0

I use snmpwalk 5.9.3 on Kali, and try to send SNMPv3 requests, but the settings I put with my command lines are not used to populate the sent request.

For instance, when I try: snmpwalk -v 3 -l authPriv -u my_user -a SHA-256 -A auth_password -x AES-256 -X priv_password 192.168.0.1 and look at the sent requests in Wireshark, I can see that the user name, the authentication parameters and privacy parameters are missing.

Wireshark trace:

wireshark trace

Why are my settings not used in the sent request?

I tried sending SNMP requests with v 1 et 2c and set a community, which worked as expected, so my issue is only when I use v 3.

Jackdaw
  • 1,834
truklimb
  • 1

1 Answers1

0

In Wireshark, go to Edit -> Preferences -> Protocols -> SNMP and click on Users Table: Edit. Then fill in your SNMPv3 authentication information, and check your network trace again.

Apparently the SNMPv3 authentication fields are hashes, so if you don't know what should be in there, you cannot get any useful information out of them (at least not trivially). So Wireshark won't even try to analyze them, indicating <MISSING> for any authentication-related fields instead.

Also, the SNMPv3 Engine ID is necessary for the authentication hashes, and the client won't initially know the agent's current Engine ID. So the first query will be an unauthenticated one, apparently querying for... nothing (zero OIDs).

The SNMPv3 agent will respond with a report on OID .1.3.6.1.6.3.15.1.1.4.0 (= number of packets dropped because queries referenced an unknown Engine ID). This is apparently just to provide the Engine ID to the requestor, so the real authentication can happen. Any queries after the first one should have the authentication fields appropriately filled in.

telcoM
  • 5,167