0

I'm try developing snmp trap version 3 with MD5Authentication and AES Privacy provider. The agent I build it in Visual Studio 2019, I'm try sharpsnmp and snmpsharpnet library.The trap receiver I'm using snmpB. But both I'm only received "Message not in TimeWindow! USMTimeTable: Check time failed, not authoritative (id)" error. There is no problem when send SNMPV3 Inform, SNMPV1 and SNMPV2 trap. However when send using net-snmp command, snmpv3 trap is received. The source code I'm using with sharpsnmp is the snmpsendtrap sample; snmpsendtrap sharpsnmp . Is it because not specify engine ID in snmpB but why net-snmp able to trap, if do how to configure engineID.

The successful trap I'm use for net-snmp: snmptrap -v 3 -e 80000000035C80B6A55D61 -u username -a MD5 -A 00806000806000806000806000806000 -x AES -X 00806000806000806000806000806000 localhost '' 1.3.6.1.2.1.1.1.0 .1.3.6.1.2.1.2.2.1.0 x 0x6669727374

My sharpsnmp code part:

DiscoverAsync().Wait();
        try
        {
            if (AESPrivacyProvider.IsSupported)
            {
                var trap = new TrapV2Message(
                    VersionCode.V3,
                    528732060,
                    1905687779,
                    new OctetString("username"),
                    new ObjectIdentifier("1.3.6"),
                    0,
                    new List<Variable>(),
                    new AESPrivacyProvider(
                        new OctetString(ByteTool.Convert("00806000806000806000806000806000")),
                        new MD5AuthenticationProvider(new OctetString("00806000806000806000806000806000"))),
                    0x10000,
                    new OctetString(ByteTool.Convert("80001F8880E9630000D61FF449")),
                    0,
                    0);
                trap.Send(new IPEndPoint(IPAddress.Parse("127.0.0.1"), 162));

            }
            else
            {
                Console.WriteLine("aes not supported");
            }
nurul
  • 13
  • 6
  • You have to read snmpB's documentation to see how it works against TRAP v3. More hints can be found in http://www.net-snmp.org/tutorial/tutorial-5/commands/snmptrap-v3.html which emphasized that TRAP v3 works completely differently from INFORM v3. – Lex Li Apr 22 '21 at 06:53
  • @LexLi Thanks for the feedback. But if it is snmpB configuration's fault why I'm able to receive the trap if send the trap via net-snmp but not with sharpsnmplib. – nurul Apr 22 '21 at 07:18
  • Turn off privacy, and then you can capture and analyze the packets to compare. – Lex Li Apr 22 '21 at 14:04
  • @nurul a not in time window error means that your machines are not in agreement about the authoritative snmpEngineTime and snmpEngineBoots, which are part of the security parameters of a SNMPv3 packet. I'm not familiar with this library, so I can't give exact advice, but that might give you somewhere to start – TallChuck May 13 '21 at 22:44

0 Answers0