Replaying data with tcpdump/netcat
There is probably something pretty simple I'm forgetting, but please bear with me. :) We're in the process of migrating our Cistron server to FreeRADIUS. We are currently testing FreeRADIUS 1.1.0 CVS HEAD because of our need to accept and log MAX TNT TAOS v11 Ascend-* 16bit attributes. We are logging to both ASCII detail files and a MySQL database. We will be using both servers in parallel periodically checking to see if FreeRADIUS keeps up, and eventually shutting down the Cistron server. In the meantime, the NASes will be switched in between the both of them. Because we do not want accounting data terribly out of sync, we are shifting the accounting data over from our live machine to a test machine in increments of a few minutes, and I'm logging such data with "tcpdump -s 1500 -w raw.txt port 1813 and udp". I hope to catch some log data that I can easily replay to the test machine while the accounting is shifted back to our live server. To replay that data. I am using "cat raw.txt | nc -u <ip of test server> radius-acct". When the data starts to flow, I receive this output from radiusd -X: WARNING: Bad RADIUS packet from host x.x.x.x: unknown packet code 212 --- Walking the entire request list --- Nothing to do. Sleeping until we see a request. WARNING: Bad RADIUS packet from host x.x.x.x: unknown packet code 102 Nothing to do. Sleeping until we see a request. WARNING: Bad RADIUS packet from host x.x.x.x: unknown packet code 171 Nothing to do. Sleeping until we see a request. WARNING: Malformed RADIUS packet from host x.x.x.x: too long (length 29290 > maximum 4096) Nothing to do. Sleeping until we see a request. WARNING: Malformed RADIUS packet from host x.x.x.x: too long (length 14643 > maximum 4096) Nothing to do. Sleeping until we see a request. WARNING: Bad RADIUS packet from host x.x.x.x: unknown packet code 0 Nothing to do. Sleeping until we see a request. WARNING: Malformed RADIUS packet from host x.x.x.x: too short (received 4 < minimum 20) Nothing to do. Sleeping until we see a request. WARNING: Malformed RADIUS packet from host x.x.x.x: too long (length 12294 > maximum 4096) Nothing to do. Sleeping until we see a request. I realize that the accounting port may not understand and handle authorization requests, but I do know that there are /some/ accounting requst packets in this raw file that FR should be handling. Should I not be seeing debug lines that reference these accounting requests logging to ASCII detail files or SQL INSERT/UPDATE s? I'm also using -s 0 and -s 512 in tcpdump in case that may be an issue. Still no dice. Am I using tcpdump/netcat in the correct manner? Should I capture /much more data/ for FreeRADIUS to work this way? Is there something else I could do to capture raw UDP streams and replay them? Thanks for all the help. I'm new to RADIUS, be gentle. :) Wes
Wesley Spadola <wspadola@porchlight.ca> wrote:
Because we do not want accounting data terribly out of sync, we are shifting the accounting data over from our live machine to a test machine in increments of a few minutes, and I'm logging such data with "tcpdump -s 1500 -w raw.txt port 1813 and udp".
Why not just log to the "detail" file?
I hope to catch some log data that I can easily replay to the test machine while the accounting is shifted back to our live server.
The "detail" file is meant to do exactly this.
To replay that data. I am using "cat raw.txt | nc -u <ip of test server> radius-acct". When the data starts to flow, I receive this output from radiusd -X:
WARNING: Bad RADIUS packet from host x.x.x.x: unknown packet code 212
Run tcpdump on the network again to see if "nc" is sending real RADIUS packets. I don't think it is. If you're sending *text* output from tcpdump to "nc", that won't work. If you're sending "pcap" data to "nc", then it probably won't work, either.
I realize that the accounting port may not understand and handle authorization requests, but I do know that there are /some/ accounting requst packets in this raw file that FR should be handling.
Nope. The data you're sending it is not RADIUS accounting packets. It's something else.
Am I using tcpdump/netcat in the correct manner?
No.
Should I capture /much more data/ for FreeRADIUS to work this way?
No. Use the "detail" file.
Is there something else I could do to capture raw UDP streams and replay them?
Don't. You need to use the shared secret, for one. Use existing tools to replay traffic. "detail", "radrelay". Alan DeKok.
Alan DeKok wrote:
with "tcpdump -s 1500 -w raw.txt port 1813 and udp".
"-s 0" instead of "-s 1500" would be better, radius packets are not restricted to 1500 bytes. -- Groeten, Regards, Salutations, Thor Spruyt M: +32 (0)475 67 22 65 E: thor.spruyt@telenet.be W: www.thor-spruyt.com www.salesguide.be www.telenethotspot.be
participants (3)
-
Alan DeKok -
Thor Spruyt -
Wesley Spadola