Snmpget with v3 AuthPriv unresponsive on Vendor's Device
eddycheong opened this issue ยท 6 comments
Hello Lex,
We're hoping you could help us with a snmpget issue, where we are experiencing a vendor's device being unresponsive when using SNMPv3 AuthPriv with the Lextm.SharpSnmpLib library. We are using .NET 7, 12.5.1 of Lextm.SharpSnmpLib and ran on Windows 10.
For background, we've asked the vendor to perform a snmpget with a client tool that we wrote to wrap the Lextm.SharpSnmpLib library to aid us in debugging this issue. When using the tool, the vendor tried snmpget with v3 using SHA1 as the authentication algorithm and tried both AES-128 and AES-256 as the privacy algorithm, but unfortunately with no response from the device.
The vendor mentioned that they also tried performing a snmpget with Net-Snmp, using the same v3 arguments with a successful response from their device.
We've asked the vendor if they could perform a trace on both approaches to see what was the difference. They've concluded that in the get-request of the message data for the traces, the Lextm.SharpSnmpLib library appears to be appending a 01 byte at the end, while the Net-Snmp snmpget tool does not.
Client Wrapper Tool of Lextm.SharpSnmpLib
Net-SNMP
We're unsure if the 01 byte at the end is expected for the get-request of the message data or if the vendor's device is improperly handling an expected scenario.
We would really appreciate your expertise on this issue.
Thank you.
Edited: Correction - the 01 byte was added at the end of the get-request of the message data, not the authentication parameters
Since the last posting, we've collected more data with Lextm.SharpSnmpLib and other tools to verify if the end bytes would be the same or different.
When referring to the end bytes, we're referring to the bytes in the red box of the screenshot below:
For what tools we used, we used NET-SNMP and pysnmp-lexstudio/snmpclitools-lextudio.
Here are the results:
| Library/Tool | AES128 | DES |
|---|---|---|
| NET-Snmp | 05 00 | 05 00 01 |
| pysnmp-lexstudio | 05 00 | 05 00 00 |
| Lextm.SharpSnmpLib | 05 00 01 | 05 00 01 |
Upon request, we can provide the rest of the wireshark screenshots of the results.
Apologizes, I meant to comment instead of closing with comment.
Hello @lextm,
I noticed you've added the tag for more info needed, but I am not clear of what information you need at this time.
If you provide me with what you need, I'll do my best to provide you with that information.
Thank you.
Hello @lextm,
Could you let us know what information that you need? We could then try to gather that data for you.
Thank you.
Is there an update on this issue? I am seeing the same issue with my product. I can communicate to my device with the python library, but when I use the C# library, it fails.
Initial analysis indicates that this is a compatibility issue around AES paddings, so it impacts on certain devices that dislike extra paddings.
We expect to ship a new release in the coming weeks once we restore our CI/CD system back to normal.