SNMP Comments Part II

Earlier today I described how to modify the sysLocation MIB entry using SNMP v1 or v2c.

I can do so with SNMP v3 too.

Here is the syntax, followed by packet captures. I disabled encryption so we could read the protocol.

orr:/home/richard$ snmpset -v 3 -u richard -l authNoPriv -a MD5 -A bejtlichpass
127.0.0.1 sysLocation.0 s Manassas
SNMPv2-MIB::sysLocation.0 = STRING: Manassas

Here is the SNMP v3 set.

Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 1062947135
msgMaxSize: 65507
msgFlags: 05
.... .1.. = Reportable: Set
.... ..0. = Encrypted: Not set
.... ...1 = Authenticated: Set
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: 80001F88800F7E06630CC1F644
1... .... = Engine ID Conformance: RFC3411 (SNMPv3)
Engine Enterprise ID: net-snmp (8072)
Engine ID Format: Reserved/Enterprise-specific (128): Net-SNMP Random
Engine ID Data: 0F7E0663
Engine ID Data: Creation Time: Aug 31, 2006 06:59:24
msgAuthoritativeEngineBoots: 30
msgAuthoritativeEngineTime: 284
msgUserName: richard
msgAuthenticationParameters: EC4230B1E10C6F5B9A35AFD2
msgData: plaintext (0)
plaintext
contextEngineID: 80001F88800F7E06630CC1F644
data: set-request (3)
set-request
request-id: 745008373
error-status: noError (0)
error-index: 0
variable-bindings: 1 item
Item
name: 1.3.6.1.2.1.1.6.0 (SNMPv2-MIB::sysLocation.0)
valueType: value (0)
value: simple (4294967295)
simple: string-value (1)
Value: STRING: Manassas

0000 02 00 00 00 45 00 00 a1 ab e5 00 00 40 11 d0 64 ....E.......@..d
0010 7f 00 00 01 7f 00 00 01 c5 64 00 a1 00 8d d7 5b .........d.....[
0020 30 81 82 02 01 03 30 11 02 04 3f 5b 49 3f 02 03 0.....0...?[I?..
0030 00 ff e3 04 01 05 02 01 03 04 31 30 2f 04 0d 80 ..........10/...
0040 00 1f 88 80 0f 7e 06 63 0c c1 f6 44 02 01 1e 02 .....~.c...D....
0050 02 01 1c 04 07 72 69 63 68 61 72 64 04 0c ec 42 .....richard...B
0060 30 b1 e1 0c 6f 5b 9a 35 af d2 04 00 30 37 04 0d 0...o[.5....07..
0070 80 00 1f 88 80 0f 7e 06 63 0c c1 f6 44 04 00 a3 ......~.c...D...
0080 24 02 04 2c 67 ec f5 02 01 00 02 01 00 30 16 30 $..,g........0.0
0090 14 06 08 2b 06 01 02 01 01 06 00 04 08 4d 61 6e ...+.........Man
00a0 61 73 73 61 73 assas

Here is the SNMP v3 response.

Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 1062947135
msgMaxSize: 65507
msgFlags: 01
.... .0.. = Reportable: Not set
.... ..0. = Encrypted: Not set
.... ...1 = Authenticated: Set
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: 80001F88800F7E06630CC1F644
1... .... = Engine ID Conformance: RFC3411 (SNMPv3)
Engine Enterprise ID: net-snmp (8072)
Engine ID Format: Reserved/Enterprise-specific (128): Net-SNMP Random
Engine ID Data: 0F7E0663
Engine ID Data: Creation Time: Aug 31, 2006 06:59:24
msgAuthoritativeEngineBoots: 30
msgAuthoritativeEngineTime: 284
msgUserName: richard
msgAuthenticationParameters: AFBDAC044A463B08DB5C5A2F
msgData: plaintext (0)
plaintext
contextEngineID: 80001F88800F7E06630CC1F644
data: get-response (2)
get-response
request-id: 745008373
error-status: noError (0)
error-index: 0
variable-bindings: 1 item
Item
name: 1.3.6.1.2.1.1.6.0 (SNMPv2-MIB::sysLocation.0)
valueType: value (0)
value: simple (4294967295)
simple: string-value (1)
Value: STRING: Manassas

0000 02 00 00 00 45 00 00 a1 ab e6 00 00 40 11 d0 63 ....E.......@..c
0010 7f 00 00 01 7f 00 00 01 00 a1 c5 64 00 8d 78 28 ...........d..x(
0020 30 81 82 02 01 03 30 11 02 04 3f 5b 49 3f 02 03 0.....0...?[I?..
0030 00 ff e3 04 01 01 02 01 03 04 31 30 2f 04 0d 80 ..........10/...
0040 00 1f 88 80 0f 7e 06 63 0c c1 f6 44 02 01 1e 02 .....~.c...D....
0050 02 01 1c 04 07 72 69 63 68 61 72 64 04 0c af bd .....richard....
0060 ac 04 4a 46 3b 08 db 5c 5a 2f 04 00 30 37 04 0d ..JF;..\Z/..07..
0070 80 00 1f 88 80 0f 7e 06 63 0c c1 f6 44 04 00 a2 ......~.c...D...
0080 24 02 04 2c 67 ec f5 02 01 00 02 01 00 30 16 30 $..,g........0.0
0090 14 06 08 2b 06 01 02 01 01 06 00 04 08 4d 61 6e ...+.........Man
00a0 61 73 73 61 73 assas

Comments

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics