nv-l
[Top] [All Lists]

RE: [nv-l] V2 trap - sysUptime encoding

To: "nv-l" <nv-l@lists.tivoli.com>
Subject: RE: [nv-l] V2 trap - sysUptime encoding
From: "Treptow, Craig" <Treptow.Craig@principal.com>
Date: Thu, 6 Mar 2003 15:49:17 -0600
Cc: "Allison, Jason (JALLISON)" <JALLISON@arinc.com>
Delivered-to: mailing list nv-l@lists.tivoli.com
Delivery-date: Thu, 06 Mar 2003 22:00:11 +0000
Envelope-to: nv-l-archive@lists.skills-1st.co.uk
List-help: <mailto:nv-l-help@lists.tivoli.com>
List-post: <mailto:nv-l@lists.tivoli.com>
List-subscribe: <mailto:nv-l-subscribe@lists.tivoli.com>
List-unsubscribe: <mailto:nv-l-unsubscribe@lists.tivoli.com>
Mailing-list: contact nv-l-help@lists.tivoli.com; run by ezmlm
Thread-index: AcLkJ72ViggtW7pIRAGvi+UQvqJBQAAAST4Q
Thread-topic: [nv-l] V2 trap - sysUptime encoding
Nothing I post is available outside, of our network, so I'm not too concerned, 
but thanks for the concern on your end. :)

My problem is this:

Cisco routers send traps to Netview.  Sometimes Netview flags them as bad and I 
find this in the trapd.log:

1046986679 7  Thu Mar 06 15:37:59 2003 <none> T WARNING: invalid SNMPTrap 
packet from agent 172.26.254.204 source A pid -1

We've correlated these with sniffer captures and when Netview complains about a 
trap, we find that where a timeticks (0x43) value should be, we find 0x02.  
Ethereal complains that it didn't find a timeticks value where it expected one 
to be.  Netview complains as above, which I'm theorizing is because the device 
didn't build the trap correctly.

So I'm on board with James at this point: Cisco needs to tell us whats wrong.

Did this help?

-----Original Message-----
From: Allison, Jason (JALLISON) [mailto:JALLISON@arinc.com]
Sent: Thursday, March 06, 2003 2:55 PM
To: 'nv-l'
Subject: RE: [nv-l] V2 trap - sysUptime encoding


Hopefully the domain in this email is not an internet one as well as your
community string is different.

"We are theorizing that 0x43 = timeticks and 0x02 = Signed 32-bit integer."

OVsnmpAsn1.h contains the "definitions" for Netview.

#define ASN_INTEGER         (0x02)
#define ASN_TIMETICKS       (0x43)

I dont quite understand your problem though?  The output in the email looks
like a valid v2c data set which contains the value for timeticks.  The BER
encoding of a v2c sequence is different then a v1 sequence.

I guess I dont understand your problem?  Can you supply a decode of the
devices supplying the incorrect values?  This is not -uncommon-, but needs
to be handled.

Jason Allison
Principal Engineer
ARINC Incorporated
Office:  (410) 266-2006
FAX:  (410) 573-3026


-----Original Message-----
From: Treptow, Craig [mailto:Treptow.Craig@principal.com]
Sent: Thursday, March 06, 2003 2:45 PM
To: NetView List (E-mail)
Subject: [nv-l] V2 trap - sysUptime encoding


This isn't really specific to Netview, but I'm struggling to find the
information and hope that some kind soul out there can help me out.

Here is an snmpget output with the -d flag:

received 48 bytes from 162.131.0.25 at square2.net.principal.com:
     0:  30 2e 02 01 00 04 08 64 6f 6e 74 77 61 6e 74 a2
0......dontwant.
    16:  1f 02 02 46 85 02 01 00 02 01 00 30 13 30 11 06
...F.......0.0..
    32:  08 2b 06 01 02 01 01 03 00 43 05 00 84 32 23 6d
.+.......C...2#m

     0:  SEQUENCE (0x30): 46 bytes
     2:    INTEGER VERSION (0x2) 1 bytes: 0
     5:    OCTET STRING COMMUNITY (0x4) 8 bytes: "dontwant"
    15:    GETRESPONSE-PDU (0xa2): 31 bytes
    17:      INTEGER REQUEST-ID (0x2) 2 bytes: 18053
    21:      INTEGER ERROR-STATUS (0x2) 1 bytes: noError(0)
    24:      INTEGER ERROR-INDEX (0x2) 1 bytes: 0
    27:      SEQUENCE (0x30): 19 bytes
    29:        SEQUENCE (0x30): 17 bytes
    31:          OBJECT ID (0x6) 8 bytes: .1.3.6.1.2.1.1.3.0
    41:          TIMETICKS (0x43) 5 bytes: 2217878381


system.sysUpTime.0 : Timeticks: (2217878381) 256 days, 16:46:23.81

0x43 seems to indicate it is timeticks and it will be 5 bytes long.  We are
having a problem with some devices that are sending v2c traps.  They put
0x02 at that location, and ethereal says it wasn't a timeticks value that it
was expecting.  We are theorizing that 0x43 = timeticks and 0x02 = Signed
32-bit integer.  

We'd like to know which RFC these encodings are defined in, so we can find
out what that value means and if the vendor is doing something wrong, of if
Netview is interpreting a valid trap incorrectly.  I have been scouring
RFC's, but can't seem to find this detail defined anywhere.

Any help is greatly appreciated.

Thanks!


Craig

A dozen, a gross, and a score,
Plus three times the square root of four,
Divided by seven,
Plus five times eleven,
Equals nine squared plus zero, no more.


---------------------------------------------------------------------
To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
For additional commands, e-mail: nv-l-help@lists.tivoli.com

*NOTE*
This is not an Offical Tivoli Support forum. If you need immediate
assistance from Tivoli please call the IBM Tivoli Software Group
help line at 1-800-TIVOLI8(848-6548)

---------------------------------------------------------------------
To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
For additional commands, e-mail: nv-l-help@lists.tivoli.com

*NOTE*
This is not an Offical Tivoli Support forum. If you need immediate
assistance from Tivoli please call the IBM Tivoli Software Group
help line at 1-800-TIVOLI8(848-6548)


---------------------------------------------------------------------
To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
For additional commands, e-mail: nv-l-help@lists.tivoli.com

*NOTE*
This is not an Offical Tivoli Support forum. If you need immediate
assistance from Tivoli please call the IBM Tivoli Software Group
help line at 1-800-TIVOLI8(848-6548)


<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web