Re: [tkined] How to get the engineID?

From: Juergen Schoenwaelder (schoenw@ibr.cs.tu-bs.de)
Date: Thu Apr 06 2000 - 17:57:31 MET DST

Next message: John Stumbles: "Re: [tkined] Loading HP MIBs (was Re: 3Com SSII 1100/3300/3300XM utility"
Previous message: Sanapoori, Hari: "RE: [tkined] How to get the engineID?"
In reply to: Sanapoori, Hari: "RE: [tkined] How to get the engineID?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>>>> Sanapoori, Hari writes:

Hari> When I enabled the watch on snmp, I got the following output
Hari> when I tried to send a request to SNMPv3 Agent I have. It seems
Hari> there is some mismatch. But I don't understand clearly about the
Hari> tag 0x82 that is returning from my SNMPv3 agent. But scotty
Hari> says, it is expecting 0x30. What is the tag?

It is the BER tag. Scotty obviously can't decode this response packet
and discards it. I manually decoded the packet:

30 82006C

02 01 03
30 82000E len = 14

    02 02 543B 4
    02 02 0800 4
    04 01 00 3
    02 01 03 3

04 20 len = 32

30 82001B len = 27

      04 0C 800001460000000000000000 14
      02 01 04 3
      02 02 0709 4
      04 00 2
      04 00 2
      04 00 2

  30 820032
     ^^
  invalid tag 0x82 at byte 60 (expected 0x30)

04 0C 800001460000000000000000
04 00

A8 20

     02 01 00
     02 01 00
     02 01 00

     30 820013

30 82000F

06 0A 2B060106030F01010300
41 01 09

After starring at it for some while, I found the error in your packet.
The length of the msgSecurityParameters OCTET STRING is 32. So the
next byte after the msgSecurityParameters is 0x82. The length of the
sequence in the msgSecurityParameters is 27, which is correct.
However, 27 + 4 bytes to encode the sequence tag and the length is 31
bytes and not 32 bytes. So scotty is right to throw this packet away.

(I suggest to get an updated tcpdump from http://www.tcpdump.org/
which includes patches to decode SNMPv3 packets. If tcpdump does not
happily decode your packets, then they are likely wrong (unless there
is a bug in my tcpdump SNMPv3 decoder implementation. ;-))

/js

-- Juergen Schoenwaelder Technical University Braunschweig <schoenw@ibr.cs.tu-bs.de> Dept. Operating Systems & Computer Networks Phone: +49 531 391 3289 Bueltenweg 74/75, 38106 Braunschweig, Germany Fax: +49 531 391 5936 <URL:http://www.ibr.cs.tu-bs.de/~schoenw/>

-- !! This message is brought to you via the `tkined & scotty' mailing list. !! Please do not reply to this message to unsubscribe. To subscribe or !! unsubscribe, send a mail message to <tkined-request@ibr.cs.tu-bs.de>. !! See http://wwwsnmp.cs.utwente.nl/~schoenw/scotty/ for more information.

Next message: John Stumbles: "Re: [tkined] Loading HP MIBs (was Re: 3Com SSII 1100/3300/3300XM utility"
Previous message: Sanapoori, Hari: "RE: [tkined] How to get the engineID?"
In reply to: Sanapoori, Hari: "RE: [tkined] How to get the engineID?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Jan 08 2001 - 15:27:40 MET