有時候我們改變 RFC 定義預設的 port number,Wireshark 就無法解析用預設的設定解析出封包。這時候我們可以在該封包上點滑鼠右鍵,選 Decode as,指定我們想要的 Protocol 解析方式,就可以看到原來 Protocol 應該顯示的欄位。
http://www.wireshark.org/docs/wsug_html_chunked/ChCustProtocolDissectionSection.html#ChAdvDecodeAsFig
2011年8月4日 星期四
SNMPv3 engine-id discovery
節錄自 RFC3414
4. Discovery
The User-based Security Model requires that a discovery process
obtains sufficient information about other SNMP engines in order to
communicate with them. Discovery requires an non-authoritative SNMP
engine to learn the authoritative SNMP engine’s snmpEngineID value
before communication may proceed. This may be accomplished by
generating a Request message with a securityLevel of noAuthNoPriv, a
msgUserName of zero-length, a msgAuthoritativeEngineID value of zero
length, and the varBindList left empty. The response to this message
will be a Report message containing the snmpEngineID of the
authoritative SNMP engine as the value of the
msgAuthoritativeEngineID field within the msgSecurityParameters field. It contains a Report PDU with the usmStatsUnknownEngineIDs
counter in the varBindList.
If authenticated communication is required, then the discovery
process should also establish time synchronization with the
authoritative SNMP engine. This may be accomplished by sending an
authenticated Request message with the value of
msgAuthoritativeEngineID set to the newly learned snmpEngineID and
with the values of msgAuthoritativeEngineBoots and
msgAuthoritativeEngineTime set to zero. For an authenticated Request
message, a valid userName must be used in the msgUserName field. The
response to this authenticated message will be a Report message
containing the up to date values of the authoritative SNMP engine’s
snmpEngineBoots and snmpEngineTime as the value of the
msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime fields
respectively. It also contains the usmStatsNotInTimeWindows counter
in the varBindList of the Report PDU. The time synchronization then
happens automatically as part of the procedures in section 3.2 step
7b. See also section 2.3.
4. Discovery
The User-based Security Model requires that a discovery process
obtains sufficient information about other SNMP engines in order to
communicate with them. Discovery requires an non-authoritative SNMP
engine to learn the authoritative SNMP engine’s snmpEngineID value
before communication may proceed. This may be accomplished by
generating a Request message with a securityLevel of noAuthNoPriv, a
msgUserName of zero-length, a msgAuthoritativeEngineID value of zero
length, and the varBindList left empty. The response to this message
will be a Report message containing the snmpEngineID of the
authoritative SNMP engine as the value of the
msgAuthoritativeEngineID field within the msgSecurityParameters field. It contains a Report PDU with the usmStatsUnknownEngineIDs
counter in the varBindList.
If authenticated communication is required, then the discovery
process should also establish time synchronization with the
authoritative SNMP engine. This may be accomplished by sending an
authenticated Request message with the value of
msgAuthoritativeEngineID set to the newly learned snmpEngineID and
with the values of msgAuthoritativeEngineBoots and
msgAuthoritativeEngineTime set to zero. For an authenticated Request
message, a valid userName must be used in the msgUserName field. The
response to this authenticated message will be a Report message
containing the up to date values of the authoritative SNMP engine’s
snmpEngineBoots and snmpEngineTime as the value of the
msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime fields
respectively. It also contains the usmStatsNotInTimeWindows counter
in the varBindList of the Report PDU. The time synchronization then
happens automatically as part of the procedures in section 3.2 step
7b. See also section 2.3.
訂閱:
文章 (Atom)