Ask Your Question
0

Is there a way to decrypt an SNMPv3 capture if only Authentication is used, but no Privacy? (AUTH-NOPRIV mode))

asked 2023-03-23 09:51:50 +0000

kalintri gravatar image

I am trying to decrypt an SNMPv3 capture with authentication but no privacy. The customer environment is set up like that. Wireshark does not seem to have the option to not select anything in the Privacy protocol and password fields.

Is there a way to go around that?

Thanks! Kalin

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2023-03-23 14:52:47 +0000

Chuckc gravatar image

updated 2023-03-23 14:59:34 +0000

There is a sample capture at SNMP version 3 – Wireshark (pcap) Capture
(Same capture on the Wireshark wiki with user credentials.)
(Wireshark version - Version 4.0.4 (v4.0.4-0-gea14d468d9ca))

Frame 21: 197 bytes on wire (1576 bits), 197 bytes captured (1576 bits) on interface unknown, id 0
...
Simple Network Management Protocol
    msgVersion: snmpv3 (3)
    msgGlobalData
        msgID: 10378522
        msgMaxSize: 65507
        msgFlags: 05
            .... .1.. = Reportable: Set
            .... ..0. = Encrypted: Not set
            .... ...1 = Authenticated: Set
        msgSecurityModel: USM (3)
    msgAuthoritativeEngineID: 80001f888059dc486145a26322
    msgAuthoritativeEngineBoots: 8
    msgAuthoritativeEngineTime: 2745
    msgUserName: pippo
    msgAuthenticationParameters: eb092e1f0fe5e69ed1c6f41e
        [Authentication: OK]
    msgPrivacyParameters: <MISSING>
    msgData: plaintext (0)
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2023-03-23 09:51:50 +0000

Seen: 717 times

Last updated: Mar 23 '23