Replaying data with tcpdump/netcat

Wesley Spadola wspadola at porchlight.ca
Wed Aug 24 19:14:02 CEST 2005 

There is probably something pretty simple I'm forgetting, but please
bear with me.  :)

We're in the process of migrating our Cistron server to FreeRADIUS.
We are currently testing FreeRADIUS 1.1.0 CVS HEAD because of our need
to accept and log MAX TNT TAOS v11 Ascend-* 16bit attributes.  We are 
logging to both ASCII detail files and a MySQL database.

We will be using both servers in parallel periodically checking to see 
if FreeRADIUS keeps up, and eventually shutting down the Cistron server. 
  In the meantime, the NASes will be switched in between the both of them.

Because we do not want accounting data terribly out of sync, we are
shifting the accounting data over from our live machine to a test
machine in increments of a few minutes, and I'm logging such data with
"tcpdump -s 1500 -w raw.txt port 1813 and udp".  I hope to catch some
log data that I can easily replay to the test machine while the
accounting is shifted back to our live server.

To replay that data. I am using "cat raw.txt | nc -u <ip of test server>
radius-acct".  When the data starts to flow, I receive this output from
radiusd -X:

WARNING: Bad RADIUS packet from host x.x.x.x: unknown packet code 212
--- Walking the entire request list ---
Nothing to do.  Sleeping until we see a request.
WARNING: Bad RADIUS packet from host x.x.x.x: unknown packet code 102
Nothing to do.  Sleeping until we see a request.
WARNING: Bad RADIUS packet from host x.x.x.x: unknown packet code 171
Nothing to do.  Sleeping until we see a request.
WARNING: Malformed RADIUS packet from host x.x.x.x: too long (length 
29290 > maximum 4096)
Nothing to do.  Sleeping until we see a request.
WARNING: Malformed RADIUS packet from host x.x.x.x: too long (length 
14643 > maximum 4096)
Nothing to do.  Sleeping until we see a request.
WARNING: Bad RADIUS packet from host x.x.x.x: unknown packet code 0
Nothing to do.  Sleeping until we see a request.
WARNING: Malformed RADIUS packet from host x.x.x.x: too short (received 
4 < minimum 20)
Nothing to do.  Sleeping until we see a request.
WARNING: Malformed RADIUS packet from host x.x.x.x: too long (length 
12294 > maximum 4096)
Nothing to do.  Sleeping until we see a request.

I realize that the accounting port may not understand and handle 
authorization requests, but I do know that there are /some/ accounting 
requst packets in this raw file that FR should be handling.  Should I 
not be seeing debug lines that reference these accounting requests 
logging to ASCII detail files or SQL INSERT/UPDATE s?

I'm also using -s 0 and -s 512 in tcpdump in case that may be an issue. 
Still no dice.

Am I using tcpdump/netcat in the correct manner?  Should I capture /much 
more data/ for FreeRADIUS to work this way?  Is there something else I 
could do to capture raw UDP streams and replay them?

Thanks for all the help.  I'm new to RADIUS, be gentle. :)

Wes

More information about the Freeradius-Users mailing list