The Class attributed is missing in some accounting packets sent from the same NAS.
Selahattin Cilek
selahattin_cilek at hotmail.com
Tue Feb 7 17:20:56 CET 2017
I have been experimenting with the Class attribute to obtain the user's
true identity in order to do accounting and I realised that accounting
packets arriving from some users do not have this attribute.
User DIALLO is one:
# tcpdump -n -vvv -i igb0_vlan1 src host 192.168.0.38 and dst host
192.168.0.1 and dst port 1813
tcpdump: listening on igb0_vlan1, link-type EN10MB (Ethernet), capture
size 65535 bytes
18:53:55.223923 IP (tos 0x0, ttl 64, id 11875, offset 0, flags [none],
proto UDP (17), length 239)
192.168.0.38.58259 > 192.168.0.1.1813: [udp sum ok] RADIUS, length: 211
Accounting Request (4), id: 0x23, Authenticator:
665d040e38bcb72f122fdd6dcd9276de
Accounting Session ID Attribute (44), length: 19, Value:
5899CA79-00000067
0x0000: 3538 3939 4341 3739 2d30 3030 3030 3036
0x0010: 37
Accounting Status Attribute (40), length: 6, Value:
Interim-Update
0x0000: 0000 0003
Accounting Authentication Attribute (45), length: 6, Value:
RADIUS
0x0000: 0000 0001
Username Attribute (1), length: 8, Value: DIALLO
0x0000: 4449 414c 4c4f
NAS ID Attribute (32), length: 16, Value: KAT_8_MERDIVEN
0x0000: 4b41 545f 385f 4d45 5244 4956 454e
Called Station Attribute (30), length: 27, Value:
DC-9F-DB-34-CF-B4:TDV.NET
0x0000: 4443 2d39 462d 4442 2d33 342d 4346 2d42
0x0010: 343a 5444 562e 4e45 54
NAS Port Type Attribute (61), length: 6, Value: Wireless -
IEEE 802.11
0x0000: 0000 0013
NAS Port Attribute (5), length: 6, Value: 0
0x0000: 0000 0000
Calling Station Attribute (31), length: 19, Value:
B0-E0-3C-7D-5F-1C
0x0000: 4230 2d45 302d 3343 2d37 442d 3546 2d31
0x0010: 43
Connect Info Attribute (77), length: 23, Value: CONNECT 0Mbps
802.11b
0x0000: 434f 4e4e 4543 5420 304d 6270 7320 3830
0x0010: 322e 3131 62
Accounting Session ID Attribute (44), length: 19, Value:
5899CA79-00000067
0x0000: 3538 3939 4341 3739 2d30 3030 3030 3036
0x0010: 37
Accounting Session Time Attribute (46), length: 6, Value:
20:00 min
0x0000: 0000 04b0
Accounting Input Packets Attribute (47), length: 6, Value: 824
0x0000: 0000 0338
Accounting Output Packets Attribute (48), length: 6, Value: 609
0x0000: 0000 0261
Accounting Input Octets Attribute (42), length: 6, Value: 122272
0x0000: 0001 dda0
Accounting Output Octets Attribute (43), length: 6, Value: 267901
0x0000: 0004 167d
Event Timestamp Attribute (55), length: 6, Value: Tue Feb 7
18:53:55 2017
0x0000: 5899 ed93
18:55:34.027533 IP (tos 0x0, ttl 64, id 11888, offset 0, flags [none],
proto UDP (17), length 221)
192.168.0.38.58259 > 192.168.0.1.1813: [udp sum ok] RADIUS, length: 193
Accounting Request (4), id: 0x30, Authenticator:
b00abcd321185eb862b8caad7b1978ef
Accounting Session ID Attribute (44), length: 19, Value:
5899CA79-00000075
0x0000: 3538 3939 4341 3739 2d30 3030 3030 3037
0x0010: 35
Accounting Status Attribute (40), length: 6, Value: Start
0x0000: 0000 0001
Accounting Authentication Attribute (45), length: 6, Value:
RADIUS
0x0000: 0000 0001
Username Attribute (1), length: 13, Value: 99709507736
0x0000: 3939 3730 3935 3037 3733 36
NAS ID Attribute (32), length: 16, Value: KAT_8_MERDIVEN
0x0000: 4b41 545f 385f 4d45 5244 4956 454e
Called Station Attribute (30), length: 27, Value:
DC-9F-DB-34-CF-B4:TDV.NET
0x0000: 4443 2d39 462d 4442 2d33 342d 4346 2d42
0x0010: 343a 5444 562e 4e45 54
NAS Port Type Attribute (61), length: 6, Value: Wireless -
IEEE 802.11
0x0000: 0000 0013
NAS Port Attribute (5), length: 6, Value: 0
0x0000: 0000 0000
Calling Station Attribute (31), length: 19, Value:
EC-9B-F3-48-BD-70
0x0000: 4543 2d39 422d 4633 2d34 382d 4244 2d37
0x0010: 30
Connect Info Attribute (77), length: 23, Value: CONNECT 0Mbps
802.11b
0x0000: 434f 4e4e 4543 5420 304d 6270 7320 3830
0x0010: 322e 3131 62
Accounting Session ID Attribute (44), length: 19, Value:
5899CA79-00000075
0x0000: 3538 3939 4341 3739 2d30 3030 3030 3037
0x0010: 35
Class Attribute (25), length: 13, Value: 99709507736
0x0000: 3939 3730 3935 3037 3733 36
18:58:34.913045 IP (tos 0x0, ttl 64, id 11889, offset 0, flags [none],
proto UDP (17), length 255)
192.168.0.38.58259 > 192.168.0.1.1813: [udp sum ok] RADIUS, length: 227
Accounting Request (4), id: 0x31, Authenticator:
28c4e93aeb5f31d38dd70b203cc3c397
Accounting Session ID Attribute (44), length: 19, Value:
5899CA79-0000006E
0x0000: 3538 3939 4341 3739 2d30 3030 3030 3036
0x0010: 45
Accounting Status Attribute (40), length: 6, Value:
Interim-Update
0x0000: 0000 0003
Accounting Authentication Attribute (45), length: 6, Value:
RADIUS
0x0000: 0000 0001
Username Attribute (1), length: 11, Value: anonymous
0x0000: 616e 6f6e 796d 6f75 73
NAS ID Attribute (32), length: 16, Value: KAT_8_MERDIVEN
0x0000: 4b41 545f 385f 4d45 5244 4956 454e
Called Station Attribute (30), length: 27, Value:
DC-9F-DB-34-CF-B4:TDV.NET
0x0000: 4443 2d39 462d 4442 2d33 342d 4346 2d42
0x0010: 343a 5444 562e 4e45 54
NAS Port Type Attribute (61), length: 6, Value: Wireless -
IEEE 802.11
0x0000: 0000 0013
NAS Port Attribute (5), length: 6, Value: 0
0x0000: 0000 0000
Calling Station Attribute (31), length: 19, Value:
74-C6-3B-36-29-59
0x0000: 3734 2d43 362d 3342 2d33 362d 3239 2d35
0x0010: 39
Connect Info Attribute (77), length: 23, Value: CONNECT 0Mbps
802.11b
0x0000: 434f 4e4e 4543 5420 304d 6270 7320 3830
0x0010: 322e 3131 62
Accounting Session ID Attribute (44), length: 19, Value:
5899CA79-0000006E
0x0000: 3538 3939 4341 3739 2d30 3030 3030 3036
0x0010: 45
Class Attribute (25), length: 13, Value: 99820339216
0x0000: 3939 3832 3033 3339 3231 36
Accounting Session Time Attribute (46), length: 6, Value:
20:00 min
0x0000: 0000 04b0
Accounting Input Packets Attribute (47), length: 6, Value: 86528
0x0000: 0001 5200
Accounting Output Packets Attribute (48), length: 6, Value:
170084
0x0000: 0002 9864
Accounting Input Octets Attribute (42), length: 6, Value: 8723193
0x0000: 0085 1af9
Accounting Output Octets Attribute (43), length: 6, Value:
246200999
0x0000: 0eac baa7
Event Timestamp Attribute (55), length: 6, Value: Tue Feb 7
18:58:34 2017
0x0000: 5899 eeaa
19:03:55.228054 IP (tos 0x0, ttl 64, id 11890, offset 0, flags [none],
proto UDP (17), length 239)
192.168.0.38.58259 > 192.168.0.1.1813: [udp sum ok] RADIUS, length: 211
Accounting Request (4), id: 0x32, Authenticator:
8bfa38999488fd0e02b3c2218d27536c
Accounting Session ID Attribute (44), length: 19, Value:
5899CA79-00000067
0x0000: 3538 3939 4341 3739 2d30 3030 3030 3036
0x0010: 37
Accounting Status Attribute (40), length: 6, Value:
Interim-Update
0x0000: 0000 0003
Accounting Authentication Attribute (45), length: 6, Value:
RADIUS
0x0000: 0000 0001
Username Attribute (1), length: 8, Value: DIALLO
0x0000: 4449 414c 4c4f
NAS ID Attribute (32), length: 16, Value: KAT_8_MERDIVEN
0x0000: 4b41 545f 385f 4d45 5244 4956 454e
Called Station Attribute (30), length: 27, Value:
DC-9F-DB-34-CF-B4:TDV.NET
0x0000: 4443 2d39 462d 4442 2d33 342d 4346 2d42
0x0010: 343a 5444 562e 4e45 54
NAS Port Type Attribute (61), length: 6, Value: Wireless -
IEEE 802.11
0x0000: 0000 0013
NAS Port Attribute (5), length: 6, Value: 0
0x0000: 0000 0000
Calling Station Attribute (31), length: 19, Value:
B0-E0-3C-7D-5F-1C
0x0000: 4230 2d45 302d 3343 2d37 442d 3546 2d31
0x0010: 43
Connect Info Attribute (77), length: 23, Value: CONNECT 0Mbps
802.11b
0x0000: 434f 4e4e 4543 5420 304d 6270 7320 3830
0x0010: 322e 3131 62
Accounting Session ID Attribute (44), length: 19, Value:
5899CA79-00000067
0x0000: 3538 3939 4341 3739 2d30 3030 3030 3036
0x0010: 37
Accounting Session Time Attribute (46), length: 6, Value:
30:00 min
0x0000: 0000 0708
Accounting Input Packets Attribute (47), length: 6, Value: 1035
0x0000: 0000 040b
Accounting Output Packets Attribute (48), length: 6, Value: 720
0x0000: 0000 02d0
Accounting Input Octets Attribute (42), length: 6, Value: 143517
0x0000: 0002 309d
Accounting Output Octets Attribute (43), length: 6, Value: 283570
0x0000: 0004 53b2
Event Timestamp Attribute (55), length: 6, Value: Tue Feb 7
19:03:55 2017
0x0000: 5899 efeb
19:04:21.718225 IP (tos 0x0, ttl 64, id 11896, offset 0, flags [none],
proto UDP (17), length 208)
192.168.0.38.58259 > 192.168.0.1.1813: [udp sum ok] RADIUS, length: 180
Accounting Request (4), id: 0x38, Authenticator:
c8eb8e5b65aaddedfceb8025ceecb296
Accounting Session ID Attribute (44), length: 19, Value:
5899CA79-00000076
0x0000: 3538 3939 4341 3739 2d30 3030 3030 3037
0x0010: 36
Accounting Status Attribute (40), length: 6, Value: Start
0x0000: 0000 0001
Accounting Authentication Attribute (45), length: 6, Value:
RADIUS
0x0000: 0000 0001
Username Attribute (1), length: 13, Value: 11947606194
0x0000: 3131 3934 3736 3036 3139 34
NAS ID Attribute (32), length: 16, Value: KAT_8_MERDIVEN
0x0000: 4b41 545f 385f 4d45 5244 4956 454e
Called Station Attribute (30), length: 27, Value:
DC-9F-DB-34-CF-B4:TDV.NET
0x0000: 4443 2d39 462d 4442 2d33 342d 4346 2d42
0x0010: 343a 5444 562e 4e45 54
NAS Port Type Attribute (61), length: 6, Value: Wireless -
IEEE 802.11
0x0000: 0000 0013
NAS Port Attribute (5), length: 6, Value: 0
0x0000: 0000 0000
Calling Station Attribute (31), length: 19, Value:
9C-5C-F9-4B-C2-E1
0x0000: 3943 2d35 432d 4639 2d34 422d 4332 2d45
0x0010: 31
Connect Info Attribute (77), length: 23, Value: CONNECT 0Mbps
802.11b
0x0000: 434f 4e4e 4543 5420 304d 6270 7320 3830
0x0010: 322e 3131 62
Accounting Session ID Attribute (44), length: 19, Value:
5899CA79-00000076
0x0000: 3538 3939 4341 3739 2d30 3030 3030 3037
0x0010: 36
And user 11947606194 :
19:05:09.093536 IP (tos 0x0, ttl 64, id 11897, offset 0, flags [none],
proto UDP (17), length 250)
192.168.0.38.58259 > 192.168.0.1.1813: [udp sum ok] RADIUS, length: 222
Accounting Request (4), id: 0x39, Authenticator:
0fdcd6d168cbd93aa971cba850d62d21
Accounting Session ID Attribute (44), length: 19, Value:
5899CA79-00000076
0x0000: 3538 3939 4341 3739 2d30 3030 3030 3037
0x0010: 36
Accounting Status Attribute (40), length: 6, Value: Stop
0x0000: 0000 0002
Accounting Authentication Attribute (45), length: 6, Value:
RADIUS
0x0000: 0000 0001
Username Attribute (1), length: 13, Value: 11947606194
0x0000: 3131 3934 3736 3036 3139 34
NAS ID Attribute (32), length: 16, Value: KAT_8_MERDIVEN
0x0000: 4b41 545f 385f 4d45 5244 4956 454e
Called Station Attribute (30), length: 27, Value:
DC-9F-DB-34-CF-B4:TDV.NET
0x0000: 4443 2d39 462d 4442 2d33 342d 4346 2d42
0x0010: 343a 5444 562e 4e45 54
NAS Port Type Attribute (61), length: 6, Value: Wireless -
IEEE 802.11
0x0000: 0000 0013
NAS Port Attribute (5), length: 6, Value: 0
0x0000: 0000 0000
Calling Station Attribute (31), length: 19, Value:
9C-5C-F9-4B-C2-E1
0x0000: 3943 2d35 432d 4639 2d34 422d 4332 2d45
0x0010: 31
Connect Info Attribute (77), length: 23, Value: CONNECT 0Mbps
802.11b
0x0000: 434f 4e4e 4543 5420 304d 6270 7320 3830
0x0010: 322e 3131 62
Accounting Session ID Attribute (44), length: 19, Value:
5899CA79-00000076
0x0000: 3538 3939 4341 3739 2d30 3030 3030 3037
0x0010: 36
Accounting Session Time Attribute (46), length: 6, Value: 47 secs
0x0000: 0000 002f
Accounting Input Packets Attribute (47), length: 6, Value: 412
0x0000: 0000 019c
Accounting Output Packets Attribute (48), length: 6, Value: 263
0x0000: 0000 0107
Accounting Input Octets Attribute (42), length: 6, Value: 97791
0x0000: 0001 7dff
Accounting Output Octets Attribute (43), length: 6, Value: 156484
0x0000: 0002 6344
Event Timestamp Attribute (55), length: 6, Value: Tue Feb 7
19:05:09 2017
0x0000: 5899 f035
Accounting Termination Cause Attribute (49), length: 6,
Value: User Request
0x0000: 0000 0001
19:05:34.031487 IP (tos 0x0, ttl 64, id 11898, offset 0, flags [none],
proto UDP (17), length 257)
192.168.0.38.58259 > 192.168.0.1.1813: [udp sum ok] RADIUS, length: 229
Accounting Request (4), id: 0x3a, Authenticator:
fbfa93257081e2964aae2b0f46445dd1
Accounting Session ID Attribute (44), length: 19, Value:
5899CA79-00000075
0x0000: 3538 3939 4341 3739 2d30 3030 3030 3037
0x0010: 35
Accounting Status Attribute (40), length: 6, Value:
Interim-Update
0x0000: 0000 0003
Accounting Authentication Attribute (45), length: 6, Value:
RADIUS
0x0000: 0000 0001
Username Attribute (1), length: 13, Value: 99709507736
0x0000: 3939 3730 3935 3037 3733 36
NAS ID Attribute (32), length: 16, Value: KAT_8_MERDIVEN
0x0000: 4b41 545f 385f 4d45 5244 4956 454e
Called Station Attribute (30), length: 27, Value:
DC-9F-DB-34-CF-B4:TDV.NET
0x0000: 4443 2d39 462d 4442 2d33 342d 4346 2d42
0x0010: 343a 5444 562e 4e45 54
NAS Port Type Attribute (61), length: 6, Value: Wireless -
IEEE 802.11
0x0000: 0000 0013
NAS Port Attribute (5), length: 6, Value: 0
0x0000: 0000 0000
Calling Station Attribute (31), length: 19, Value:
EC-9B-F3-48-BD-70
0x0000: 4543 2d39 422d 4633 2d34 382d 4244 2d37
0x0010: 30
Connect Info Attribute (77), length: 23, Value: CONNECT 0Mbps
802.11b
0x0000: 434f 4e4e 4543 5420 304d 6270 7320 3830
0x0010: 322e 3131 62
Accounting Session ID Attribute (44), length: 19, Value:
5899CA79-00000075
0x0000: 3538 3939 4341 3739 2d30 3030 3030 3037
0x0010: 35
Class Attribute (25), length: 13, Value: 99709507736
0x0000: 3939 3730 3935 3037 3733 36
Accounting Session Time Attribute (46), length: 6, Value:
10:00 min
0x0000: 0000 0258
Accounting Input Packets Attribute (47), length: 6, Value: 4316
0x0000: 0000 10dc
Accounting Output Packets Attribute (48), length: 6, Value: 4462
0x0000: 0000 116e
Accounting Input Octets Attribute (42), length: 6, Value: 400013
0x0000: 0006 1a8d
Accounting Output Octets Attribute (43), length: 6, Value:
5071812
0x0000: 004d 63c4
Event Timestamp Attribute (55), length: 6, Value: Tue Feb 7
19:05:34 2017
0x0000: 5899 f04e
Does anyone have any idea why this is happening?
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
More information about the Freeradius-Users
mailing list