Wireshark 2.6.1 – howTo decode SNMPv3 encrypted traps [ 7 Steps]

Posted by

SNMP version III have more settings about security and sometimes makes the debugging process more complicated or difficult to understand.

Let’s see the scenario and how to successfully decode the SNMPv3 traps using Wire shark Tool 2.6.1.

Scenario/Environment:

– Windows Server 2012 R2
– Wire shark 2.6.1
– File extension: .pcap

Also, other similar extension: .pcapng

 

ex1
Image1: EncryptedPDU

 

The first image shows you that all the traps that are coming to the Wire shark are encrypted with the following message: “encryptedPDU: privKey Unknown”, to successfully decode this traps, please do the following:

Move to Wire shark

1. Load the .pcap file.
2. You will see the file as the previous image.
3. Click on “Edit” > “Preferences”

Please take a look at the following image and we can continue from there,

 

ex2
Image2: SNMP Preferences

 

Here you will see a new window “Preferences”,

4. From the list of the left, please select the protocol we are going to decode, as the image shows, now is “SNMP“. You will see new information on that window.
5. Please edit the “Users Table” clicking on “Edit” button.
6. You will see the new window, please add the following information and click on “Ok

– User name
– Authentication Model
– Password
– Privacy Protocol
– Privacy Password

7. After that if all the steps were successful, you will see the traps decoded as the following image,

 

ex3
Image3: Decoded

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s