SNMP version III have more settings about security and sometimes makes the debugging process more complicated or difficult to understand.
Let’s see the scenario and how to successfully decode the SNMPv3 traps using Wire shark Tool 2.6.1.
– Windows Server 2012 R2
– Wire shark 2.6.1
– File extension: .pcap
Also, other similar extension: .pcapng
The first image shows you that all the traps that are coming to the Wire shark are encrypted with the following message: “encryptedPDU: privKey Unknown”, to successfully decode this traps, please do the following:
Move to Wire shark
1. Load the .pcap file.
2. You will see the file as the previous image.
3. Click on “Edit” > “Preferences”
Please take a look at the following image and we can continue from there,
Here you will see a new window “Preferences”,
4. From the list of the left, please select the protocol we are going to decode, as the image shows, now is “SNMP“. You will see new information on that window.
5. Please edit the “Users Table” clicking on “Edit” button.
6. You will see the new window, please add the following information and click on “Ok”
– User name
– Authentication Model
– Privacy Protocol
– Privacy Password
7. After that if all the steps were successful, you will see the traps decoded as the following image,