Java Dynamic Management Kit 5.0 Tutorial

Enabling Privacy in SNMPv3 Managers

If you enable privacy in your SNMPv3 agents, then you must also enable privacy in the corresponding manager. The following example shows the code for an SNMPv3 agent with privacy enabled, called SyncManagerEncryptV3. This example is found in the examplesDir/Snmp/Manager directory.

Example 20–7 SyncManagerEncryptV3 Manager with Privacy Enabled

 public class SyncManagerEncryptV3 {
    	public static void main(String argv[]) {
		SnmpSession session = null;
        if (argv.length != 2) {
			//Check arguments first
			//host and port.
        final String host = argv[0];
        final String port = argv[1];
        // Initialize trace property. 

      	// Initialize the SNMP Manager API.

  		// Activate the encryption

	   		// First create parameters.
	    	final SnmpEngineParameters parameters = 
			new SnmpEngineParameters();

	    	// Then activate encryption

	    	// Finaly create the session passing it the parameters.
	    	try {
			// When instantiating a session, a new SNMP V3 engine is 
			// instantiated.
			session= new SnmpSession(parameters,
					 "SyncV3Manager session",
	    	}catch(SnmpStatusException e) {
	    	catch(IllegalArgumentException e) {
			//If the engine configuration is falty
	   		final SnmpEngine engine = session.getEngine();
	    	// Create a SnmpPeer object 
	    	final SnmpUsmPeer agent = 
			new SnmpUsmPeer(engine, host, Integer.parseInt(port));
	    	// Create parameters to associate to the entity to 
	    	// communicate with.
	    	final SnmpUsmParameters p = 
			new SnmpUsmParameters(engine, "defaultUser");
	    	// Set Security level 

	    	// Register MIBS under the scope of a context.

	    	// Specify a contextEngineId. This is 
	    	// The newly created parameter must be associated to the agent.
	    	// Discovery timeliness
	    	// A default peer (agent) can be associated to a SnmpSession. 
	 	 	// Create a listener and dispatcher for SNMP traps 
	    	final SnmpEventReportDispatcher trapAgent =
			new SnmpEventReportDispatcher(engine, 
					      Integer.parseInt(port) + 1, 
					      taskServer, null);
	    	trapAgent.addTrapListener(new TrapListenerImpl());
            final Thread trapThread = new Thread(trapAgent);
	    	// Build the list of variables you want to query.
	    	// For debug purposes, you can associate a name to your list.
	    	final SnmpVarBindList list = 
			new SnmpVarBindList("SyncManagerEncryptV3 varbind list");
	    	// We want to read the "sysDescr" variable.
            // We will thus query "sysDescr.0", as sysDescr is a scalar
	    		// variable (see RFC 1157, section  Identification 
           	// of Object Instances, or RFC 2578, section 7.  Mapping of 
	    		// the OBJECT-TYPE macro).
	    	// Make the SNMP get request and wait for the result.
	    	final SnmpRequest request = session.snmpGetRequest(null, list);
	    	println("SyncManagerEncryptV3::main:" + 
				 " Send get request to SNMP agent on " + 
				 host + " at port " + port);
	    	final boolean completed = request.waitForCompletion(10000);
	    	// Check for a timeout of the request.
            if (completed == false) {
                println("SyncManagerEncryptV3::main:" +
			" Request timed out. Check reachability of agent");
                // Print request.
                println("Request: " + request.toString());
            // Check if the response contains an 
	    		// error.
            final int errorStatus = request.getErrorStatus();
            if (errorStatus != SnmpDefinitions.snmpRspNoError) {
                println("Error status = " + 
                println("Error index = " + 
            // Display the content of the result.
            final SnmpVarBindList result = request.getResponseVarBindList();
            println("Result: \n" + result);
            println("\n>> Press Enter if you want to stop" +
		    " this SNMP manager.\n");
            // Nicely stop the session
	    		// End the SnmpEventReportDispatcher.

            // That's all !
				} catch(Exception e) {
            java.lang.System.err.println("SyncManagerEncryptV3::main:" +
					 " Exception occurred:" + e );


By default, a Java DMK 5.0 manager handles requests that are authenticated, but not encrypted. To activate encryption, you need to set certain parameters when you instantiate the SNMP session. As shown in Example 20–7, these parameters are passed to the engine using the SnmpEngineParameters class, as follows:

The SyncManagerEncryptV3 manager application then continues with the generation of a USM peer, defining the context and setting trap listeners in the same way as any other manager. Note, however, that in this manager, the security level is set to authPriv.

As well as the manager itself, you must also configure the security file associated with that manager. Example 20–8 shows the security file associated with SyncManagerEncryptV3.

Example 20–8 Manager File

#Authentication and encryption.



As was the case for the AgentEncryptV3 agent, in this file, you can see that the DES privacy protocol is specified.

To Run the SyncManagerEncryptV3 Example
  1. If you have not already done so, build and compile the AgentEncryptV3 example in examplesDir/Snmp/Agent.

    Type the following commands:

    $ mibgen -d . mib_II.txt
    $ javac -classpath classpath -d . *.java
  2. Start the AgentEncryptV3 agent, passing it its associated security file,

    $ java -classpath classpath 

    Press Enter to start sending traps.

  3. Press Enter to start sending traps.

  4. In another window, if you have not already done so, build and compile the SyncManagerEncryptV3 example in examplesDir/Snmp/Manager.

    Type the following commands:

    $ mibgen -mo -d . mib_II.txt
    $ javac -classpath classpath -d . *.java
  5. Start the SyncManagerEncryptV3 manager, passing it its associated security file,, and specifying the host name and port number of the agent it is to communicate with.

    $ java -classpath classpath 
    SyncManagerEncryptV3 localhost 8085

    You should see the manager start to receive encrypted traps from the agent.

    Send get request to SNMP agent on localhost at port 8085
    [Object ID :  (Syntax : String)
    Value : SunOS sparc 5.8]
    >> Press Enter if you want to stop this SNMP manager.
    NOTE: TrapListenerImpl received trap V3:
            ContextEngineId : 0x8000002a05819dcb6e00001f95
            ContextName : TEST-CONTEXT
            VarBind list :
    oid : val : 0:0:40
    oid : val :
    oid : val : 1
  6. Press Control-C in each window to stop both the agent and the manager