136 (172.16.10.136), Dst: 10.31.130.211 
> (10.31.130.211)
> User Datagram Protocol, Src Port: 61587 (61587), Dst Port: snmp (161)
> Simple Network Management Protocol
>      msgVersion: snmpv3 (3)
>      msgGlobalData
>          msgID: 1659088534
>          msgMaxSize: 65535
>          msgFlags: 07
>              .... .1.. = Reportable: Set
>              .... ..1. = Encrypted: Set
>              .... ...1 = Authenticated: Set
>          msgSecurityModel: USM (3)
>      msgAuthoritativeEngineID: 800084a303000000000000
>      msgAuthoritativeEngineBoots: 1
>      msgAuthoritativeEngineTime: 2861
>      msgUserName: MrBetter
>      msgAuthenticationParameters: 5eb84434b01403fd966d2f7f
>          [Authentication: OK]
>              [Expert Info (Chat/Checksum): SNMP Authentication OK]
>                  [Message: SNMP Authentication OK]
>                  [Severity level: Chat]
>                  [Group: Checksum]
>      msgPrivacyParameters: d454b4a134c47db3
>      msgData: encryptedPDU (1)
>          encryptedPDU: 179e8d4cbafeb5c27404009541a22c8a89a6c348fcafafd6...
>              Decrypted ScopedPDU: 
> 3063040b800084a3030000000000000400a35202047829cc...
>                  contextEngineID: 800084a303000000000000
>                  contextName:<MISSING>
>                  data: set-request (3)
>
> No.     Time        Source                Destination           Protocol Info
>      278 52.435699   10.31.130.211         172.16.10.136         SNMP     
> get-response 
> 1.3.6.1.4.1.33955.1.6.1.2.1.1.10.28.10.49.51.49.57.51.55.53.49.57.51 
> 1.3.6.1.4.1.33955.1.6.1.2.1.1.16.28.10.49.51.49.57.51.55.53.49.57.51
>
> Frame 278: 228 bytes on wire (1824 bits), 228 bytes captured (1824 bits)
>      Arrival Time: Oct 23, 2011 15:06:38.499449000 Jerusalem Standard Time
>      Epoch Time: 1319375198.499449000 seconds
>      [Time delta from previous captured frame: 0.551820000 seconds]
>      [Time delta from previous displayed frame: 3.167726000 seconds]
>      [Time since reference or first frame: 52.435699000 seconds]
>      Frame Number: 278
>      Frame Length: 228 bytes (1824 bits)
>      Capture Length: 228 bytes (1824 bits)
>      [Frame is marked: False]
>      [Frame is ignored: False]
>      [Protocols in frame: eth:ip:udp:snmp]
>      [Coloring Rule Name: UDP]
>      [Coloring Rule String: udp]
> Ethernet II, Src: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d), Dst: Vmware_a8:00:cd 
> (00:50:56:a8:00:cd)
>      Destination: Vmware_a8:00:cd (00:50:56:a8:00:cd)
>      Source: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
>      Type: IP (0x0800)
> Internet Protocol, Src: 10.31.130.211 (10.31.130.211), Dst: 172.16.10.136 
> (172.16.10.136)
> User Datagram Protocol, Src Port: snmp (161), Dst Port: 61587 (61587)
> Simple Network Management Protocol
>      msgVersion: snmpv3 (3)
>      msgGlobalData
>          msgID: 1659088534
>          msgMaxSize: 65507
>          msgFlags: 03
>              .... .0.. = Reportable: Not set
>              .... ..1. = Encrypted: Set
>              .... ...1 = Authenticated: Set
>          msgSecurityModel: USM (3)
>      msgAuthoritativeEngineID: 800084a303000000000000
>      msgAuthoritativeEngineBoots: 1
>      msgAuthoritativeEngineTime: 2864
>      msgUserName: MrBetter
>      msgAuthenticationParameters: 60acce3b350fcf1ea1c1da74
>          [Authentication: OK]
>              [Expert Info (Chat/Checksum): SNMP Authentication OK]
>                  [Message: SNMP Authentication OK]
>                  [Severity level: Chat]
>                  [Group: Checksum]
>      msgPrivacyParameters: 4c450787fcbffc8f
>      msgData: encryptedPDU (1)
>          encryptedPDU: ee5f69f715a115723e50b91b45dc5c031a099feac59928a1...
>              Decrypted ScopedPDU: 
> 3063040b800084a3030000000000000400a25202047829cc...
>                  contextEngineID: 800084a303000000000000
>                  contextName:<MISSING>
>                  data: get-response (2)
>
> No.     Time        Source                Destination           Protocol Info
>      319 59.514700   172.16.10.136         10.31.130.211         SNMP     
> Source port: 61587  Destination port: snmp
>
> Frame 319: 227 bytes on wire (1816 bits), 227 bytes captured (1816 bits)
>      Arrival Time: Oct 23, 2011 15:06:45.578450000 Jerusalem Standard Time
>      Epoch Time: 1319375205.578450000 seconds
>      [Time delta from previous captured frame: 1.016220000 seconds]
>      [Time delta from previous displayed frame: 7.079001000 seconds]
>      [Time since reference or first frame: 59.514700000 seconds]
>      Frame Number: 319
>      Frame Length: 227 bytes (1816 bits)
>      Capture Length: 227 bytes (1816 bits)
>      [Frame is marked: False]
>      [Frame is ignored: False]
>      [Protocols in frame: eth:ip:udp:snmp]
>      [Coloring Rule Name: Checksum Errors]
>      [Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || 
> ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || 
> mstp.checksum_bad==1]
> Ethernet II, Src: Vmware_a8:00:cd (00:50:56:a8:00:cd), Dst: Cisco_d3:f5:5d 
> (e0:5f:b9:d3:f5:5d)
>      Destination: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
>      Source: Vmware_a8:00:cd (00:50:56:a8:00:cd)
>      Type: IP (0x0800)
> Internet Protocol, Src: 172.16.10.136 (172.16.10.136), Dst: 10.31.130.211 
> (10.31.130.211)
> User Datagram Protocol, Src Port: 61587 (61587), Dst Port: snmp (161)
> Simple Network Management Protocol
>      msgVersion: snmpv3 (3)
>      msgGlobalData
>          msgID: 1659088535
>          msgMaxSize: 65535
>          msgFlags: 07
>              .... .1.. = Reportable: Set
>              .... ..1. = Encrypted: Set
>              .... ...1 = Authenticated: Set
>          msgSecurityModel: USM (3)
>      msgAuthoritativeEngineID: 800084a303000000000000
>      msgAuthoritativeEngineBoots: 0
>      msgAuthoritativeEngineTime: 7
>      msgUserName: MrBetter
>      msgAuthenticationParameters: bd7d316fe0c9150f73cef028
>          [Authentication: Failed calculated = 0b f5 d0 43 d2 a5 8f 3f 24 3a 
> 76 1f]
>              [Expert Info (Warn/Checksum): SNMP Authentication Error]
>                  [Message: SNMP Authentication Error]
>                  [Severity level: Warn]
>                  [Group: Checksum]
>      msgPrivacyParameters: d454b4a134c47db6
>      msgData: encryptedPDU (1)
>          encryptedPDU: c61e4435a2fa3229f921f4764ba79a622de31d4ddbc85017...
>              Decrypted ScopedPDU: 
> 928470e411e135c67707c5ee918fc738865e9cdd7e4c5db4...
>                  BER Error: Sequence expected but class:CONTEXT(2) primitive 
> tag:18 was unexpected
>                      [Expert Info (Warn/Malformed): BER Error: Sequence 
> expected]
>                          [Message: BER Error: Sequence expected]
>                          [Severity level: Warn]
>                          [Group: Malformed]
>
> No.     Time        Source                Destination           Protocol Info
>      320 61.119184   10.31.130.211         172.16.10.136         SNMP     
> report 1.3.6.1.6.3.15.1.1.5.0
>
> Frame 320: 151 bytes on wire (1208 bits), 151 bytes captured (1208 bits)
>      Arrival Time: Oct 23, 2011 15:06:47.182934000 Jerusalem Standard Time
>      Epoch Time: 1319375207.182934000 seconds
>      [Time delta from previous captured frame: 1.604484000 seconds]
>      [Time delta from previous displayed frame: 1.604484000 seconds]
>      [Time since reference or first frame: 61.119184000 seconds]
>      Frame Number: 320
>      Frame Length: 151 bytes (1208 bits)
>      Capture Length: 151 bytes (1208 bits)
>      [Frame is marked: False]
>      [Frame is ignored: False]
>      [Protocols in frame: eth:ip:udp:snmp]
>      [Coloring Rule Name: UDP]
>      [Coloring Rule String: udp]
> Ethernet II, Src: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d), Dst: Vmware_a8:00:cd 
> (00:50:56:a8:00:cd)
>      Destination: Vmware_a8:00:cd (00:50:56:a8:00:cd)
>      Source: Cisco_d3:f5:5d (e0:5f:b9:d3:f5:5d)
>      Type: IP (0x0800)
> Internet Protocol, Src: 10.31.130.211 (10.31.130.211), Dst: 172.16.10.136 
> (172.16.10.136)
> User Datagram Protocol, Src Port: snmp (161), Dst Port: 61587 (61587)
> Simple Network Management Protocol
>      msgVersion: snmpv3 (3)
>      msgGlobalData
>          msgID: 1659088535
>          msgMaxSize: 65507
>          msgFlags: 00
>              .... .0.. = Reportable: Not set
>              .... ..0. = Encrypted: Not set
>              .... ...0 = Authenticated: Not set
>          msgSecurityModel: USM (3)
>      msgAuthoritativeEngineID: 800084a303000000000000
>      msgAuthoritativeEngineBoots: 1
>      msgAuthoritativeEngineTime: 2873
>      msgUserName: MrBetter
>      msgAuthenticationParameters:<MISSING>
>      msgPrivacyParameters:<MISSING>
>      msgData: plaintext (0)
>          plaintext
>
>
> _______________________________________________
> SNMP4J mailing list
> SNMP4J@agentpp.org
> http://lists.agentpp.org/mailman/listinfo/snmp4j

_______________________________________________
SNMP4J mailing list
SNMP4J@agentpp.org
http://lists.agentpp.org/mailman/listinfo/snmp4j

Reply via email to