Invalid packet type/version from client
709 views
Skip to first unread message
Joel Sanger
Sep 21, 2010, 7:30:33 AM9/21/10
to jsend-nsca
Hi All,
Firstly thanks for writing this API, if I can get it working it will
be highly useful.
However I'm having issues with the nsca deamon reading the data.
The nsca client is set to recieve packets with the standard XOR
encryption. (I've tried perl modules etc and they are sent/recieved
correctly with that encryption).
However when I use the jsendnsca i get the following in my syslog:
Sep 21 09:15:42 appmonvm01 nsca[11422]: Received invalid packet type/
version from client - possibly due to client using wrong password or
crypto algorithm?
To generate the message I'm doing:
NagiosSettings appMonSettings = new
NagiosSettingsBuilder()
.withNagiosHost("appmonvm01")
.withPort(5667)
.withEncryption(Encryption.XOR)
.create();
NagiosPassiveCheckSender appMonSender = new
NagiosPassiveCheckSender(appMonSettings);
MessagePayload alertMsg = new MessagePayloadBuilder()
.withHostname("IFSPMTSTUK")
.withLevel(Level.CRITICAL)
.withServiceName("IFSPMTSTUK-TWINTL-BNYB")
.withMessage("Session Disconnected")
.create();
appMonSender.send(alertMsg);
The raw TCP payload is:
0x0000: 4500 02f8 7c94 4000 7a06 cb89 0a94 649b
E...|.@.z.....d.
0x0010: 0a8c 3c27 0fd1 1623 8973 4c57 c886
4ec8 ..<'...#.sLW..N.
0x0020: 5018 ff7b 9da7 0000 24aa a2b1 84c2 455f P..{....
$.....E_
0x0030: c971 fdd9 e852 c5e1 9c84 e08b 71e1
f8db .q...R......q...
0x0040: 3fa8 4a07 953d 5652 6b94 8bf0 2d80
1b34 ?.J..=VRk...-..4
0x0050: 0700 7064 d66e a904 c7db 7f7e e283
7381 ..pd.n.....~..s.
0x0060: c65b 2aeb fa11 bdcc 03a9 5fbe c0fa 6c4b .
[*......._...lK
0x0070: 8740 35eb 554d c2f8 fe37 d955 d6d3 7087 .@5.UM...
7.U..p.
0x0080: 7e84 658a 162b 67ea eaa9 5bbe 6ce0 cd77 ~.e..+g...
[.l..w
0x0090: c067 dfa0 5fca df61 dbf5 0bed 0abf
35c4 .g.._..a......5.
0x00a0: f2e9 22c2 efc5 2615 24a9 a2b1 1f0b 8481 .."...&.
$.......
0x00b0: 85e9 8bc1 e850 8ca7 cfd4 addf 22b5
ad90 .....P......"...
0x00c0: 3fa8 4a07 953d 5652 6b94 8bf0 2d80
1b34 ?.J..=VRk...-..4
0x00d0: 0700 7064 d66e a904 c7db 7f7e e283
7381 ..pd.n.....~..s.
0x00e0: c65b 2aeb fa11 bdcc 03a9 5fbe c0fa 6c4b .
[*......._...lK
0x00f0: 8740 35eb 554d d8db de14 fd6e eba7
61a5 .@5.UM.....n..a.
0x0100: 20b3 5dad 361a 48b3 cd83 02fc 6ce0 cd77 ..].
6.H.....l..w
0x0110: c067 dfa0 5fca df61 dbf5 0bed 0abf
35c4 .g.._..a......5.
0x0120: f2e9 22c2 efc5 2615 24a9 a2b1 1f0b 8481 .."...&.
$.......
0x0130: 85e9 8bc1 e850 8ca7 cfd4 addf 22b5
ad90 .....P......"...
0x0140: 3fa8 4a07 953d 5652 6b94 8bf0 2d80
1b34 ?.J..=VRk...-..4
0x0150: 0700 7064 d66e a904 c7db 7f7e e283
7381 ..pd.n.....~..s.
0x0160: c65b 2aeb fa11 bdcc 03a9 5fbe c0fa 6c4b .
[*......._...lK
0x0170: 8740 35eb 554d 8bbe ad67 9401 8587
25cc .@5.UM...g....%.
0x0180: 53d0 32c3 587f 2bc7 a8e7 02fc 6ce0 cd77 S.2.X.
+.....l..w
0x0190: c067 dfa0 5fca df61 dbf5 0bed 0abf
35c4 .g.._..a......5.
0x01a0: f2e9 22c2 efc5 2615 24a9 a2b1 1f0b 8481 .."...&.
$.......
0x01b0: 85e9 8bc1 e850 8ca7 cfd4 addf 22b5
ad90 .....P......"...
0x01c0: 3fa8 4a07 953d 5652 6b94 8bf0 2d80
1b34 ?.J..=VRk...-..4
0x01d0: 0700 7064 d66e a904 c7db 7f7e e283
7381 ..pd.n.....~..s.
0x01e0: c65b 2aeb fa11 bdcc 03a9 5fbe c0fa 6c4b .
[*......._...lK
0x01f0: 8740 .@
Is this a known issue? Any ideas about what is causing my issue?
Thanks
Joel
Firstly thanks for writing this API, if I can get it working it will
be highly useful.
However I'm having issues with the nsca deamon reading the data.
The nsca client is set to recieve packets with the standard XOR
encryption. (I've tried perl modules etc and they are sent/recieved
correctly with that encryption).
However when I use the jsendnsca i get the following in my syslog:
Sep 21 09:15:42 appmonvm01 nsca[11422]: Received invalid packet type/
version from client - possibly due to client using wrong password or
crypto algorithm?
To generate the message I'm doing:
NagiosSettings appMonSettings = new
NagiosSettingsBuilder()
.withNagiosHost("appmonvm01")
.withPort(5667)
.withEncryption(Encryption.XOR)
.create();
NagiosPassiveCheckSender appMonSender = new
NagiosPassiveCheckSender(appMonSettings);
MessagePayload alertMsg = new MessagePayloadBuilder()
.withHostname("IFSPMTSTUK")
.withLevel(Level.CRITICAL)
.withServiceName("IFSPMTSTUK-TWINTL-BNYB")
.withMessage("Session Disconnected")
.create();
appMonSender.send(alertMsg);
The raw TCP payload is:
0x0000: 4500 02f8 7c94 4000 7a06 cb89 0a94 649b
E...|.@.z.....d.
0x0010: 0a8c 3c27 0fd1 1623 8973 4c57 c886
4ec8 ..<'...#.sLW..N.
0x0020: 5018 ff7b 9da7 0000 24aa a2b1 84c2 455f P..{....
$.....E_
0x0030: c971 fdd9 e852 c5e1 9c84 e08b 71e1
f8db .q...R......q...
0x0040: 3fa8 4a07 953d 5652 6b94 8bf0 2d80
1b34 ?.J..=VRk...-..4
0x0050: 0700 7064 d66e a904 c7db 7f7e e283
7381 ..pd.n.....~..s.
0x0060: c65b 2aeb fa11 bdcc 03a9 5fbe c0fa 6c4b .
[*......._...lK
0x0070: 8740 35eb 554d c2f8 fe37 d955 d6d3 7087 .@5.UM...
7.U..p.
0x0080: 7e84 658a 162b 67ea eaa9 5bbe 6ce0 cd77 ~.e..+g...
[.l..w
0x0090: c067 dfa0 5fca df61 dbf5 0bed 0abf
35c4 .g.._..a......5.
0x00a0: f2e9 22c2 efc5 2615 24a9 a2b1 1f0b 8481 .."...&.
$.......
0x00b0: 85e9 8bc1 e850 8ca7 cfd4 addf 22b5
ad90 .....P......"...
0x00c0: 3fa8 4a07 953d 5652 6b94 8bf0 2d80
1b34 ?.J..=VRk...-..4
0x00d0: 0700 7064 d66e a904 c7db 7f7e e283
7381 ..pd.n.....~..s.
0x00e0: c65b 2aeb fa11 bdcc 03a9 5fbe c0fa 6c4b .
[*......._...lK
0x00f0: 8740 35eb 554d d8db de14 fd6e eba7
61a5 .@5.UM.....n..a.
0x0100: 20b3 5dad 361a 48b3 cd83 02fc 6ce0 cd77 ..].
6.H.....l..w
0x0110: c067 dfa0 5fca df61 dbf5 0bed 0abf
35c4 .g.._..a......5.
0x0120: f2e9 22c2 efc5 2615 24a9 a2b1 1f0b 8481 .."...&.
$.......
0x0130: 85e9 8bc1 e850 8ca7 cfd4 addf 22b5
ad90 .....P......"...
0x0140: 3fa8 4a07 953d 5652 6b94 8bf0 2d80
1b34 ?.J..=VRk...-..4
0x0150: 0700 7064 d66e a904 c7db 7f7e e283
7381 ..pd.n.....~..s.
0x0160: c65b 2aeb fa11 bdcc 03a9 5fbe c0fa 6c4b .
[*......._...lK
0x0170: 8740 35eb 554d 8bbe ad67 9401 8587
25cc .@5.UM...g....%.
0x0180: 53d0 32c3 587f 2bc7 a8e7 02fc 6ce0 cd77 S.2.X.
+.....l..w
0x0190: c067 dfa0 5fca df61 dbf5 0bed 0abf
35c4 .g.._..a......5.
0x01a0: f2e9 22c2 efc5 2615 24a9 a2b1 1f0b 8481 .."...&.
$.......
0x01b0: 85e9 8bc1 e850 8ca7 cfd4 addf 22b5
ad90 .....P......"...
0x01c0: 3fa8 4a07 953d 5652 6b94 8bf0 2d80
1b34 ?.J..=VRk...-..4
0x01d0: 0700 7064 d66e a904 c7db 7f7e e283
7381 ..pd.n.....~..s.
0x01e0: c65b 2aeb fa11 bdcc 03a9 5fbe c0fa 6c4b .
[*......._...lK
0x01f0: 8740 .@
Is this a known issue? Any ideas about what is causing my issue?
Thanks
Joel
Raj Patel
Sep 21, 2010, 7:35:10 AM9/21/10
to jsend-nsca
Hi Joel
Seems like you are not setting the password
Try
NagiosSettingsBuilder()
.withNagiosHost("appmonvm01")
.withPort(5667)
.withEncryption(Encryption.XOR)
.withPassword("your nsca password")
.create();
and set your password as set up in your nsca daemon
Regards
Raj Patel
NagiosSettingsBuilder().withPassword("yourpassword").
> 0x0070: 8740 35eb 554d c2f8 fe37 d955 d6d3 7087 ....@5.UM...
Seems like you are not setting the password
Try
NagiosSettingsBuilder()
.withNagiosHost("appmonvm01")
.withPort(5667)
.withEncryption(Encryption.XOR)
.create();
and set your password as set up in your nsca daemon
Regards
Raj Patel
NagiosSettingsBuilder().withPassword("yourpassword").
> 7.U..p.
> 0x0080: 7e84 658a 162b 67ea eaa9 5bbe 6ce0 cd77 ~.e..+g...
> [.l..w
> 0x0090: c067 dfa0 5fca df61 dbf5 0bed 0abf
> 35c4 .g.._..a......5.
> 0x00a0: f2e9 22c2 efc5 2615 24a9 a2b1 1f0b 8481 .."...&.
> $.......
> 0x00b0: 85e9 8bc1 e850 8ca7 cfd4 addf 22b5
> ad90 .....P......"...
> 0x00c0: 3fa8 4a07 953d 5652 6b94 8bf0 2d80
> 1b34 ?.J..=VRk...-..4
> 0x00d0: 0700 7064 d66e a904 c7db 7f7e e283
> 7381 ..pd.n.....~..s.
> 0x00e0: c65b 2aeb fa11 bdcc 03a9 5fbe c0fa 6c4b .
> [*......._...lK
> 0x00f0: 8740 35eb 554d d8db de14 fd6e eba7
> 61a5 ....@5.UM.....n..a.
> 0x0080: 7e84 658a 162b 67ea eaa9 5bbe 6ce0 cd77 ~.e..+g...
> [.l..w
> 0x0090: c067 dfa0 5fca df61 dbf5 0bed 0abf
> 35c4 .g.._..a......5.
> 0x00a0: f2e9 22c2 efc5 2615 24a9 a2b1 1f0b 8481 .."...&.
> $.......
> 0x00b0: 85e9 8bc1 e850 8ca7 cfd4 addf 22b5
> ad90 .....P......"...
> 0x00c0: 3fa8 4a07 953d 5652 6b94 8bf0 2d80
> 1b34 ?.J..=VRk...-..4
> 0x00d0: 0700 7064 d66e a904 c7db 7f7e e283
> 7381 ..pd.n.....~..s.
> 0x00e0: c65b 2aeb fa11 bdcc 03a9 5fbe c0fa 6c4b .
> [*......._...lK
> 0x00f0: 8740 35eb 554d d8db de14 fd6e eba7
> 0x0100: 20b3 5dad 361a 48b3 cd83 02fc 6ce0 cd77 ..].
> 6.H.....l..w
> 0x0110: c067 dfa0 5fca df61 dbf5 0bed 0abf
> 35c4 .g.._..a......5.
> 0x0120: f2e9 22c2 efc5 2615 24a9 a2b1 1f0b 8481 .."...&.
> $.......
> 0x0130: 85e9 8bc1 e850 8ca7 cfd4 addf 22b5
> ad90 .....P......"...
> 0x0140: 3fa8 4a07 953d 5652 6b94 8bf0 2d80
> 1b34 ?.J..=VRk...-..4
> 0x0150: 0700 7064 d66e a904 c7db 7f7e e283
> 7381 ..pd.n.....~..s.
> 0x0160: c65b 2aeb fa11 bdcc 03a9 5fbe c0fa 6c4b .
> [*......._...lK
> 0x0170: 8740 35eb 554d 8bbe ad67 9401 8587
> 25cc ....@5.UM...g....%.
> 6.H.....l..w
> 0x0110: c067 dfa0 5fca df61 dbf5 0bed 0abf
> 35c4 .g.._..a......5.
> 0x0120: f2e9 22c2 efc5 2615 24a9 a2b1 1f0b 8481 .."...&.
> $.......
> 0x0130: 85e9 8bc1 e850 8ca7 cfd4 addf 22b5
> ad90 .....P......"...
> 0x0140: 3fa8 4a07 953d 5652 6b94 8bf0 2d80
> 1b34 ?.J..=VRk...-..4
> 0x0150: 0700 7064 d66e a904 c7db 7f7e e283
> 7381 ..pd.n.....~..s.
> 0x0160: c65b 2aeb fa11 bdcc 03a9 5fbe c0fa 6c4b .
> [*......._...lK
> 0x0170: 8740 35eb 554d 8bbe ad67 9401 8587
Joel Sanger
Sep 21, 2010, 7:58:16 AM9/21/10
to jsend-nsca
Thanks for the quick reply.
In the nsca config the password section is commented out.
# DECRYPTION PASSWORD
# This is the password/passphrase that should be used to descrypt the
# incoming packets. Note that all clients must encrypt the packets
# they send using the same password!
# IMPORTANT: You don't want all the users on this system to be able
# to read the password you specify here, so make sure to set
# restrictive permissions on this config file!
#password=
# DECRYPTION METHOD
# This option determines the method by which the nsca daemon will
# decrypt the packets it receives from the clients. The decryption
# method you choose will be a balance between security and
performance,
# as strong encryption methods consume more processor resources.
# You should evaluate your security needs when choosing a decryption
# method.
#
# Note: The decryption method you specify here must match the
# encryption method the nsca clients use (as specified in
# the send_nsca.cfg file)!!
# Values:
#
# 0 = None (Do NOT use this option)
# 1 = Simple XOR (No security, just obfuscation, but very fast)
#
# 2 = DES
# 3 = 3DES (Triple DES)
# 4 = CAST-128
# 5 = CAST-256
# 6 = xTEA
# 7 = 3WAY
# 8 = BLOWFISH
# 9 = TWOFISH
# 10 = LOKI97
# 11 = RC2
# 12 = ARCFOUR
#
# 14 = RIJNDAEL-128
# 15 = RIJNDAEL-192
# 16 = RIJNDAEL-256
#
# 19 = WAKE
# 20 = SERPENT
#
# 22 = ENIGMA (Unix crypt)
# 23 = GOST
# 24 = SAFER64
# 25 = SAFER128
# 26 = SAFER+
#
decryption_method=1
So, it must be using a default somewhere? Any ideas about what it
could be?
(I can't add a new password as lot's of other services report to this
nsca deamon and i don't want to break those)
Thank you again!
Joel
In the nsca config the password section is commented out.
# DECRYPTION PASSWORD
# This is the password/passphrase that should be used to descrypt the
# incoming packets. Note that all clients must encrypt the packets
# they send using the same password!
# IMPORTANT: You don't want all the users on this system to be able
# to read the password you specify here, so make sure to set
# restrictive permissions on this config file!
#password=
# DECRYPTION METHOD
# This option determines the method by which the nsca daemon will
# decrypt the packets it receives from the clients. The decryption
# method you choose will be a balance between security and
performance,
# as strong encryption methods consume more processor resources.
# You should evaluate your security needs when choosing a decryption
# method.
#
# Note: The decryption method you specify here must match the
# encryption method the nsca clients use (as specified in
# the send_nsca.cfg file)!!
# Values:
#
# 0 = None (Do NOT use this option)
# 1 = Simple XOR (No security, just obfuscation, but very fast)
#
# 2 = DES
# 3 = 3DES (Triple DES)
# 4 = CAST-128
# 5 = CAST-256
# 6 = xTEA
# 7 = 3WAY
# 8 = BLOWFISH
# 9 = TWOFISH
# 10 = LOKI97
# 11 = RC2
# 12 = ARCFOUR
#
# 14 = RIJNDAEL-128
# 15 = RIJNDAEL-192
# 16 = RIJNDAEL-256
#
# 19 = WAKE
# 20 = SERPENT
#
# 22 = ENIGMA (Unix crypt)
# 23 = GOST
# 24 = SAFER64
# 25 = SAFER128
# 26 = SAFER+
#
decryption_method=1
So, it must be using a default somewhere? Any ideas about what it
could be?
(I can't add a new password as lot's of other services report to this
nsca deamon and i don't want to break those)
Thank you again!
Joel
Raj Patel
Sep 21, 2010, 8:07:41 AM9/21/10
to jsend...@googlegroups.com
Hi Joel
I have not tested XOR without a password, how about try
withPassword("") to see if that works
The encyrpt method has the following snippet
if (StringUtils.isNotBlank(password)) {
final byte[] passwordBytes = password.getBytes();
for (int y = 0, x = 0; y < passiveCheckBytes.length; y++, x++) {
if (x >= passwordBytes.length) {
x = 0;
}
passiveCheckBytes[y] ^= passwordBytes[x];
}
}
So if the password is blank, it will skip over this and may work
Regards
Raj
> --
> You received this message because you are subscribed to the Google Groups "jsend-nsca" group.
> To post to this group, send email to jsend...@googlegroups.com.
> To unsubscribe from this group, send email to jsend-nsca+...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/jsend-nsca?hl=en.
>
--
Raj Patel
Mobile: 07957 446908
Home: 0208 371 1958
Joel Sanger
Sep 21, 2010, 8:09:28 AM9/21/10
to jsend-nsca
I've tried setting the password to be "" (nothing/blank) and got a
java.lang.IllegalArgumentException: password cannot be null or empty
So then I tried " " (a single space) and it looks like that's working.
As it looks like it's a nsca default do you think it should also
default to that value in jsendnsca (if the user doesn't set a
password)?
Final working code:
NagiosSettingsBuilder()
.withNagiosHost("appmonvm01")
.withPort(5667)
.withEncryption(Encryption.XOR)
.withPassword(" ")
.create();
Thanks again,
Joel
java.lang.IllegalArgumentException: password cannot be null or empty
So then I tried " " (a single space) and it looks like that's working.
As it looks like it's a nsca default do you think it should also
default to that value in jsendnsca (if the user doesn't set a
password)?
Final working code:
NagiosSettingsBuilder()
.withNagiosHost("appmonvm01")
.withPort(5667)
.withEncryption(Encryption.XOR)
.create();
Thanks again,
Joel
Raj Patel
Sep 21, 2010, 8:15:12 AM9/21/10
to jsend...@googlegroups.com
Thanks Joel
Looks like i need to accept "" as a valid password,
The reason why " " works is the StringUtils.isNotBlank() returns false
for this hence the code is skipped over
As no password seems like the NSCA default, I will fix this so that
withPassword() accepts an empty string and the default password is an
empty string
So the current workaround seems to be a space " " so glad that works for you
Regards
Raj Patel
Raj Patel
Sep 22, 2010, 4:30:05 AM9/22/10
to jsend...@googlegroups.com
Hi Joel
Issue is now hopefully fixed.
New version 2.0.1 uploaded which has empty string as default password.
You can also optionally now use new withNoPassword method on builder
so it is clear
that you are not setting a password
NagiosSettings settings = new NagiosSettingsBuilder()
...
.withNoPassword()
.create();
Can you give 2.0.1 a try and see if it works for you
Regards
Raj Patel
Reply all
Reply to author
Forward
0 new messages