Decoding a Sniffer-trace of RADIUS Transaction [Authentication Protocols]

Document ID: 13845

Updated: May 03, 2004

Introduction

The layout of Remote Authentication Dial In User Service (RADIUS) packets for authentication and accounting is described in RFCs 2138 and 2139. This document provides an example of the breakdown of packets in an exchange between a RADIUS client and a RADIUS server, which includes sending vendor-specific attribute 26, and our vendor code 9 (Cisco). The RADIUS client is rtpkrb.rtp.cisco.com and rtp-pinecone.rtp.cisco.com is the RADIUS server. In the following exchange:

rtpkrb sends an access-request to rtp-pinecone.
rtp-pinecone sends an access-accept to rtpkrb.
rtpkrb sends an accounting-request (start) to rtp-pinecone.
rtp-pinecone sends an accounting-response to rtpkrb.
rtpkrb sends an accounting-request (stop) to rtp-pinecone.
rtp-pinecone sends an accounting-response to rtpkrb.


PktID Timestamp     Size Source Node          Destination Node  Status Protocol
-------------------------------------------------------------------------------
    1 18:14:20.355  0119 rtpkrb.rtp.cisco.    rtp-pinecone.rtp.        DoD UDP

Frame 1 Size   119 Absolute Time Sep 21 18:14:20.355 ASCII MODE
-------------------------------------------------------------------------------
  00000: 08 00 20 1a 5f 3d 00 00 0c 5c 5b 38 08 00 45 00   .. ._=...\[8..E.
  00016: 00 65 04 e0 00 00 fd 11 8b da 0a 1f 01 05 ab 44   .e.............D
  00032: 76 65 06 6d 06 6d 00 51 af 1b 01 09 00 49 a4 74   ve.m.m.Q.....I.t
  00048: 24 e1 6f ce 77 79 88 6e e7 be 3c fe 0d a2 04 06   $.o.wy.n..<.....
  00064: 0a 1f 01 05 05 06 00 00 00 12 3d 06 00 00 00 05   ..........=.....
  00080: 01 06 62 69 6c 6c 1f 0b 31 30 2e 33 31 2e 31 2e   ..bill..10.31.1.
  00096: 35 02 12 fe 57 fc ec b1 88 e1 91 50 c2 fd de 8f   5...W......P....
  00112: 3f 69 20 cc 5c 19 97                              ?i .\..

X-byte  Value           Meaning
42      01              access request
43      09              identifier
44-45   0049            length (X49 = 73 = byte 42-114)
46-61                   Request Authenticator
62      04              Attribute 4 = NAS-IP-Address
63      06              length of attribute
64-67   0a 1f 01 05     10.31.1.5
68      05              Attribute 5 = NAS-Port
69      06              length of attribute
70-73   12              X12 = 18 (i.e. tty 18)
74      3d              Attribute 61 = NAS-Port-Type
75      06              length of attribute
76-79   00 00 00 05     5 = virtual
80      01              Attribute 1 = User-Name
81      06              length of attribute
82-85   62 69 6c 6c     'bill'
86      1f              Attribute 31 = Calling-Station-ID
87      0b              length of attribute
88-96   31 30 2e 33 31 2e 31 2e 35 = 10.31.1.5
97      02              Attribute 2 = User-Password
98      12              length of attribute
99-114  fe 57 fc ec b1 88 e1 91 50 c2 fd de 8f 3f 69 20 = encrypted password

Related Information

Was this document helpful? Yes No

Open a Support Case Login Required (Requires a Cisco Service Contract.)

Related Cisco Support Community Discussions

The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.

Refer to Cisco Technical Tips Conventions for information on conventions used in this document.

Updated: May 03, 2004

Document ID: 13845

Authentication Protocols