[erlang-questions] SNMP v3 usmStatsNotInTimeWindows error
Devangana Tarafdar
devangana@REDACTED
Wed Sep 14 20:41:44 CEST 2016
Hi Dominik,
So I was able look at the wireshark stream decoded after entering snmp
credentials (that was very helpful, thanks !) and compared the 2 streams :
One from the snmp get tool and the other from the erlang script.
Wireshark is not able to decode the encrypted pdu in the erlang stream but
it can decode the snmpget stream.
The message is clear enough I suppose but I don't know what I am doing
wrong with the key.
I changed my local key generation to :
%Priv_key_local = snmp:passwd2localized_key(sha, Priv_key ,
Agent_engine_id),
% since auth protocol is SHA
Priv_key_local = lists:sublist(snmp:passwd2localized_key(sha, Priv_key ,
Agent_engine_id),16),
but it did not help.
msgData: encryptedPDU (1)
encryptedPDU: 8a3e7fc633c531d2747782a6fc8d89187c452929426e4b6e...
Decrypted data not formatted as expected, wrong key?
[Expert Info (Warn/Malformed): Decrypted data not formatted
as expected]
[Message: Decrypted data not formatted as expected]
[Severity level: Warn]
[Group: Malformed]
Attaching good wireshark trace from snmpget and a bad one from erlang.
Also tried putting a context name but did not work but snmpget does not put
one and it works.
Thanks,
Devangana
On Sun, Sep 11, 2016 at 4:09 PM, Devangana Tarafdar <devangana@REDACTED>
wrote:
> Hi Dominik,
>
> I have not looked into the context. Will check all the items that you
> mention. I have been able to connect to the agent using snmpwalk and
> snmpget though I have not studied the wireshark output of those in detail.
> Thanks again for all these tips and I will get back to you .
>
> Devangana
>
> On Sep 11, 2016 3:08 PM, "Dominik Pawlak" <dominik_pawlak@REDACTED>
> wrote:
>
>> Hello Devangana,
>> Hard to tell, but I see that you haven't specified any context in your
>> sync_get. Are you sure it is not needed? I would also double check the
>> engine id and security configuration.
>> Have you managed to connect to that agent from something other than OTP
>> (say snmpb, snmpget)?
>> If so, you can compare in Wireshark, the snmp requests from erlang and
>> from that tool. You can even enter your snmp credentials in Wireshark and
>> it will decode encrypted messages.
>> I hope any of this helps.
>>
>> Best
>> Dominik
>>
>> On 11.09.2016 16:46, Devangana Tarafdar wrote:
>>
>> Hello Dominik,
>>
>> Thanks you for the reply.
>>
>> I sent another sync_get after the first as you suggested. The wireshark
>> trace shows the manager has updated the 'msgAuthoritativeEngineBoots'
>> and 'msgAuthoritativeEngineTime' to the values sent by the Agent as you
>> pointed out. But now the agent does not respond at all and the sync_get
>> fails with a timeout. I tried adding a second's sleep between the 2 gets as
>> well. I don't have access currently to the agent's logs or configuration
>> but have you seen this before ?
>>
>> Thanks !
>> Devangana
>>
>>
>> On Sat, Sep 10, 2016 at 6:09 PM, Dominik Pawlak <
>> dominik_pawlak@REDACTED> wrote:
>>
>>> Hello Devangana,
>>> Basically, you just have to perform the sync_get once more. I observed
>>> similar behavior in OTP 17.1 (snmp 4.25.1). The first request will always
>>> fail because the manager is not fully configured to communicate with the
>>> agent (more on that below).
>>>
>>> A longer explanation:
>>>
>>> In snmp v3 there is a process called 'discovery', which should be
>>> performed before secure communication with the agent can be established. It
>>> is described here:
>>>
>>> https://tools.ietf.org/html/rfc3414#section-4
>>>
>>> The snmp library in OTP does not implement that process (at least not as
>>> described in the RFC).
>>> This process has two steps: 'snmpEngineID discovery' and 'time
>>> synchronization'.
>>> The first step is skipped altogether in OTP - you have to provide engine
>>> id upfront.
>>> The second step is performed by the first request - it will always fail
>>> with the 'usmStatsNotInTimeWindows' error report message, but it will set
>>> the required 'msgAuthoritativeEngineBoots' and 'msgAuthoritativeEngineTime'
>>> in the manager.
>>>
>>> Best,
>>> Dominik
>>>
>>>
>>> On 10.09.2016 06:48, Devangana Tarafdar wrote:
>>>
>>> Hello,
>>>
>>> I am trying to connect to a third party SNMP agent, using snmp manager
>>> (snmp v3) ( in the erlang 19 release snmp 5.2.3) and I am running into a
>>> problem where the agent is returning this error on the manager calling
>>> sync_get:
>>>
>>>
>>> *** [2016:09:08 21:26:00 830] SNMP M-SERVER TRACE ***
>>> handle_snmp_report -> entry with
>>> Domain: snmpUDPDomain
>>> Addr: {{xx,xxx,xxx,xxx},161}
>>> ReqId: 37078226
>>> Rep: {invalid_sec_info,[{sec_level,3,1},
>>> {request_id,37078226,2147483647}]}
>>> Pdu: {pdu,report,2147483647,noError,0,
>>> [{varbind,[1,3,6,1,6,3,15,1,1,2,0],'Counter32',33,1}]}
>>> *** [2016:09:08 21:26:00 830] SNMP M-SERVER DEBUG ***
>>> handle_snmp_report -> found corresponding request:
>>> reply to sync request
>>> Ref: #Ref<0.0.4.210>
>>> ModRef: #Ref<0.0.4.211>
>>> From: {<0.3.0>,#Ref<0.0.4.202>}
>>> *** [2016:09:08 21:26:00 830] SNMP M-SERVER TRACE ***
>>> handle_snmp_pdu(get-response) -> Remaining: 4979
>>> *** [2016:09:08 21:26:00 830] SNMP M-SERVER TRACE ***
>>> handle_snmp_report -> deliver reply
>>>
>>> {error,{invalid_sec_info,[{sec_level,3,1},{request_id,37078226,
>>> 2147483647}],{noError,0,[{varbind,[1,3,6,1,6,3,15,1,1,2,0
>>> ],'Counter32',33,1}]}}}
>>>
>>> *** [2016:09:08 21:26:00 831]
>>>
>>> Where [1,3,6,1,6,3,15,1,1,2,0] maps to "usmStatsNotInTimeWindows" (from
>>> http://www.oid-info.com/)
>>>
>>> I have attached a wireshark trace for the snmp part of this exchange.
>>>
>>> I am invoking the snmpm module functions through a basic script as
>>> follows (using tips from the tutorial at
>>> https://erlangcentral.org/wiki/index.php?title=SNMP_Quick_Start )
>>> .........
>>> ..........
>>>
>>> ok = application:start(crypto),
>>> ok = application:start(snmp),
>>>
>>> Userid = "snmp3user",
>>> Agent_target = "testagent",
>>> Agent_engine_id = [128,0,0,8,2,0,0,26,84,40,108,176],
>>> Agent_ip = {xx,xxx,xxx,xxx},
>>> Agent_port = 161 ,
>>> Secure_name= Userid,
>>>
>>> Security_level = 'authPriv',
>>> Security_model = 'usm',
>>> Agent_version = 'v3',
>>> Auth_protocol = 'usmHMACSHAAuthProtocol',
>>> Priv_protocol = 'usmAesCfb128Protocol',
>>>
>>> % this is 16 in length
>>> Priv_key_local = snmp:passwd2localized_key(md5, Priv_key , Agent_engine_id),
>>>
>>> % this is 20 in length
>>> Auth_key_local = snmp:passwd2localized_key(sha, Auth_key , Agent_engine_id),
>>>
>>> ok = snmpm:register_user(Userid,snmpm_user_default,[]),
>>>
>>> ok = snmpm:register_usm_user(Agent_engine_id, Userid, [
>>> {auth, Auth_protocol},
>>> {auth_key,Auth_key_local},
>>> {priv, Priv_protocol},
>>> {priv_key,Priv_key_local },
>>> {sec_name, Secure_name}
>>> ]),
>>> ok = snmpm:register_agent(Userid, Agent_target ,[
>>> {engine_id,Agent_engine_id},
>>> {address, Agent_ip},
>>> {port, Agent_port},
>>> {version,Agent_version},
>>> {sec_model,Security_model},
>>> {sec_name,Secure_name},
>>> {sec_level, Security_level}
>>>
>>> ]),
>>> Res0 = snmpm:sync_get(Userid, Agent_target, [[1,3,6,1,4,1,9,10,19,1,1,9,1,3,7,2]]), ........................
>>>
>>> ........................
>>>
>>> Can anyone please tell me what I am doing wrong here ? Any tips would be appreciated !
>>>
>>> Thanks, Devangana
>>>
>>> _______________________________________________
>>> erlang-questions mailing listerlang-questions@REDACTED://erlang.org/mailman/listinfo/erlang-questions
>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160914/bb2b7b05/attachment.htm>
-------------- next part --------------
No. Time Source Destination Protocol Length Info
1 2016-09-12 11:17:20.591800 xx.xx.xx.xx xx.xx.xx.xx SNMP 106 get-request
Frame 1: 106 bytes on wire (848 bits), 106 bytes captured (848 bits)
Ethernet II, Src: Dell_5a:bb:91 (xxxxxxxxxx), Dst: Cisco_ea:e8:00 (xxxxxxxxxxxx)
Internet Protocol Version 4, Src: xx.xx.xx.xx (xx.xx.xx.xx), Dst: xx.xx.xx.xx (xx.xx.xx.xx)
User Datagram Protocol, Src Port: 56064 (56064), Dst Port: snmp (161)
Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 1249727467
msgMaxSize: 65507
msgFlags: 04
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: <MISSING>
msgAuthoritativeEngineBoots: 0
msgAuthoritativeEngineTime: 0
msgUserName:
msgAuthenticationParameters: <MISSING>
msgPrivacyParameters: <MISSING>
msgData: plaintext (0)
plaintext
contextEngineID: <MISSING>
contextName:
data: get-request (0)
get-request
request-id: 157902137
error-status: noError (0)
error-index: 0
variable-bindings: 0 items
No. Time Source Destination Protocol Length Info
2 2016-09-12 11:17:20.603244 xx.xx.xx.xx xx.xx.xx.xx SNMP 151 report 1.3.6.1.6.3.15.1.1.4.0
Frame 2: 151 bytes on wire (1208 bits), 151 bytes captured (1208 bits)
Ethernet II, Src: Cisco_ea:e8:00 (xxxxxxxxxxxx), Dst: Dell_5a:bb:91 (xxxxxxxxxx)
Internet Protocol Version 4, Src: xx.xx.xx.xx (xx.xx.xx.xx), Dst: xx.xx.xx.xx (xx.xx.xx.xx)
User Datagram Protocol, Src Port: snmp (161), Dst Port: 56064 (56064)
Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 1249727467
msgMaxSize: 1500
msgFlags: 00
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: xxxxxxxxxxxxxxxxxxxxx
msgAuthoritativeEngineBoots: 3
msgAuthoritativeEngineTime: 57959463
msgUserName:
msgAuthenticationParameters: <MISSING>
msgPrivacyParameters: <MISSING>
msgData: plaintext (0)
plaintext
contextEngineID: xxxxxxxxxxxxxxxxxxxxx
contextName:
data: report (8)
report
request-id: 157902137
error-status: noError (0)
error-index: 0
variable-bindings: 1 item
No. Time Source Destination Protocol Length Info
3 2016-09-12 11:17:20.603411 xx.xx.xx.xx xx.xx.xx.xx SNMP 186 get-request 1.3.6.1.4.1.9.10.19.1.1.9.1.3.7.2
Frame 3: 186 bytes on wire (1488 bits), 186 bytes captured (1488 bits)
Ethernet II, Src: Dell_5a:bb:91 (xxxxxxxxxx), Dst: Cisco_ea:e8:00 (xxxxxxxxxxxx)
Internet Protocol Version 4, Src: xx.xx.xx.xx (xx.xx.xx.xx), Dst: xx.xx.xx.xx (xx.xx.xx.xx)
User Datagram Protocol, Src Port: 56064 (56064), Dst Port: snmp (161)
Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 1249727466
msgMaxSize: 65507
msgFlags: 07
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: xxxxxxxxxxxxxxxxxxxxx
msgAuthoritativeEngineBoots: 3
msgAuthoritativeEngineTime: 57959463
msgUserName: snmp3user
msgAuthenticationParameters: 66066a5c8bb770ac44a8a6aa
[Authentication: OK]
[Expert Info (Chat/Checksum): SNMP Authentication OK]
[Message: SNMP Authentication OK]
[Severity level: Chat]
[Group: Checksum]
msgPrivacyParameters: 7659ce996f84ed61
msgData: encryptedPDU (1)
encryptedPDU: 2fd50fd5753850f7a6a098056cd9b062770b96b4a9658469...
Decrypted ScopedPDU: 3035040cxxxxxxxxxxxxxxxxxxxxx0400a02302040969...
contextEngineID: xxxxxxxxxxxxxxxxxxxxx
contextName:
data: get-request (0)
get-request
request-id: 157902136
error-status: noError (0)
error-index: 0
variable-bindings: 1 item
No. Time Source Destination Protocol Length Info
4 2016-09-12 11:17:20.614562 xx.xx.xx.xx xx.xx.xx.xx SNMP 186 get-response 1.3.6.1.4.1.9.10.19.1.1.9.1.3.7.2
Frame 4: 186 bytes on wire (1488 bits), 186 bytes captured (1488 bits)
Ethernet II, Src: Cisco_ea:e8:00 (xxxxxxxxxxxx), Dst: Dell_5a:bb:91 (xxxxxxxxxx)
Internet Protocol Version 4, Src: xx.xx.xx.xx (xx.xx.xx.xx), Dst: xx.xx.xx.xx (xx.xx.xx.xx)
User Datagram Protocol, Src Port: snmp (161), Dst Port: 56064 (56064)
Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 1249727466
msgMaxSize: 1500
msgFlags: 03
msgSecurityModel: USM (3)
msgAuthoritativeEngineID:xxxxxxxxxxxxxxxxxxxxx
msgAuthoritativeEngineBoots: 3
msgAuthoritativeEngineTime: 57959463
msgUserName: snmp3user
msgAuthenticationParameters: c9a294d040e72dc862a552d9
[Authentication: OK]
[Expert Info (Chat/Checksum): SNMP Authentication OK]
[Message: SNMP Authentication OK]
[Severity level: Chat]
[Group: Checksum]
msgPrivacyParameters: 03acf687bd16cbb9
msgData: encryptedPDU (1)
encryptedPDU: 7bf96b26eb9009354008da4fd46a6ab68323a757bb5bd009...
Decrypted ScopedPDU: 3036040cxxxxxxxxxxxxxxxxxxxxx0400a22402040969...
contextEngineID: xxxxxxxxxxxxxxxxxxxxx
contextName:
data: get-response (2)
get-response
request-id: 157902136
error-status: noError (0)
error-index: 0
variable-bindings: 1 item
-------------- next part --------------
No. Time Source Destination Protocol Length Info
1 2016-09-14 12:52:45.116572 xx.xx.xx.xx xx.xx.xx.xx SNMP 182 encryptedPDU: Decrypted data not formatted as expected
Frame 1: 182 bytes on wire (1456 bits), 182 bytes captured (1456 bits)
Ethernet II, Src: Dell_5a:bb:91 (xx.xx.xx.xx), Dst: Cisco_ea:e8:00 (xx.xx.xx.xx.xx)
Internet Protocol Version 4, Src: xx.xx.xx.xx (xx.xx.xx.xx), Dst: xx.xx.xx.xx (xx.xx.xx.xx)
User Datagram Protocol, Src Port: commplex-main (5000), Dst Port: snmp (161)
Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 991281567
msgMaxSize: 484
msgFlags: 07
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: xxxxxxxxxxxxxxxxxxxxxx
msgAuthoritativeEngineBoots: 0
msgAuthoritativeEngineTime: 0
msgUserName: snmp3user
msgAuthenticationParameters: c7f951adc5fdb07861e75897
[Authentication: OK]
[Expert Info (Chat/Checksum): SNMP Authentication OK]
[Message: SNMP Authentication OK]
[Severity level: Chat]
[Group: Checksum]
msgPrivacyParameters: 0000000000000001
msgData: encryptedPDU (1)
encryptedPDU: 8a3e7fc633c531d2747782a6fc8d89187c452929426e4b6e...
Decrypted data not formatted as expected, wrong key?
[Expert Info (Warn/Malformed): Decrypted data not formatted as expected]
[Message: Decrypted data not formatted as expected]
[Severity level: Warn]
[Group: Malformed]
No. Time Source Destination Protocol Length Info
2 2016-09-14 12:52:45.128530 xx.xx.xx.xx xx.xx.xx.xx SNMP 170 report 1.3.6.1.6.3.15.1.1.2.0
Frame 2: 170 bytes on wire (1360 bits), 170 bytes captured (1360 bits)
Ethernet II, Src: Cisco_ea:e8:00 (xx.xx.xx.xx.xx), Dst: Dell_5a:bb:91 (xx.xx.xx.xx)
Internet Protocol Version 4, Src: xx.xx.xx.xx (xx.xx.xx.xx), Dst: xx.xx.xx.xx (xx.xx.xx.xx)
User Datagram Protocol, Src Port: snmp (161), Dst Port: commplex-main (5000)
Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 991281567
msgMaxSize: 1500
msgFlags: 01
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: xxxxxxxxxxxxxxxxxxxxxx
msgAuthoritativeEngineBoots: 3
msgAuthoritativeEngineTime: 58137986
msgUserName: snmp3user
msgAuthenticationParameters: 8b04a985942e50bb852e12c2
[Authentication: OK]
[Expert Info (Chat/Checksum): SNMP Authentication OK]
[Message: SNMP Authentication OK]
[Severity level: Chat]
[Group: Checksum]
msgPrivacyParameters: <MISSING>
msgData: plaintext (0)
plaintext
No. Time Source Destination Protocol Length Info
3 2016-09-14 12:52:46.137742 xx.xx.xx.xx xx.xx.xx.xx SNMP 185 Source port: commplex-main Destination port: snmp[Malformed Packet]
Frame 3: 185 bytes on wire (1480 bits), 185 bytes captured (1480 bits)
Ethernet II, Src: Dell_5a:bb:91 (xx.xx.xx.xx), Dst: Cisco_ea:e8:00 (xx.xx.xx.xx.xx)
Internet Protocol Version 4, Src: xx.xx.xx.xx (xx.xx.xx.xx), Dst: xx.xx.xx.xx (xx.xx.xx.xx)
User Datagram Protocol, Src Port: commplex-main (5000), Dst Port: snmp (161)
Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 991281568
msgMaxSize: 484
msgFlags: 07
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: xxxxxxxxxxxxxxxxxxxxxx
msgAuthoritativeEngineBoots: 3
msgAuthoritativeEngineTime: 58137987
msgUserName: snmp3user
msgAuthenticationParameters: faf88ff2c55fead30027041c
msgPrivacyParameters: 0000000000000002
msgData: encryptedPDU (1)
encryptedPDU: 1cdd0c3bcd32afc23beacca094272afba52babb364bc2d65...
[Malformed Packet: SNMP]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Message: Malformed Packet (Exception occurred)]
[Severity level: Error]
[Group: Malformed]
More information about the erlang-questions
mailing list