SNMPv3 tcpdump output showing random characters

[acwong]

Running a SNMPv3 tcpdump on my the Nagiosxi server. When sending a trap from an agent, I get unexpected random output. This only happens for SNMPv3 Auth/Priv settings. When I do a SNMPv3 Auth/NoPriv, and NoAuth/NoPriv I receive readable output, like OID's and names. Below is the output of the snmptrapd.conf file output, and a trap sent to the manager running tcpdump with Auth/Priv settings. Notice the garbage characters from the tcpdump output below.

snmptrapd.conf file setting:

Code: Select all

[root@testnagios ~]# vi /etc/snmp/snmptrapd.conf
createUser -e 80009e22055062f7d8734588d0572d92 andy MD5 @abcd123 DES @abcd123
authUser log andy

SNMPv3 MD5/DES test trap sent to nagiosxi:

Code: Select all

t[root@testnagios ~]# tcpdump -i ens192 port 162
14:15:03.542990 IP kodama-1.dev.purestorage.com.42150 > testnagios.dev.purestorage.com.snmptrap:  F=ap U="andy" [!scoped PDU]e5_cd_7a_21_81_c2_d4_4b_9d_cd_a4_c1_7d_66_47_9e_05_5f_5d_3c_2b_b1_65_18_a0_41_6e_3e_b5_ac_fd_ea_ed_7a_4c_41_ab_20_16_2d_75_32_94_40_7f_d0_88_9b_e6_61_3c_b3_2b_ac_b2_3a_da_76_55_b7_42_a2_98_32_1e_11_04_1a_39_14_64_db_57_f2_96_64_71_b8_6a_60_3c_14_e1_92_48_a8_8c_18_f8_b7_34_36_49_e1_a8_db_0d_d7_e8_04_9c_75_aa_7c_e2_8c_22_42_40_25_68_51_2e_72_43_bc_53_80_a0_7e_d2_2b_39_26_c1_c9_c6_3d_64_b8_a3_bf_0d_c3_ca_b5_1b_13_9f_b6_5b_bd_9d_72_f9_f4_23_2f_37_16_e8_51_80_08_6c_65_ee_9d_17_ee_ee_28_bb_6f_5a_42_d2_f0_70_29_9e_a7_10_2f_ec_e8_cd_ba_9f_a0_82_80_af_8a_93_ba_b9_36_32_df_59_b6_bd_50_b8_4c_84_7f_32_d1_22_b0_38_6f_d4_40_33_0d_e2_1d_98_1a_a6_02_37_e1_4a_4b_c3_cf_bc_31_e9_55_f6_aa_ed_f7_ff_c2_5a_72_41_9f_f4_5e_f3_c3_ba_ab_4a_c6_a1_b8_d1_8d_b8_5a_4a_9c_2c_56_1d_f4_85_00_ea_5c_a1_25_86_c6_23_f8_8d_b2_cc_71_ec_4f_b4_70_1f_c9_24_be_58_70_8c_2e

[scottwilkerson]

If you set "AuthPriv" messages are authenticated and encrypted, so they aren't going to output in plain text with a tcpdump

Priv - stands for Privacy

[acwong]

thank you Scott

[scottwilkerson]

thank you Scott

Glad to assist

Locking thread