 | 1 | initial version |
Hi I have configured a working SNMPv3 connection. So I know the encryption settings and I have already done several other decryptions with Wireshark before. But in this case I always get "Decrypted data not formatted as expected, wrong key?". As mentioned I have configured this SNMPv3 connection by myself and know the parameters I have configured very well and the connection is working with this parameters. Is there an issue in Wireshark with decryption of SHA1 and AES256 PDUs?
BR,
Michael
Hi I have configured a working SNMPv3 connection. So I know the encryption settings and I have already done several other decryptions with Wireshark before. But in this case I always get "Decrypted data not formatted as expected, wrong key?". As mentioned I have configured this SNMPv3 connection by myself and know the parameters I have configured very well and the connection is working with this parameters. Is there an issue in Wireshark with decryption of SHA1 and AES256 PDUs?
Example output with tshark in Linux (but GUI looks the same):
tshark -r /tmp/test.pcap -o 'uat:snmp_users:"","snmpnbuser","SHA1","Arthur_123","AES256","Arthur_123"' | more Running as user "root" and group "root". This could be dangerous. 1 0.000000 10.89.253.16 → 10.225.1.204 SNMP 830 encryptedPDU: Decrypted data not formatted as expected 2 0.000105 10.89.253.16 → 10.225.1.204 SNMP 830 16604 → 162 Len=788 3 0.000157 10.89.253.16 → 10.225.1.204 SNMP 831 16604 → 162 Len=789 4 0.000203 10.89.253.16 → 10.225.1.204 SNMP 831 encryptedPDU: Decrypted data not formatted as expected 5 0.000246 10.89.253.16 → 10.225.1.204 SNMP 831 encryptedPDU: Decrypted data not formatted as expected 6 0.000289 10.89.253.16 → 10.225.1.204 SNMP 831 encryptedPDU: Decrypted data not formatted as expected 7 1.051979 10.89.253.16 → 10.225.1.204 SNMP 827 encryptedPDU: Decrypted data not formatted as expected 8 1.052081 10.89.253.16 → 10.225.1.204 SNMP 827 encryptedPDU: Decrypted data not formatted as expected 9 1.052126 10.89.253.16 → 10.225.1.204 SNMP 675 encryptedPDU: Decrypted data not formatted as expected 10 1.052174 10.89.253.16 → 10.225.1.204 SNMP 717 16604 → 162 Len=675 11 1.052214 10.89.253.16 → 10.225.1.204 SNMP 695 encryptedPDU: Decrypted data not formatted as expected 12 8.062186 10.89.253.16 → 10.225.1.204 SNMP 830 encryptedPDU: Decrypted data not formatted as expected
BR,
Michael
Hi I have configured a working SNMPv3 connection. So I know the encryption settings and I have already done several other decryptions with Wireshark before. But in this case I always get "Decrypted data not formatted as expected, wrong key?". As mentioned I have configured this SNMPv3 connection by myself and know the parameters I have configured very well and the connection is working with this parameters. Is there an issue in Wireshark with decryption of SHA1 and AES256 PDUs?
Example output with tshark in Linux (but GUI looks the same):
BR,
Michael
Hi
Hi
Wireshark Version 4.2.5 (v4.2.5-0-g4aa814ac25a1)
I have configured a working SNMPv3 connection. So I know the encryption settings and I have already done several other decryptions with Wireshark before. But in this case I always get "Decrypted data not formatted as expected, wrong key?". As mentioned I have configured this SNMPv3 connection by myself and know the parameters I have configured very well and the connection is working with this parameters. Is there an issue in Wireshark with decryption of SHA1 and AES256 PDUs?
Example output with tshark in Linux (but GUI looks the same):
tshark -r /tmp/test.pcap -o 'uat:snmp_users:"","snmpnbuser","SHA1","Arthur_123","AES256","Arthur_123"' | more
Running as user "root" and group "root". This could be dangerous.
1 0.000000 10.89.253.16 → 10.225.1.204 SNMP 830 encryptedPDU: Decrypted data not formatted as expected
2 0.000105 10.89.253.16 → 10.225.1.204 SNMP 830 16604 → 162 Len=788
3 0.000157 10.89.253.16 → 10.225.1.204 SNMP 831 16604 → 162 Len=789
4 0.000203 10.89.253.16 → 10.225.1.204 SNMP 831 encryptedPDU: Decrypted data not formatted as expected
5 0.000246 10.89.253.16 → 10.225.1.204 SNMP 831 encryptedPDU: Decrypted data not formatted as expected
6 0.000289 10.89.253.16 → 10.225.1.204 SNMP 831 encryptedPDU: Decrypted data not formatted as expected
7 1.051979 10.89.253.16 → 10.225.1.204 SNMP 827 encryptedPDU: Decrypted data not formatted as expected
8 1.052081 10.89.253.16 → 10.225.1.204 SNMP 827 encryptedPDU: Decrypted data not formatted as expected
9 1.052126 10.89.253.16 → 10.225.1.204 SNMP 675 encryptedPDU: Decrypted data not formatted as expected
10 1.052174 10.89.253.16 → 10.225.1.204 SNMP 717 16604 → 162 Len=675
11 1.052214 10.89.253.16 → 10.225.1.204 SNMP 695 encryptedPDU: Decrypted data not formatted as expected
12 8.062186 10.89.253.16 → 10.225.1.204 SNMP 830 encryptedPDU: Decrypted data not formatted as expected
BR,
Michael
Hi
Wireshark Version 4.2.5 (v4.2.5-0-g4aa814ac25a1)
I have configured a working SNMPv3 connection. So I know the encryption settings and I have already done several other decryptions with Wireshark before. But in this case I always get "Decrypted data not formatted as expected, wrong key?". As mentioned I have configured this SNMPv3 connection by myself and know the parameters I have configured very well and the connection is working with this parameters. Is there an issue in Wireshark with decryption of SHA1 and AES256 PDUs?
Example output with tshark in Linux (but GUI looks the same):
tshark -r /tmp/test.pcap -o 'uat:snmp_users:"","snmpnbuser","SHA1","Arthur_123","AES256","Arthur_123"' | more
Running as user "root" and group "root". This could be dangerous.
1 0.000000 10.89.253.16 → 10.225.1.204 SNMP 830 encryptedPDU: Decrypted data not formatted as expected
2 0.000105 10.89.253.16 → 10.225.1.204 SNMP 830 16604 → 162 Len=788
3 0.000157 10.89.253.16 → 10.225.1.204 SNMP 831 16604 → 162 Len=789
4 0.000203 10.89.253.16 → 10.225.1.204 SNMP 831 encryptedPDU: Decrypted data not formatted as expected
5 0.000246 10.89.253.16 → 10.225.1.204 SNMP 831 encryptedPDU: Decrypted data not formatted as expected
6 0.000289 10.89.253.16 → 10.225.1.204 SNMP 831 encryptedPDU: Decrypted data not formatted as expected
7 1.051979 10.89.253.16 → 10.225.1.204 SNMP 827 encryptedPDU: Decrypted data not formatted as expected
8 1.052081 10.89.253.16 → 10.225.1.204 SNMP 827 encryptedPDU: Decrypted data not formatted as expected
9 1.052126 10.89.253.16 → 10.225.1.204 SNMP 675 encryptedPDU: Decrypted data not formatted as expected
10 1.052174 10.89.253.16 → 10.225.1.204 SNMP 717 16604 → 162 Len=675
11 1.052214 10.89.253.16 → 10.225.1.204 SNMP 695 encryptedPDU: Decrypted data not formatted as expected
12 8.062186 10.89.253.16 → 10.225.1.204 SNMP 830 encryptedPDU: Decrypted data not formatted as expected
Example PCAP file: https://we.tl/t-hJls4QoOTY
Encryption parameters are the same as in the tshark command above.
BR,
Michael