nv-l
[Top] [All Lists]

Re: [nv-l] Authentication Failure Trap Argument interpretation

To: nv-l@lists.us.ibm.com
Subject: Re: [nv-l] Authentication Failure Trap Argument interpretation
From: James Shanks <jshanks@us.ibm.com>
Date: Wed, 22 Oct 2003 12:01:12 -0400
Delivery-date: Wed, 22 Oct 2003 17:09:54 +0100
Envelope-to: nv-l-archive@lists.skills-1st.co.uk
Reply-to: nv-l@lists.us.ibm.com
Sender: owner-nv-l-digest@lists.us.ibm.com

Well, if that's the trap hex, it just says "OCTET STRING"  (x04) and not "IP ADDRESS" (x40)
        04 04 a2 83 26 3d    
means "octet string of 4 bytes" with that data.  We would expect an IP Address to be
         40 04 a2 83 26 3d
                                       
I cannot answer why your other tools seem to know that this is meant as an IP Address.  That's not what it says.


James Shanks
Level 3 Support  for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group



"Treptow, Craig" <Treptow.Craig@principal.com>
Sent by: owner-nv-l-digest@lists.us.ibm.com

10/22/2003 11:47 AM
Please respond to nv-l

       
        To:        "NetView List (E-mail)" <nv-l@lists.us.ibm.com>
        cc:        
        Subject:        [nv-l] Authentication Failure Trap Argument interpretation



Hi.  We are running NV 7.1.3 on AIX.  Some of our Cisco switches (and possibly routers), are sending us Authentication Failure traps.  The problem is that Netview seems to be interpreting the second argument as an ASCII character string, rather than 4 hex values.  Therefore, in the trap that gets displayed in Netview and processed, the second argument shows up as some strange characters, rather than a IP address.  For what it's worth, Sniffer and Ethereal also interpret it this way.  However, in the reading I've done, I don't see that Cisco is doing anything wrong when they format this trap.  Perhaps I've missed something.  Any help is appreciated.

Here is an example:

User Datagram Protocol, Src Port: 49608 (49608), Dst Port: snmptrap (162)
   Source port: 49608 (49608)
   Destination port: snmptrap (162)
   Length: 96
   Checksum: 0xd4b0 (correct)
Simple Network Management Protocol
   Version: 1 (0)
   Community: public
   PDU type: TRAP-V1 (4)
   Enterprise: 1.3.6.1.4.1.9.5.51 (iso.3.6.1.4.1.9.5.51)
   Agent address: risgrandisland1ne-sw5.net.principal.com (172.25.117.133)
   Trap type: AUTHENTICATION FAILED (4)
   Specific trap type: 0
   Timestamp: 34124361
   Object identifier 1: 1.3.6.1.4.1.9.9.131.1.5.2.0 (iso.3.6.1.4.1.9.9.131.1.5.2.0)
   Value: INTEGER: 1
   Object identifier 2: 1.3.6.1.4.1.9.9.131.1.5.3.0 (iso.3.6.1.4.1.9.9.131.1.5.3.0)
   Value: STRING: "¢f&="

0000  00 06 29 6c c3 1a 00 05 5e 45 4b 02 08 00 45 00   ..)l....^EK...E.
0010  00 74 4d 66 00 00 19 11 69 b4 ac 19 75 85 a2 83   .tMf....i...u...
0020  26 3d c1 c8 00 a2 00 60 d4 b0 30 56 02 01 00 04   &=.....`..0V....
0030  06 70 75 62 6c 69 63 a4 49 06 08 2b 06 01 04 01   .public.I..+....
0040  09 05 33 40 04 ac 19 75 85 02 01 04 02 01 00 43   ..3@...u.......C
0050  04 02 08 b2 49 30 2b 30 12 06 0d 2b 06 01 04 01   ....I0+0...+....
0060  09 09 81 03 01 05 02 00 02 01 01 30 15 06 0d 2b   ...........0...+
0070  06 01 04 01 09 09 81 03 01 05 03 00 04 04 a2 83   ................
0080  26 3d                                             &=


Thanks,

Craig




<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web