NetStumbler.org Forums - View Single Post

02-06-2002

I have one (the 2652, I think, I can check) working with Linux. I configured it initially with their supplied tool, but it's just SNMP, using the ATMEL Mib, so after I figured out what the tool was doing, I can configure it with snmptools.

I won't post the entire mib here, google for it.

Here is my trace and notes of a configuration session. I have changed all the keys and such since, so don't sweat that.

Note: I think that I didn't specify -s1500 to tcpdump, so the packets below may be truncated, but it should give you an idea.

Authenticating to AP. I give it the Community name and ask for sysDescr and operChannelID. He gives me back the Description and, presumably, the channel id -- if that's what [|snmp] means:

21:00:46.961924 > myhostIP.1636 > puck.snmp: C=MiniAP GetRequest(47) E:410.1.1.1.1.0 E:410.1.2.1.1.0
21:00:46.963696 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(101) E:410.1.1.1.1.0=38_30_32_2e_31_31_20_41_50_20_28_5 6_65_72_2e_20_31_2e_34_66_2e_34_29_20_4d_69_6e_69_ 41_50_00_00_00_00_00_00_00_00_00_00_44_db_00_01_be _05_00_00_0c_00_00_00_17_a9_00_01_74 E:410.1.2.1.1=[|snmp]

Having authenticated, now I change the ???

21:00:46.980040 > myhostIP.1636 > puck.snmp: C=MiniAP SetRequest(30) E:410.1.2.1.6.0=2
21:00:46.981614 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(30) E:410.1.2.1.6.0=2

Ask for the sysDeviceInfo, operIPAddress, operIPMask, operChannelID:

21:00:46.992689 > myhostIP.1636 > puck.snmp: C=MiniAP GetRequest(100) E:410.1.1.1.5.0 E:410.1.1.2.1.0 E:410.1.1.2.2.0 E:410.1.1.2.3.0 E:410.1.2.1.1.0[|snmp]
21:00:46.996544 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(99) E:410.1.1.1.5.0=02_00_00_00_00_04_e2_0e_c1_12_00_0 1_10_00_00_00_00_00_00_00_45_55_4d_49_54_43_4f_4d_ 00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00 _00_00_00_00_00_00_00_00_00_00_00_41_43_43_45_53_5 3_20_50_4f_49_4e_54_00

Ask for operESSID, privacyWEPEnable, AssociatedSTAsNum, ChannelStatus, operAccessPointName

21:00:47.010763 > myhostIP.1636 > puck.snmp: C=MiniAP GetRequest(100) E:410.1.2.1.3.0 E:410.1.2.2.5.0 E:410.1.2.5.1.0 E:410.1.2.1.4.0 E:410.1.2.1.10.0[|snmp]
21:00:47.016590 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(99) E:410.1.2.1.3.0=57_4c_41_4e_00_00_00_00_00_00_00_0 0_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_ 00_00_00_00 E:410.1.2.2.5.0=2 E:410.1.2.5.1.0=0

Ask for the sysDeviceInfo, operIPAddress, operIPMask, operChannelID:

21:01:07.650848 > myhostIP.1636 > puck.snmp: C=MiniAP GetRequest(100) E:410.1.1.1.5.0 E:410.1.1.2.1.0 E:410.1.1.2.2.0 E:410.1.1.2.3.0 E:410.1.2.1.1.0[|snmp]
21:01:07.654735 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(99) E:410.1.1.1.5.0=02_00_00_00_00_04_e2_0e_c1_12_00_0 1_10_00_00_00_00_00_00_00_45_55_4d_49_54_43_4f_4d_ 00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00 _00_00_00_00_00_00_00_00_00_00_00_41_43_43_45_53_5 3_20_50_4f_49_4e_54_00

Ask for operESSID, privacyWEPEnable, AssociatedSTAsNum, ChannelStatus, operAccessPointName

21:01:07.674705 > myhostIP.1636 > puck.snmp: C=MiniAP GetRequest(100) E:410.1.2.1.3.0 E:410.1.2.2.5.0 E:410.1.2.5.1.0 E:410.1.2.1.4.0 E:410.1.2.1.10.0[|snmp]
21:01:07.680542 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(99) E:410.1.2.1.3.0=57_4c_41_4e_00_00_00_00_00_00_00_0 0_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_ 00_00_00_00 E:410.1.2.2.5.0=2 E:410.1.2.5.1.0=0

Ask for defaultWEPKey[1-3] and privacyDefaultWEPKeyID
21:01:32.712264 > myhostIP.1636 > puck.snmp: C=MiniAP GetRequest(100) E:410.1.2.2.1.0 E:410.1.2.2.2.0 E:410.1.2.2.3.0 E:410.1.2.2.4.0 E:410.1.2.2.6.0[|snmp]
21:01:32.719241 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(99) E:410.1.2.2.1.0=00_00_00_00_00_00_00_00_00_00_00_0 0_00 E:410.1.2.2.2.0=00_00_00_00_00_00_00_00_00_00_00_0 0_00 E:410.1.2.2.3.0=00_00_00_00_00_00_00

Set the WEPKeys (even though I only specified one, it seems to have set the others as well?).

21:02:20.413879 > myhostIP.1636 > puck.snmp: C=MiniAP SetRequest(99) E:410.1.2.2.1.0=25_36_5d_b7_ef_92_82_3f_1e_88_7d_a 0_ce E:410.1.2.2.2.0=92_82_3f_1e_88_00_00_00_00_00_00_0 0_00 E:410.1.2.2.3.0=7d_a0_ce_00_00_00_00
21:02:20.420574 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(99) E:410.1.2.2.1.0=25_36_5d_b7_ef_92_82_3f_1e_88_7d_a 0_ce E:410.1.2.2.2.0=92_82_3f_1e_88_00_00_00_00_00_00_0 0_00 E:410.1.2.2.3.0=7d_a0_ce_00_00_00_00

Reboot the AP:

21:02:20.429570 > myhostIP.1636 > puck.snmp: C=MiniAP SetRequest(30) E:410.1.1.1.6.0=1
21:02:20.430878 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(30) E:410.1.1.1.6.0=1

AP reboots

21:02:21.628823 B 0.0.0.0.snmp-trap > 255.255.255.255.snmp-trap: Trap(26) E:410.1.1 [192.168.0.2] coldStart 0[nothing to parse]

Oct 27 21:02:21 myhost kernel: Packet log: input REJECT eth1 PROTO=17 0.0.0.0:162 255.255.255.255:162 L=69 S=0x00 I=1 F=0x0000 T=64 (#62)
Oct 27 21:02:22 myhost dhcpd: DHCPDISCOVER from 00:04:e2:0e:c1:12 via eth1
Oct 27 21:02:22 myhost dhcpd: DHCPOFFER on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1
Oct 27 21:02:22 myhost dhcpd: DHCPREQUEST for 192.168.0.2 from 00:04:e2:0e:c1:12 via eth1
Oct 27 21:02:22 myhost dhcpd: DHCPACK on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1

Now it asks for the WEP keys again (presumably, because the application is displaying this screen)

21:02:25.701487 > myhostIP.1636 > puck.snmp: C=MiniAP GetRequest(100) E:410.1.2.2.1.0 E:410.1.2.2.2.0 E:410.1.2.2.3.0 E:410.1.2.2.4.0 E:410.1.2.2.6.0[|snmp]
21:02:25.708553 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(99) E:410.1.2.2.1.0=25_36_5d_b7_ef_92_82_3f_1e_88_7d_a 0_ce E:410.1.2.2.2.0=92_82_3f_1e_88_00_00_00_00_00_00_0 0_00 E:410.1.2.2.3.0=7d_a0_ce_00_00_00_00

And we're setting something else, what's here is the channel, essid len, essid, IP address, and something else that's truncated.
21:03:58.875963 > myhostIP.1636 > puck.snmp: C=MiniAP SetRequest(99) E:410.1.2.1.1.0=11 E:410.1.2.1.2.0=4 E:410.1.2.1.3.0="WLAN" E:410.1.1.2.1.0=[192.168.0.2] .iso.org=[|snmp]
21:03:58.883984 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(99) E:410.1.2.1.1.0=11 E:410.1.2.1.2.0=4 E:410.1.2.1.3.0="WLAN" E:410.1.1.2.1.0=[192.168.0.2] .iso.org=[|snmp]

Reboot again:

21:03:58.906253 > myhostIP.1636 > puck.snmp: C=MiniAP SetRequest(30) E:410.1.1.1.6.0=1
21:03:58.907541 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(30) E:410.1.1.1.6.0=1

AP reboots

21:03:59.881766 B 0.0.0.0.snmp-trap > 255.255.255.255.snmp-trap: Trap(26) E:410.1.1 [192.168.0.2] coldStart 0[nothing to parse]
Oct 27 21:03:59 myhost kernel: Packet log: input REJECT eth1 PROTO=17 0.0.0.0:162 255.255.255.255:162 L=69 S=0x00 I=1 F=0x0000 T=64 (#62)
Oct 27 21:04:00 myhost dhcpd: DHCPDISCOVER from 00:04:e2:0e:c1:12 via eth1
Oct 27 21:04:00 myhost dhcpd: DHCPOFFER on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1
Oct 27 21:04:00 myhost dhcpd: DHCPREQUEST for 192.168.0.2 from 00:04:e2:0e:c1:12 via eth1
Oct 27 21:04:00 myhost dhcpd: DHCPACK on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1

Now we look at the MAC filters:

first the AP tells us that MAC filtering is disabled:

21:12:14.085271 > myhostIP.1636 > puck.snmp: C=MiniAP GetRequest(29) E:410.1.2.6.1.0
21:12:14.087058 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(30) E:410.1.2.6.1.0=2

Then we set the first of the MAC filters -- but this is a broadcast address, and I don't know what the first 6 bytes mean.
21:12:14.112847 > myhostIP.1636 > puck.snmp: C=MiniAP SetRequest(41) E:410.1.2.6.2.0=02_00_00_00_01_00_00_00_00_00_00_0 0
21:12:14.114680 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(41) E:410.1.2.6.2.0=02_00_ff_ff_01_00_ff_ff_ff_ff_ff_f f

And do the same thing again:

21:12:52.905507 > myhostIP.1636 > puck.snmp: C=MiniAP SetRequest(41) E:410.1.2.6.2.0=02_00_00_00_01_00_00_00_00_00_00_0 0
21:12:52.907373 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(41) E:410.1.2.6.2.0=02_00_ff_ff_01_00_ff_ff_ff_ff_ff_f f

And then define one, and reboot the AP. This is AuthorizationMacEnable:

21:20:48.740921 > myhostIP.1636 > puck.snmp: C=MiniAP SetRequest(30) E:410.1.2.6.1.0=1
21:20:48.743222 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(30) E:410.1.2.6.1.0=1

This is AuthorizedMac:
21:20:48.963713 > myhostIP.1636 > puck.snmp: C=MiniAP SetRequest(41) E:410.1.2.6.2.0=01_00_01_00_01_00_00_02_2d_0e_c7_a 5
21:20:48.973928 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(41) E:410.1.2.6.2.0=01_00_01_00_01_00_00_02_2d_0e_c7_a 5

Restart:
21:20:49.194256 > myhostIP.1636 > puck.snmp: C=MiniAP SetRequest(30) E:410.1.1.1.6.0=1
21:20:49.195554 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(30) E:410.1.1.1.6.0=1

21:20:50.249189 B 0.0.0.0.snmp-trap > 255.255.255.255.snmp-trap: Trap(26) E:410.1.1 [192.168.0.2] coldStart 0[nothing to parse]

Oct 27 21:20:50 myhost kernel: Packet log: input REJECT eth1 PROTO=17 0.0.0.0:162 255.255.255.255:162 L=69 S=0x00 I=1 F=0x0000 T=64 (#62)
Oct 27 21:20:51 myhost dhcpd: DHCPDISCOVER from 00:04:e2:0e:c1:12 via eth1
Oct 27 21:20:51 myhost dhcpd: DHCPOFFER on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1
Oct 27 21:20:51 myhost dhcpd: DHCPREQUEST for 192.168.0.2 from 00:04:e2:0e:c1:12 via eth1
Oct 27 21:20:51 myhost dhcpd: DHCPACK on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1

Here we set the password (AuthorizedAdminPass and AuthorizedManufactPass) and then reboot.

22:02:06.431063 > myhostIP.1636 > puck.snmp: C=MiniAP SetRequest(63) E:410.1.1.9.2.0="password" E:410.1.1.9.3.0="password"
22:02:06.433880 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(63) E:410.1.1.9.2.0="password" E:410.1.1.9.3.0="password"

22:02:07.192025 B 0.0.0.0.snmp-trap > 255.255.255.255.snmp-trap: Trap(26) E:410.1.1 [192.168.0.2] coldStart 0[nothing to parse]

Oct 27 22:02:07 myhost kernel: Packet log: input REJECT eth1 PROTO=17 0.0.0.0:162 255.255.255.255:162 L=69 S=0x00 I=1 F=0x0000 T=64 (#62)
Oct 27 22:02:08 myhost dhcpd: DHCPDISCOVER from 00:04:e2:0e:c1:12 via eth1
Oct 27 22:02:08 myhost dhcpd: DHCPOFFER on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1
Oct 27 22:02:08 myhost dhcpd: DHCPREQUEST for 192.168.0.2 from 00:04:e2:0e:c1:12 via eth1
Oct 27 22:02:08 myhost dhcpd: DHCPACK on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1

Now, with the new password:
22:45:19.045483 > myhostIP.1636 > puck.snmp: C=password GetRequest(47) E:410.1.1.1.1.0 E:410.1.2.1.1.0\
22:45:19.047226 B arp who-has myhostIP (0:2:64:6:a1:0) tell puck
22:45:19.047332 > arp reply myhostIP (0:50:bf:75:8:90) is-at 0:50:bf:75:8:90 (0:4:e2:e:c1:12)
22:45:19.047739 < puck.snmp > myhostIP.1636: C=password GetResponse(99) E:410.1.1.1.1.0=38_30_32_2e_31_31_20_41_50_20_28_5 6_65_72_2e_20_31_2e_34_66_2e_34_29_20_4d_69_6e_69_ 41_50_00_00_e5_03_00_00_b9_af_01_02_44_db_00_01_bc _05_00_00_0c_00_00_00_17_a9_00_01_74 E:410.1.2=[|snmp]
22:45:19.056114 > myhostIP.1636 > puck.snmp: C=password SetRequest(30) E:410.1.2.1.6.0=2
22:45:19.057696 < puck.snmp > myhostIP.1636: C=password GetResponse(30) E:410.1.2.1.6.0=2
22:45:19.079306 > myhostIP.1636 > puck.snmp: C=password GetRequest(98) E:410.1.1.1.5.0 E:410.1.1.2.1.0 E:410.1.1.2.2.0 E:410.1.1.2.3.0 E:410.1.2.1.1[|snmp]
22:45:19.083180 < puck.snmp > myhostIP.1636: C=password GetResponse(97) E:410.1.1.1.5.0=02_00_00_00_00_04_e2_0e_c1_12_00_0 1_10_00_00_00_00_00_00_00_45_55_4d_49_54_43_4f_4d_ 00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00 _00_00_00_00_00_00_00_00_00_00_00_41_43_43_45_53_5 3_20_50_4f_49_4e
22:45:19.097005 > myhostIP.1636 > puck.snmp: C=password GetRequest(98) E:410.1.2.1.3.0 E:410.1.2.2.5.0 E:410.1.2.5.1.0 E:410.1.2.1.4.0 E:410.1.2.1.10[|snmp]
22:45:19.102888 < puck.snmp > myhostIP.1636: C=password GetResponse(97) E:410.1.2.1.3.0=57_4c_41_4e_00_00_00_00_00_00_00_0 0_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_ 00_00_00_00 E:410.1.2.2.5.0=3 E:410.1.2.5.1.0=[|snmp]

we intend to change the wepkey again:

22:45:46.511725 > myhostIP.1636 > puck.snmp: C=password GetRequest(98) E:410.1.1.1.5.0 E:410.1.1.2.1.0 E:410.1.1.2.2.0 E:410.1.1.2.3.0 E:410.1.2.1.1[|snmp]
22:45:46.515610 < puck.snmp > myhostIP.1636: C=password GetResponse(97) E:410.1.1.1.5.0=02_00_00_00_00_04_e2_0e_c1_12_00_0 1_10_00_00_00_00_00_00_00_45_55_4d_49_54_43_4f_4d_ 00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00 _00_00_00_00_00_00_00_00_00_00_00_41_43_43_45_53_5 3_20_50_4f_49_4e
22:45:46.544053 > myhostIP.1636 > puck.snmp: C=password GetRequest(98) E:410.1.2.1.3.0 E:410.1.2.2.5.0 E:410.1.2.5.1.0 E:410.1.2.1.4.0 E:410.1.2.1.10[|snmp]
22:45:46.549926 < puck.snmp > myhostIP.1636: C=password GetResponse(97) E:410.1.2.1.3.0=57_4c_41_4e_00_00_00_00_00_00_00_0 0_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_ 00_00_00_00 E:410.1.2.2.5.0=3 E:410.1.2.5.1.0=[|snmp]
22:45:53.221938 > myhostIP.1636 > puck.snmp: C=password GetRequest(98) E:410.1.2.2.1.0 E:410.1.2.2.2.0 E:410.1.2.2.3.0 E:410.1.2.2.4.0 E:410.1.2.2.6[|snmp]
22:45:53.228566 < puck.snmp > myhostIP.1636: C=password GetResponse(97) E:410.1.2.2.1.0=25_36_5d_b7_ef_92_82_3f_1e_88_7d_a 0_ce E:410.1.2.2.2.0=92_82_3f_1e_88_00_00_00_00_00_00_0 0_00 E:410.1.2.2.3.0=7d_a0_ce_00_00

And we really change it:

22:47:07.351579 > myhostIP.1636 > puck.snmp: C=password SetRequest(97) E:410.1.2.2.1.0=fc_54_d7_f1_dd_ef_00_25_52_10_ae_1 3_f3 E:410.1.2.2.2.0=fc_54_d7_f1_dd_00_00_00_00_00_00_0 0_00 E:410.1.2.2.3.0=87_2d_9f_00_00
22:47:07.358748 < puck.snmp > myhostIP.1636: C=password GetResponse(97) E:410.1.2.2.1.0=fc_54_d7_f1_dd_ef_00_25_52_10_ae_1 3_f3 E:410.1.2.2.2.0=fc_54_d7_f1_dd_00_00_00_00_00_00_0 0_00 E:410.1.2.2.3.0=87_2d_9f_00_00
22:47:07.365696 > myhostIP.1636 > puck.snmp: C=password SetRequest(30) E:410.1.1.1.6.0=1
22:47:07.366990 < puck.snmp > myhostIP.1636: C=password GetResponse(30) E:410.1.1.1.6.0=1

22:47:07.916889 B 0.0.0.0.snmp-trap > 255.255.255.255.snmp-trap: Trap(26) E:410.1.1 [192.168.0.2] coldStart 0[nothing to parse]

Oct 27 22:47:07 myhost kernel: Packet log: input REJECT eth1 PROTO=17 0.0.0.0:162 255.255.255.255:162 L=69 S=0x00 I=1 F=0x0000 T=64 (#62)
Oct 27 22:47:08 myhost dhcpd: DHCPDISCOVER from 00:04:e2:0e:c1:12 via eth1
Oct 27 22:47:08 myhost dhcpd: DHCPOFFER on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1
Oct 27 22:47:08 myhost dhcpd: DHCPREQUEST for 192.168.0.2 from 00:04:e2:0e:c1:12 via eth1
Oct 27 22:47:08 myhost dhcpd: DHCPACK on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1

22:47:13.037709 > myhostIP.1636 > puck.snmp: C=password GetRequest(98) E:410.1.2.2.1.0 E:410.1.2.2.2.0 E:410.1.2.2.3.0 E:410.1.2.2.4.0 E:410.1.2.2.6[|snmp]
22:47:13.044753 < puck.snmp > myhostIP.1636: C=password GetResponse(97) E:410.1.2.2.1.0=11_7e_bd_3f_9e_fc_54_d7_f1_dd_87_2 d_9f E:410.1.2.2.2.0=fc_54_d7_f1_dd_00_00_00_00_00_00_0 0_00 E:410.1.2.2.3.0=87_2d_9f_00_00

Now we change the APname and SSID:

22:54:59.749026 > myhostIP.1636 > puck.snmp: C=password SetRequest(97) E:410.1.2.1.1.0=11 E:410.1.2.1.2.0=14 E:410.1.2.1.3.0="AP@myhost" E:410.1.1.2.1=[|snmp]
22:54:59.757138 < puck.snmp > myhostIP.1636: C=password GetResponse(97) E:410.1.2.1.1.0=11 E:410.1.2.1.2.0=14 E:410.1.2.1.3.0="AP@myhost" E:410.1.1.2.1=[|snmp]
22:54:59.778347 > myhostIP.1636 > puck.snmp: C=password SetRequest(30) E:410.1.1.1.6.0=1
22:54:59.779657 < puck.snmp > myhostIP.1636: C=password GetResponse(30) E:410.1.1.1.6.0=1

22:55:00.805589 B 0.0.0.0.snmp-trap > 255.255.255.255.snmp-trap: Trap(26) E:410.1.1 [192.168.0.2] coldStart 0[nothing to parse]

Oct 27 22:55:00 myhost kernel: Packet log: input REJECT eth1 PROTO=17 0.0.0.0:162 255.255.255.255:162 L=69 S=0x00 I=1 F=0x0000 T=64 (#62)
Oct 27 22:55:01 myhost dhcpd: DHCPDISCOVER from 00:04:e2:0e:c1:12 via eth1
Oct 27 22:55:01 myhost dhcpd: DHCPOFFER on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1
Oct 27 22:55:01 myhost dhcpd: DHCPREQUEST for 192.168.0.2 from 00:04:e2:0e:c1:12 via eth1
Oct 27 22:55:01 myhost dhcpd: DHCPACK on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1

02-06-2002	#2 (permalink)
Posts: n/a	which smc ap? I have one (the 2652, I think, I can check) working with Linux. I configured it initially with their supplied tool, but it's just SNMP, using the ATMEL Mib, so after I figured out what the tool was doing, I can configure it with snmptools. I won't post the entire mib here, google for it. Here is my trace and notes of a configuration session. I have changed all the keys and such since, so don't sweat that. Note: I think that I didn't specify -s1500 to tcpdump, so the packets below may be truncated, but it should give you an idea. Authenticating to AP. I give it the Community name and ask for sysDescr and operChannelID. He gives me back the Description and, presumably, the channel id -- if that's what [\|snmp] means: 21:00:46.961924 > myhostIP.1636 > puck.snmp: C=MiniAP GetRequest(47) E:410.1.1.1.1.0 E:410.1.2.1.1.0 21:00:46.963696 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(101) E:410.1.1.1.1.0=38_30_32_2e_31_31_20_41_50_20_28_5 6_65_72_2e_20_31_2e_34_66_2e_34_29_20_4d_69_6e_69_ 41_50_00_00_00_00_00_00_00_00_00_00_44_db_00_01_be _05_00_00_0c_00_00_00_17_a9_00_01_74 E:410.1.2.1.1=[\|snmp] Having authenticated, now I change the ??? 21:00:46.980040 > myhostIP.1636 > puck.snmp: C=MiniAP SetRequest(30) E:410.1.2.1.6.0=2 21:00:46.981614 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(30) E:410.1.2.1.6.0=2 Ask for the sysDeviceInfo, operIPAddress, operIPMask, operChannelID: 21:00:46.992689 > myhostIP.1636 > puck.snmp: C=MiniAP GetRequest(100) E:410.1.1.1.5.0 E:410.1.1.2.1.0 E:410.1.1.2.2.0 E:410.1.1.2.3.0 E:410.1.2.1.1.0[\|snmp] 21:00:46.996544 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(99) E:410.1.1.1.5.0=02_00_00_00_00_04_e2_0e_c1_12_00_0 1_10_00_00_00_00_00_00_00_45_55_4d_49_54_43_4f_4d_ 00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00 _00_00_00_00_00_00_00_00_00_00_00_41_43_43_45_53_5 3_20_50_4f_49_4e_54_00 Ask for operESSID, privacyWEPEnable, AssociatedSTAsNum, ChannelStatus, operAccessPointName 21:00:47.010763 > myhostIP.1636 > puck.snmp: C=MiniAP GetRequest(100) E:410.1.2.1.3.0 E:410.1.2.2.5.0 E:410.1.2.5.1.0 E:410.1.2.1.4.0 E:410.1.2.1.10.0[\|snmp] 21:00:47.016590 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(99) E:410.1.2.1.3.0=57_4c_41_4e_00_00_00_00_00_00_00_0 0_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_ 00_00_00_00 E:410.1.2.2.5.0=2 E:410.1.2.5.1.0=0 Ask for the sysDeviceInfo, operIPAddress, operIPMask, operChannelID: 21:01:07.650848 > myhostIP.1636 > puck.snmp: C=MiniAP GetRequest(100) E:410.1.1.1.5.0 E:410.1.1.2.1.0 E:410.1.1.2.2.0 E:410.1.1.2.3.0 E:410.1.2.1.1.0[\|snmp] 21:01:07.654735 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(99) E:410.1.1.1.5.0=02_00_00_00_00_04_e2_0e_c1_12_00_0 1_10_00_00_00_00_00_00_00_45_55_4d_49_54_43_4f_4d_ 00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00 _00_00_00_00_00_00_00_00_00_00_00_41_43_43_45_53_5 3_20_50_4f_49_4e_54_00 Ask for operESSID, privacyWEPEnable, AssociatedSTAsNum, ChannelStatus, operAccessPointName 21:01:07.674705 > myhostIP.1636 > puck.snmp: C=MiniAP GetRequest(100) E:410.1.2.1.3.0 E:410.1.2.2.5.0 E:410.1.2.5.1.0 E:410.1.2.1.4.0 E:410.1.2.1.10.0[\|snmp] 21:01:07.680542 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(99) E:410.1.2.1.3.0=57_4c_41_4e_00_00_00_00_00_00_00_0 0_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_ 00_00_00_00 E:410.1.2.2.5.0=2 E:410.1.2.5.1.0=0 Ask for defaultWEPKey[1-3] and privacyDefaultWEPKeyID 21:01:32.712264 > myhostIP.1636 > puck.snmp: C=MiniAP GetRequest(100) E:410.1.2.2.1.0 E:410.1.2.2.2.0 E:410.1.2.2.3.0 E:410.1.2.2.4.0 E:410.1.2.2.6.0[\|snmp] 21:01:32.719241 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(99) E:410.1.2.2.1.0=00_00_00_00_00_00_00_00_00_00_00_0 0_00 E:410.1.2.2.2.0=00_00_00_00_00_00_00_00_00_00_00_0 0_00 E:410.1.2.2.3.0=00_00_00_00_00_00_00 Set the WEPKeys (even though I only specified one, it seems to have set the others as well?). 21:02:20.413879 > myhostIP.1636 > puck.snmp: C=MiniAP SetRequest(99) E:410.1.2.2.1.0=25_36_5d_b7_ef_92_82_3f_1e_88_7d_a 0_ce E:410.1.2.2.2.0=92_82_3f_1e_88_00_00_00_00_00_00_0 0_00 E:410.1.2.2.3.0=7d_a0_ce_00_00_00_00 21:02:20.420574 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(99) E:410.1.2.2.1.0=25_36_5d_b7_ef_92_82_3f_1e_88_7d_a 0_ce E:410.1.2.2.2.0=92_82_3f_1e_88_00_00_00_00_00_00_0 0_00 E:410.1.2.2.3.0=7d_a0_ce_00_00_00_00 Reboot the AP: 21:02:20.429570 > myhostIP.1636 > puck.snmp: C=MiniAP SetRequest(30) E:410.1.1.1.6.0=1 21:02:20.430878 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(30) E:410.1.1.1.6.0=1 AP reboots 21:02:21.628823 B 0.0.0.0.snmp-trap > 255.255.255.255.snmp-trap: Trap(26) E:410.1.1 [192.168.0.2] coldStart 0[nothing to parse] Oct 27 21:02:21 myhost kernel: Packet log: input REJECT eth1 PROTO=17 0.0.0.0:162 255.255.255.255:162 L=69 S=0x00 I=1 F=0x0000 T=64 (#62) Oct 27 21:02:22 myhost dhcpd: DHCPDISCOVER from 00:04:e2:0e:c1:12 via eth1 Oct 27 21:02:22 myhost dhcpd: DHCPOFFER on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1 Oct 27 21:02:22 myhost dhcpd: DHCPREQUEST for 192.168.0.2 from 00:04:e2:0e:c1:12 via eth1 Oct 27 21:02:22 myhost dhcpd: DHCPACK on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1 Now it asks for the WEP keys again (presumably, because the application is displaying this screen) 21:02:25.701487 > myhostIP.1636 > puck.snmp: C=MiniAP GetRequest(100) E:410.1.2.2.1.0 E:410.1.2.2.2.0 E:410.1.2.2.3.0 E:410.1.2.2.4.0 E:410.1.2.2.6.0[\|snmp] 21:02:25.708553 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(99) E:410.1.2.2.1.0=25_36_5d_b7_ef_92_82_3f_1e_88_7d_a 0_ce E:410.1.2.2.2.0=92_82_3f_1e_88_00_00_00_00_00_00_0 0_00 E:410.1.2.2.3.0=7d_a0_ce_00_00_00_00 And we're setting something else, what's here is the channel, essid len, essid, IP address, and something else that's truncated. 21:03:58.875963 > myhostIP.1636 > puck.snmp: C=MiniAP SetRequest(99) E:410.1.2.1.1.0=11 E:410.1.2.1.2.0=4 E:410.1.2.1.3.0="WLAN" E:410.1.1.2.1.0=[192.168.0.2] .iso.org=[\|snmp] 21:03:58.883984 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(99) E:410.1.2.1.1.0=11 E:410.1.2.1.2.0=4 E:410.1.2.1.3.0="WLAN" E:410.1.1.2.1.0=[192.168.0.2] .iso.org=[\|snmp] Reboot again: 21:03:58.906253 > myhostIP.1636 > puck.snmp: C=MiniAP SetRequest(30) E:410.1.1.1.6.0=1 21:03:58.907541 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(30) E:410.1.1.1.6.0=1 AP reboots 21:03:59.881766 B 0.0.0.0.snmp-trap > 255.255.255.255.snmp-trap: Trap(26) E:410.1.1 [192.168.0.2] coldStart 0[nothing to parse] Oct 27 21:03:59 myhost kernel: Packet log: input REJECT eth1 PROTO=17 0.0.0.0:162 255.255.255.255:162 L=69 S=0x00 I=1 F=0x0000 T=64 (#62) Oct 27 21:04:00 myhost dhcpd: DHCPDISCOVER from 00:04:e2:0e:c1:12 via eth1 Oct 27 21:04:00 myhost dhcpd: DHCPOFFER on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1 Oct 27 21:04:00 myhost dhcpd: DHCPREQUEST for 192.168.0.2 from 00:04:e2:0e:c1:12 via eth1 Oct 27 21:04:00 myhost dhcpd: DHCPACK on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1 Now we look at the MAC filters: first the AP tells us that MAC filtering is disabled: 21:12:14.085271 > myhostIP.1636 > puck.snmp: C=MiniAP GetRequest(29) E:410.1.2.6.1.0 21:12:14.087058 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(30) E:410.1.2.6.1.0=2 Then we set the first of the MAC filters -- but this is a broadcast address, and I don't know what the first 6 bytes mean. 21:12:14.112847 > myhostIP.1636 > puck.snmp: C=MiniAP SetRequest(41) E:410.1.2.6.2.0=02_00_00_00_01_00_00_00_00_00_00_0 0 21:12:14.114680 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(41) E:410.1.2.6.2.0=02_00_ff_ff_01_00_ff_ff_ff_ff_ff_f f And do the same thing again: 21:12:52.905507 > myhostIP.1636 > puck.snmp: C=MiniAP SetRequest(41) E:410.1.2.6.2.0=02_00_00_00_01_00_00_00_00_00_00_0 0 21:12:52.907373 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(41) E:410.1.2.6.2.0=02_00_ff_ff_01_00_ff_ff_ff_ff_ff_f f And then define one, and reboot the AP. This is AuthorizationMacEnable: 21:20:48.740921 > myhostIP.1636 > puck.snmp: C=MiniAP SetRequest(30) E:410.1.2.6.1.0=1 21:20:48.743222 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(30) E:410.1.2.6.1.0=1 This is AuthorizedMac: 21:20:48.963713 > myhostIP.1636 > puck.snmp: C=MiniAP SetRequest(41) E:410.1.2.6.2.0=01_00_01_00_01_00_00_02_2d_0e_c7_a 5 21:20:48.973928 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(41) E:410.1.2.6.2.0=01_00_01_00_01_00_00_02_2d_0e_c7_a 5 Restart: 21:20:49.194256 > myhostIP.1636 > puck.snmp: C=MiniAP SetRequest(30) E:410.1.1.1.6.0=1 21:20:49.195554 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(30) E:410.1.1.1.6.0=1 21:20:50.249189 B 0.0.0.0.snmp-trap > 255.255.255.255.snmp-trap: Trap(26) E:410.1.1 [192.168.0.2] coldStart 0[nothing to parse] Oct 27 21:20:50 myhost kernel: Packet log: input REJECT eth1 PROTO=17 0.0.0.0:162 255.255.255.255:162 L=69 S=0x00 I=1 F=0x0000 T=64 (#62) Oct 27 21:20:51 myhost dhcpd: DHCPDISCOVER from 00:04:e2:0e:c1:12 via eth1 Oct 27 21:20:51 myhost dhcpd: DHCPOFFER on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1 Oct 27 21:20:51 myhost dhcpd: DHCPREQUEST for 192.168.0.2 from 00:04:e2:0e:c1:12 via eth1 Oct 27 21:20:51 myhost dhcpd: DHCPACK on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1 Here we set the password (AuthorizedAdminPass and AuthorizedManufactPass) and then reboot. 22:02:06.431063 > myhostIP.1636 > puck.snmp: C=MiniAP SetRequest(63) E:410.1.1.9.2.0="password" E:410.1.1.9.3.0="password" 22:02:06.433880 < puck.snmp > myhostIP.1636: C=MiniAP GetResponse(63) E:410.1.1.9.2.0="password" E:410.1.1.9.3.0="password" 22:02:07.192025 B 0.0.0.0.snmp-trap > 255.255.255.255.snmp-trap: Trap(26) E:410.1.1 [192.168.0.2] coldStart 0[nothing to parse] Oct 27 22:02:07 myhost kernel: Packet log: input REJECT eth1 PROTO=17 0.0.0.0:162 255.255.255.255:162 L=69 S=0x00 I=1 F=0x0000 T=64 (#62) Oct 27 22:02:08 myhost dhcpd: DHCPDISCOVER from 00:04:e2:0e:c1:12 via eth1 Oct 27 22:02:08 myhost dhcpd: DHCPOFFER on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1 Oct 27 22:02:08 myhost dhcpd: DHCPREQUEST for 192.168.0.2 from 00:04:e2:0e:c1:12 via eth1 Oct 27 22:02:08 myhost dhcpd: DHCPACK on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1 Now, with the new password: 22:45:19.045483 > myhostIP.1636 > puck.snmp: C=password GetRequest(47) E:410.1.1.1.1.0 E:410.1.2.1.1.0\ 22:45:19.047226 B arp who-has myhostIP (0:2:64:6:a1:0) tell puck 22:45:19.047332 > arp reply myhostIP (0:50:bf:75:8:90) is-at 0:50:bf:75:8:90 (0:4:e2:e:c1:12) 22:45:19.047739 < puck.snmp > myhostIP.1636: C=password GetResponse(99) E:410.1.1.1.1.0=38_30_32_2e_31_31_20_41_50_20_28_5 6_65_72_2e_20_31_2e_34_66_2e_34_29_20_4d_69_6e_69_ 41_50_00_00_e5_03_00_00_b9_af_01_02_44_db_00_01_bc _05_00_00_0c_00_00_00_17_a9_00_01_74 E:410.1.2=[\|snmp] 22:45:19.056114 > myhostIP.1636 > puck.snmp: C=password SetRequest(30) E:410.1.2.1.6.0=2 22:45:19.057696 < puck.snmp > myhostIP.1636: C=password GetResponse(30) E:410.1.2.1.6.0=2 22:45:19.079306 > myhostIP.1636 > puck.snmp: C=password GetRequest(98) E:410.1.1.1.5.0 E:410.1.1.2.1.0 E:410.1.1.2.2.0 E:410.1.1.2.3.0 E:410.1.2.1.1[\|snmp] 22:45:19.083180 < puck.snmp > myhostIP.1636: C=password GetResponse(97) E:410.1.1.1.5.0=02_00_00_00_00_04_e2_0e_c1_12_00_0 1_10_00_00_00_00_00_00_00_45_55_4d_49_54_43_4f_4d_ 00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00 _00_00_00_00_00_00_00_00_00_00_00_41_43_43_45_53_5 3_20_50_4f_49_4e 22:45:19.097005 > myhostIP.1636 > puck.snmp: C=password GetRequest(98) E:410.1.2.1.3.0 E:410.1.2.2.5.0 E:410.1.2.5.1.0 E:410.1.2.1.4.0 E:410.1.2.1.10[\|snmp] 22:45:19.102888 < puck.snmp > myhostIP.1636: C=password GetResponse(97) E:410.1.2.1.3.0=57_4c_41_4e_00_00_00_00_00_00_00_0 0_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_ 00_00_00_00 E:410.1.2.2.5.0=3 E:410.1.2.5.1.0=[\|snmp] we intend to change the wepkey again: 22:45:46.511725 > myhostIP.1636 > puck.snmp: C=password GetRequest(98) E:410.1.1.1.5.0 E:410.1.1.2.1.0 E:410.1.1.2.2.0 E:410.1.1.2.3.0 E:410.1.2.1.1[\|snmp] 22:45:46.515610 < puck.snmp > myhostIP.1636: C=password GetResponse(97) E:410.1.1.1.5.0=02_00_00_00_00_04_e2_0e_c1_12_00_0 1_10_00_00_00_00_00_00_00_45_55_4d_49_54_43_4f_4d_ 00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00 _00_00_00_00_00_00_00_00_00_00_00_41_43_43_45_53_5 3_20_50_4f_49_4e 22:45:46.544053 > myhostIP.1636 > puck.snmp: C=password GetRequest(98) E:410.1.2.1.3.0 E:410.1.2.2.5.0 E:410.1.2.5.1.0 E:410.1.2.1.4.0 E:410.1.2.1.10[\|snmp] 22:45:46.549926 < puck.snmp > myhostIP.1636: C=password GetResponse(97) E:410.1.2.1.3.0=57_4c_41_4e_00_00_00_00_00_00_00_0 0_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_ 00_00_00_00 E:410.1.2.2.5.0=3 E:410.1.2.5.1.0=[\|snmp] 22:45:53.221938 > myhostIP.1636 > puck.snmp: C=password GetRequest(98) E:410.1.2.2.1.0 E:410.1.2.2.2.0 E:410.1.2.2.3.0 E:410.1.2.2.4.0 E:410.1.2.2.6[\|snmp] 22:45:53.228566 < puck.snmp > myhostIP.1636: C=password GetResponse(97) E:410.1.2.2.1.0=25_36_5d_b7_ef_92_82_3f_1e_88_7d_a 0_ce E:410.1.2.2.2.0=92_82_3f_1e_88_00_00_00_00_00_00_0 0_00 E:410.1.2.2.3.0=7d_a0_ce_00_00 And we really change it: 22:47:07.351579 > myhostIP.1636 > puck.snmp: C=password SetRequest(97) E:410.1.2.2.1.0=fc_54_d7_f1_dd_ef_00_25_52_10_ae_1 3_f3 E:410.1.2.2.2.0=fc_54_d7_f1_dd_00_00_00_00_00_00_0 0_00 E:410.1.2.2.3.0=87_2d_9f_00_00 22:47:07.358748 < puck.snmp > myhostIP.1636: C=password GetResponse(97) E:410.1.2.2.1.0=fc_54_d7_f1_dd_ef_00_25_52_10_ae_1 3_f3 E:410.1.2.2.2.0=fc_54_d7_f1_dd_00_00_00_00_00_00_0 0_00 E:410.1.2.2.3.0=87_2d_9f_00_00 22:47:07.365696 > myhostIP.1636 > puck.snmp: C=password SetRequest(30) E:410.1.1.1.6.0=1 22:47:07.366990 < puck.snmp > myhostIP.1636: C=password GetResponse(30) E:410.1.1.1.6.0=1 22:47:07.916889 B 0.0.0.0.snmp-trap > 255.255.255.255.snmp-trap: Trap(26) E:410.1.1 [192.168.0.2] coldStart 0[nothing to parse] Oct 27 22:47:07 myhost kernel: Packet log: input REJECT eth1 PROTO=17 0.0.0.0:162 255.255.255.255:162 L=69 S=0x00 I=1 F=0x0000 T=64 (#62) Oct 27 22:47:08 myhost dhcpd: DHCPDISCOVER from 00:04:e2:0e:c1:12 via eth1 Oct 27 22:47:08 myhost dhcpd: DHCPOFFER on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1 Oct 27 22:47:08 myhost dhcpd: DHCPREQUEST for 192.168.0.2 from 00:04:e2:0e:c1:12 via eth1 Oct 27 22:47:08 myhost dhcpd: DHCPACK on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1 22:47:13.037709 > myhostIP.1636 > puck.snmp: C=password GetRequest(98) E:410.1.2.2.1.0 E:410.1.2.2.2.0 E:410.1.2.2.3.0 E:410.1.2.2.4.0 E:410.1.2.2.6[\|snmp] 22:47:13.044753 < puck.snmp > myhostIP.1636: C=password GetResponse(97) E:410.1.2.2.1.0=11_7e_bd_3f_9e_fc_54_d7_f1_dd_87_2 d_9f E:410.1.2.2.2.0=fc_54_d7_f1_dd_00_00_00_00_00_00_0 0_00 E:410.1.2.2.3.0=87_2d_9f_00_00 Now we change the APname and SSID: 22:54:59.749026 > myhostIP.1636 > puck.snmp: C=password SetRequest(97) E:410.1.2.1.1.0=11 E:410.1.2.1.2.0=14 E:410.1.2.1.3.0="AP@myhost" E:410.1.1.2.1=[\|snmp] 22:54:59.757138 < puck.snmp > myhostIP.1636: C=password GetResponse(97) E:410.1.2.1.1.0=11 E:410.1.2.1.2.0=14 E:410.1.2.1.3.0="AP@myhost" E:410.1.1.2.1=[\|snmp] 22:54:59.778347 > myhostIP.1636 > puck.snmp: C=password SetRequest(30) E:410.1.1.1.6.0=1 22:54:59.779657 < puck.snmp > myhostIP.1636: C=password GetResponse(30) E:410.1.1.1.6.0=1 22:55:00.805589 B 0.0.0.0.snmp-trap > 255.255.255.255.snmp-trap: Trap(26) E:410.1.1 [192.168.0.2] coldStart 0[nothing to parse] Oct 27 22:55:00 myhost kernel: Packet log: input REJECT eth1 PROTO=17 0.0.0.0:162 255.255.255.255:162 L=69 S=0x00 I=1 F=0x0000 T=64 (#62) Oct 27 22:55:01 myhost dhcpd: DHCPDISCOVER from 00:04:e2:0e:c1:12 via eth1 Oct 27 22:55:01 myhost dhcpd: DHCPOFFER on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1 Oct 27 22:55:01 myhost dhcpd: DHCPREQUEST for 192.168.0.2 from 00:04:e2:0e:c1:12 via eth1 Oct 27 22:55:01 myhost dhcpd: DHCPACK on 192.168.0.2 to 00:04:e2:0e:c1:12 via eth1