[erlang-questions] SNMP v3 usmStatsNotInTimeWindows error

Devangana Tarafdar <>
Wed Sep 14 20:41:44 CEST 2016


Hi Dominik,

So I was able look at the wireshark stream decoded after entering snmp
credentials  (that was very helpful, thanks !) and compared the 2 streams :
One from the snmp get tool and the other from the erlang script.

Wireshark is not able to decode the encrypted pdu  in the erlang stream but
it can decode the snmpget stream.

The message is clear enough I suppose but I don't know what I am doing
wrong with the key.

I changed my local key generation to :

 %Priv_key_local = snmp:passwd2localized_key(sha, Priv_key ,
Agent_engine_id),

 % since auth protocol is SHA
  Priv_key_local = lists:sublist(snmp:passwd2localized_key(sha, Priv_key ,
Agent_engine_id),16),

but it did not help.


msgData: encryptedPDU (1)
        encryptedPDU: 8a3e7fc633c531d2747782a6fc8d89187c452929426e4b6e...
            Decrypted data not formatted as expected, wrong key?
                [Expert Info (Warn/Malformed): Decrypted data not formatted
as expected]
                    [Message: Decrypted data not formatted as expected]
                    [Severity level: Warn]
                    [Group: Malformed]


Attaching  good wireshark trace from snmpget and a bad one from erlang.

Also tried putting a context name but did not work but snmpget does not put
one and it works.

Thanks,
Devangana



On Sun, Sep 11, 2016 at 4:09 PM, Devangana Tarafdar <>
wrote:

> Hi Dominik,
>
> I have not looked into the context. Will check all the items that you
> mention.  I have been able to connect to the agent using snmpwalk and
> snmpget though I have not studied the wireshark output of those in detail.
> Thanks again for all these tips and I will get back to you .
>
> Devangana
>
> On Sep 11, 2016 3:08 PM, "Dominik Pawlak" <>
> wrote:
>
>> Hello Devangana,
>> Hard to tell, but I see that you haven't specified any context in your
>> sync_get. Are you sure it is not needed? I would also double check the
>> engine id and security configuration.
>> Have you managed to connect to that agent from something other than OTP
>> (say snmpb, snmpget)?
>> If so, you can compare in Wireshark, the snmp requests from erlang and
>> from that tool. You can even enter your snmp credentials in Wireshark and
>> it will decode encrypted messages.
>> I hope any of this helps.
>>
>> Best
>> Dominik
>>
>> On 11.09.2016 16:46, Devangana Tarafdar wrote:
>>
>> Hello Dominik,
>>
>> Thanks you for the reply.
>>
>> I  sent another sync_get after the first as you suggested. The wireshark
>> trace shows the manager has updated the 'msgAuthoritativeEngineBoots'
>> and 'msgAuthoritativeEngineTime' to the values sent by the Agent as you
>> pointed out. But now the agent does not respond at all and the sync_get
>> fails with a timeout. I tried adding a second's sleep between the 2 gets as
>> well. I don't have access currently to the agent's logs or configuration
>> but have you seen this before ?
>>
>> Thanks !
>> Devangana
>>
>>
>> On Sat, Sep 10, 2016 at 6:09 PM, Dominik Pawlak <
>> > wrote:
>>
>>> Hello Devangana,
>>> Basically, you just have to perform the sync_get once more. I observed
>>> similar behavior in OTP 17.1 (snmp 4.25.1). The first request will always
>>> fail because the manager is not fully configured to communicate with the
>>> agent (more on that below).
>>>
>>> A longer explanation:
>>>
>>> In snmp v3 there is a process called 'discovery', which should be
>>> performed before secure communication with the agent can be established. It
>>> is described here:
>>>
>>> https://tools.ietf.org/html/rfc3414#section-4
>>>
>>> The snmp library in OTP does not implement that process (at least not as
>>> described in the RFC).
>>> This process has two steps: 'snmpEngineID discovery' and 'time
>>> synchronization'.
>>> The first step is skipped altogether in OTP - you have to provide engine
>>> id upfront.
>>> The second step is performed by the first request - it will always fail
>>> with the 'usmStatsNotInTimeWindows' error report message, but it will set
>>> the required 'msgAuthoritativeEngineBoots' and 'msgAuthoritativeEngineTime'
>>> in the manager.
>>>
>>> Best,
>>> Dominik
>>>
>>>
>>> On 10.09.2016 06:48, Devangana Tarafdar wrote:
>>>
>>> Hello,
>>>
>>> I am trying to connect to a third party SNMP agent, using snmp manager
>>> (snmp v3) ( in the erlang 19 release snmp 5.2.3) and I am running into a
>>> problem where the agent is returning this error on the manager calling
>>> sync_get:
>>>
>>>
>>> *** [2016:09:08 21:26:00 830] SNMP M-SERVER TRACE ***
>>>    handle_snmp_report -> entry with
>>>    Domain:  snmpUDPDomain
>>>    Addr:    {{xx,xxx,xxx,xxx},161}
>>>    ReqId:   37078226
>>>    Rep:     {invalid_sec_info,[{sec_level,3,1},
>>>                                {request_id,37078226,2147483647}]}
>>>    Pdu:     {pdu,report,2147483647,noError,0,
>>>                  [{varbind,[1,3,6,1,6,3,15,1,1,2,0],'Counter32',33,1}]}
>>> *** [2016:09:08 21:26:00 830] SNMP M-SERVER DEBUG ***
>>>    handle_snmp_report -> found corresponding request:
>>>    reply to sync request
>>>    Ref:    #Ref<0.0.4.210>
>>>    ModRef: #Ref<0.0.4.211>
>>>    From:   {<0.3.0>,#Ref<0.0.4.202>}
>>> *** [2016:09:08 21:26:00 830] SNMP M-SERVER TRACE ***
>>>    handle_snmp_pdu(get-response) -> Remaining: 4979
>>> *** [2016:09:08 21:26:00 830] SNMP M-SERVER TRACE ***
>>>    handle_snmp_report -> deliver reply
>>>
>>> {error,{invalid_sec_info,[{sec_level,3,1},{request_id,37078226,
>>> 2147483647}],{noError,0,[{varbind,[1,3,6,1,6,3,15,1,1,2,0
>>> ],'Counter32',33,1}]}}}
>>>
>>> *** [2016:09:08 21:26:00 831]
>>>
>>> Where [1,3,6,1,6,3,15,1,1,2,0]  maps to "usmStatsNotInTimeWindows" (from
>>> http://www.oid-info.com/)
>>>
>>> I have attached a  wireshark trace for the snmp part of this exchange.
>>>
>>> I am invoking the snmpm module functions through a basic script as
>>> follows (using tips from the tutorial at
>>> https://erlangcentral.org/wiki/index.php?title=SNMP_Quick_Start )
>>> .........
>>> ..........
>>>
>>>   ok = application:start(crypto),
>>>   ok = application:start(snmp),
>>>
>>>   Userid = "snmp3user",
>>>   Agent_target = "testagent",
>>>   Agent_engine_id = [128,0,0,8,2,0,0,26,84,40,108,176],
>>>   Agent_ip = {xx,xxx,xxx,xxx},
>>>   Agent_port = 161 ,
>>>   Secure_name= Userid,
>>>
>>>   Security_level = 'authPriv',
>>>   Security_model = 'usm',
>>>   Agent_version = 'v3',
>>>   Auth_protocol = 'usmHMACSHAAuthProtocol',
>>>   Priv_protocol = 'usmAesCfb128Protocol',
>>>
>>>   % this is 16 in length
>>>   Priv_key_local = snmp:passwd2localized_key(md5, Priv_key , Agent_engine_id),
>>>
>>>   % this is 20 in length
>>>   Auth_key_local = snmp:passwd2localized_key(sha, Auth_key , Agent_engine_id),
>>>
>>>   ok = snmpm:register_user(Userid,snmpm_user_default,[]),
>>>
>>>   ok = snmpm:register_usm_user(Agent_engine_id, Userid, [
>>>                               {auth, Auth_protocol},
>>>                               {auth_key,Auth_key_local},
>>>                               {priv, Priv_protocol},
>>>                               {priv_key,Priv_key_local },
>>>                               {sec_name, Secure_name}
>>>                         ]),
>>>   ok = snmpm:register_agent(Userid, Agent_target ,[
>>>                                                    {engine_id,Agent_engine_id},
>>>                                                    {address, Agent_ip},
>>>                                                    {port, Agent_port},
>>>                                                    {version,Agent_version},
>>>                                                    {sec_model,Security_model},
>>>                                                    {sec_name,Secure_name},
>>>                                                    {sec_level, Security_level}
>>>
>>>                                ]),
>>>   Res0 = snmpm:sync_get(Userid, Agent_target, [[1,3,6,1,4,1,9,10,19,1,1,9,1,3,7,2]]),   ........................
>>>
>>>   ........................
>>>
>>> Can anyone please tell me what I am doing wrong here ? Any tips would be appreciated !
>>>
>>> Thanks, Devangana
>>>
>>> _______________________________________________
>>> erlang-questions mailing ://erlang.org/mailman/listinfo/erlang-questions
>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160914/bb2b7b05/attachment.html>
-------------- next part --------------
No.     Time                       Source                Destination           Protocol Length Info
      1 2016-09-12 11:17:20.591800 xx.xx.xx.xx       xx.xx.xx.xx        SNMP     106    get-request

Frame 1: 106 bytes on wire (848 bits), 106 bytes captured (848 bits)
Ethernet II, Src: Dell_5a:bb:91 (xxxxxxxxxx), Dst: Cisco_ea:e8:00 (xxxxxxxxxxxx)
Internet Protocol Version 4, Src: xx.xx.xx.xx (xx.xx.xx.xx), Dst: xx.xx.xx.xx (xx.xx.xx.xx)
User Datagram Protocol, Src Port: 56064 (56064), Dst Port: snmp (161)
Simple Network Management Protocol
    msgVersion: snmpv3 (3)
    msgGlobalData
        msgID: 1249727467
        msgMaxSize: 65507
        msgFlags: 04
        msgSecurityModel: USM (3)
    msgAuthoritativeEngineID: <MISSING>
    msgAuthoritativeEngineBoots: 0
    msgAuthoritativeEngineTime: 0
    msgUserName: 
    msgAuthenticationParameters: <MISSING>
    msgPrivacyParameters: <MISSING>
    msgData: plaintext (0)
        plaintext
            contextEngineID: <MISSING>
            contextName: 
            data: get-request (0)
                get-request
                    request-id: 157902137
                    error-status: noError (0)
                    error-index: 0
                    variable-bindings: 0 items

No.     Time                       Source                Destination           Protocol Length Info
      2 2016-09-12 11:17:20.603244 xx.xx.xx.xx        xx.xx.xx.xx       SNMP     151    report 1.3.6.1.6.3.15.1.1.4.0

Frame 2: 151 bytes on wire (1208 bits), 151 bytes captured (1208 bits)
Ethernet II, Src: Cisco_ea:e8:00 (xxxxxxxxxxxx), Dst: Dell_5a:bb:91 (xxxxxxxxxx)
Internet Protocol Version 4, Src: xx.xx.xx.xx (xx.xx.xx.xx), Dst: xx.xx.xx.xx (xx.xx.xx.xx)
User Datagram Protocol, Src Port: snmp (161), Dst Port: 56064 (56064)
Simple Network Management Protocol
    msgVersion: snmpv3 (3)
    msgGlobalData
        msgID: 1249727467
        msgMaxSize: 1500
        msgFlags: 00
        msgSecurityModel: USM (3)
    msgAuthoritativeEngineID: xxxxxxxxxxxxxxxxxxxxx
    msgAuthoritativeEngineBoots: 3
    msgAuthoritativeEngineTime: 57959463
    msgUserName: 
    msgAuthenticationParameters: <MISSING>
    msgPrivacyParameters: <MISSING>
    msgData: plaintext (0)
        plaintext
            contextEngineID: xxxxxxxxxxxxxxxxxxxxx
            contextName: 
            data: report (8)
                report
                    request-id: 157902137
                    error-status: noError (0)
                    error-index: 0
                    variable-bindings: 1 item

No.     Time                       Source                Destination           Protocol Length Info
      3 2016-09-12 11:17:20.603411 xx.xx.xx.xx       xx.xx.xx.xx        SNMP     186    get-request 1.3.6.1.4.1.9.10.19.1.1.9.1.3.7.2

Frame 3: 186 bytes on wire (1488 bits), 186 bytes captured (1488 bits)
Ethernet II, Src: Dell_5a:bb:91 (xxxxxxxxxx), Dst: Cisco_ea:e8:00 (xxxxxxxxxxxx)
Internet Protocol Version 4, Src: xx.xx.xx.xx (xx.xx.xx.xx), Dst: xx.xx.xx.xx (xx.xx.xx.xx)
User Datagram Protocol, Src Port: 56064 (56064), Dst Port: snmp (161)
Simple Network Management Protocol
    msgVersion: snmpv3 (3)
    msgGlobalData
        msgID: 1249727466
        msgMaxSize: 65507
        msgFlags: 07
        msgSecurityModel: USM (3)
    msgAuthoritativeEngineID: xxxxxxxxxxxxxxxxxxxxx
    msgAuthoritativeEngineBoots: 3
    msgAuthoritativeEngineTime: 57959463
    msgUserName: snmp3user
    msgAuthenticationParameters: 66066a5c8bb770ac44a8a6aa
        [Authentication: OK]
            [Expert Info (Chat/Checksum): SNMP Authentication OK]
                [Message: SNMP Authentication OK]
                [Severity level: Chat]
                [Group: Checksum]
    msgPrivacyParameters: 7659ce996f84ed61
    msgData: encryptedPDU (1)
        encryptedPDU: 2fd50fd5753850f7a6a098056cd9b062770b96b4a9658469...
            Decrypted ScopedPDU: 3035040cxxxxxxxxxxxxxxxxxxxxx0400a02302040969...
                contextEngineID: xxxxxxxxxxxxxxxxxxxxx
                contextName: 
                data: get-request (0)
                    get-request
                        request-id: 157902136
                        error-status: noError (0)
                        error-index: 0
                        variable-bindings: 1 item

No.     Time                       Source                Destination           Protocol Length Info
      4 2016-09-12 11:17:20.614562 xx.xx.xx.xx        xx.xx.xx.xx       SNMP     186    get-response 1.3.6.1.4.1.9.10.19.1.1.9.1.3.7.2

Frame 4: 186 bytes on wire (1488 bits), 186 bytes captured (1488 bits)
Ethernet II, Src: Cisco_ea:e8:00 (xxxxxxxxxxxx), Dst: Dell_5a:bb:91 (xxxxxxxxxx)
Internet Protocol Version 4, Src: xx.xx.xx.xx (xx.xx.xx.xx), Dst: xx.xx.xx.xx (xx.xx.xx.xx)
User Datagram Protocol, Src Port: snmp (161), Dst Port: 56064 (56064)
Simple Network Management Protocol
    msgVersion: snmpv3 (3)
    msgGlobalData
        msgID: 1249727466
        msgMaxSize: 1500
        msgFlags: 03
        msgSecurityModel: USM (3)
    msgAuthoritativeEngineID:xxxxxxxxxxxxxxxxxxxxx
    msgAuthoritativeEngineBoots: 3
    msgAuthoritativeEngineTime: 57959463
    msgUserName: snmp3user
    msgAuthenticationParameters: c9a294d040e72dc862a552d9
        [Authentication: OK]
            [Expert Info (Chat/Checksum): SNMP Authentication OK]
                [Message: SNMP Authentication OK]
                [Severity level: Chat]
                [Group: Checksum]
    msgPrivacyParameters: 03acf687bd16cbb9
    msgData: encryptedPDU (1)
        encryptedPDU: 7bf96b26eb9009354008da4fd46a6ab68323a757bb5bd009...
            Decrypted ScopedPDU: 3036040cxxxxxxxxxxxxxxxxxxxxx0400a22402040969...
                contextEngineID: xxxxxxxxxxxxxxxxxxxxx
                contextName: 
                data: get-response (2)
                    get-response
                        request-id: 157902136
                        error-status: noError (0)
                        error-index: 0
                        variable-bindings: 1 item
-------------- next part --------------
No.     Time                       Source                Destination           Protocol Length Info
      1 2016-09-14 12:52:45.116572 xx.xx.xx.xx       xx.xx.xx.xx        SNMP     182    encryptedPDU: Decrypted data not formatted as expected

Frame 1: 182 bytes on wire (1456 bits), 182 bytes captured (1456 bits)
Ethernet II, Src: Dell_5a:bb:91 (xx.xx.xx.xx), Dst: Cisco_ea:e8:00 (xx.xx.xx.xx.xx)
Internet Protocol Version 4, Src: xx.xx.xx.xx (xx.xx.xx.xx), Dst: xx.xx.xx.xx (xx.xx.xx.xx)
User Datagram Protocol, Src Port: commplex-main (5000), Dst Port: snmp (161)
Simple Network Management Protocol
    msgVersion: snmpv3 (3)
    msgGlobalData
        msgID: 991281567
        msgMaxSize: 484
        msgFlags: 07
        msgSecurityModel: USM (3)
    msgAuthoritativeEngineID: xxxxxxxxxxxxxxxxxxxxxx
    msgAuthoritativeEngineBoots: 0
    msgAuthoritativeEngineTime: 0
    msgUserName: snmp3user
    msgAuthenticationParameters: c7f951adc5fdb07861e75897
        [Authentication: OK]
            [Expert Info (Chat/Checksum): SNMP Authentication OK]
                [Message: SNMP Authentication OK]
                [Severity level: Chat]
                [Group: Checksum]
    msgPrivacyParameters: 0000000000000001
    msgData: encryptedPDU (1)
        encryptedPDU: 8a3e7fc633c531d2747782a6fc8d89187c452929426e4b6e...
            Decrypted data not formatted as expected, wrong key?
                [Expert Info (Warn/Malformed): Decrypted data not formatted as expected]
                    [Message: Decrypted data not formatted as expected]
                    [Severity level: Warn]
                    [Group: Malformed]

No.     Time                       Source                Destination           Protocol Length Info
      2 2016-09-14 12:52:45.128530 xx.xx.xx.xx        xx.xx.xx.xx       SNMP     170    report 1.3.6.1.6.3.15.1.1.2.0

Frame 2: 170 bytes on wire (1360 bits), 170 bytes captured (1360 bits)
Ethernet II, Src: Cisco_ea:e8:00 (xx.xx.xx.xx.xx), Dst: Dell_5a:bb:91 (xx.xx.xx.xx)
Internet Protocol Version 4, Src: xx.xx.xx.xx (xx.xx.xx.xx), Dst: xx.xx.xx.xx (xx.xx.xx.xx)
User Datagram Protocol, Src Port: snmp (161), Dst Port: commplex-main (5000)
Simple Network Management Protocol
    msgVersion: snmpv3 (3)
    msgGlobalData
        msgID: 991281567
        msgMaxSize: 1500
        msgFlags: 01
        msgSecurityModel: USM (3)
    msgAuthoritativeEngineID: xxxxxxxxxxxxxxxxxxxxxx
    msgAuthoritativeEngineBoots: 3
    msgAuthoritativeEngineTime: 58137986
    msgUserName: snmp3user
    msgAuthenticationParameters: 8b04a985942e50bb852e12c2
        [Authentication: OK]
            [Expert Info (Chat/Checksum): SNMP Authentication OK]
                [Message: SNMP Authentication OK]
                [Severity level: Chat]
                [Group: Checksum]
    msgPrivacyParameters: <MISSING>
    msgData: plaintext (0)
        plaintext

No.     Time                       Source                Destination           Protocol Length Info
      3 2016-09-14 12:52:46.137742 xx.xx.xx.xx       xx.xx.xx.xx        SNMP     185    Source port: commplex-main  Destination port: snmp[Malformed Packet]

Frame 3: 185 bytes on wire (1480 bits), 185 bytes captured (1480 bits)
Ethernet II, Src: Dell_5a:bb:91 (xx.xx.xx.xx), Dst: Cisco_ea:e8:00 (xx.xx.xx.xx.xx)
Internet Protocol Version 4, Src: xx.xx.xx.xx (xx.xx.xx.xx), Dst: xx.xx.xx.xx (xx.xx.xx.xx)
User Datagram Protocol, Src Port: commplex-main (5000), Dst Port: snmp (161)
Simple Network Management Protocol
    msgVersion: snmpv3 (3)
    msgGlobalData
        msgID: 991281568
        msgMaxSize: 484
        msgFlags: 07
        msgSecurityModel: USM (3)
    msgAuthoritativeEngineID: xxxxxxxxxxxxxxxxxxxxxx
    msgAuthoritativeEngineBoots: 3
    msgAuthoritativeEngineTime: 58137987
    msgUserName: snmp3user
    msgAuthenticationParameters: faf88ff2c55fead30027041c
    msgPrivacyParameters: 0000000000000002
    msgData: encryptedPDU (1)
        encryptedPDU: 1cdd0c3bcd32afc23beacca094272afba52babb364bc2d65...
[Malformed Packet: SNMP]
    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
        [Message: Malformed Packet (Exception occurred)]
        [Severity level: Error]
        [Group: Malformed]


More information about the erlang-questions mailing list