freeradius accept-accept with no AVP attributes

J KIE junkie at krisindigitalage.com
Fri Jul 12 23:59:44 CEST 2013 

hi,

the radius servers on my network are receiving spikes of ACCESS-ACCEPT
traffic, I have been analysing traffic using tshark and noticed that some
of the ACCESS-ACCEPT sent from the server back to the client does not have
the AVP attributes set

below is an example

Frame 167 (62 bytes on wire, 62 bytes captured)
    Arrival Time: Jul 12, 2013 21:52:57.089629000
    [Time delta from previous captured frame: 0.008112000 seconds]
    [Time delta from previous displayed frame: 0.571386000 seconds]
    [Time since reference or first frame: 3.798843000 seconds]
    Frame Number: 167
    Frame Length: 62 bytes
    Capture Length: 62 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:ip:udp:radius]
Ethernet II, Src: Vmware_b7:5f:ec (00:50:56:b7:5f:ec), Dst: Vmware_b7:60:10
(00:50:56:b7:60:10)
    Destination: Vmware_b7:60:10 (00:50:56:b7:60:10)
        Address: Vmware_b7:60:10 (00:50:56:b7:60:10)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
    Source: Vmware_b7:5f:ec (00:50:56:b7:5f:ec)
        Address: Vmware_b7:5f:ec (00:50:56:b7:5f:ec)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 10.66.xx.13 (10.66.xx.13), Dst: 10.66.xx.19
(10.66.xx.19)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 48
    Identification: 0x98fe (39166)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: UDP (0x11)
    Header checksum: 0x631b [correct]
        [Good: True]
        [Bad : False]
    Source: 10.xx.xx.xx (10.66.xx.13)
    Destination: 10.xx.xx.19 (10.66.xx.19)
User Datagram Protocol, Src Port: radius (1812), Dst Port: 38346 (38346)
    Source port: radius (1812)
    Destination port: 38346 (38346)
    Length: 28
    Checksum: 0x83e8 [correct]
        [Good Checksum: True]
        [Bad Checksum: False]
Radius Protocol
    Code: Access-Accept (2)
    Packet identifier: 0xa (10)
    Length: 20
    Authenticator: B08F0EA3338728A7D2F7BC9F2D18861C
    [This is a response to a request in frame 166]
    [Time from request: 0.008112000 seconds]


traffic was very low when i did this trace so i dont think it is a radius
retransmit? the below is another ACCESS-ACCEPT packet but has the radius
AVP attributes set, any idea why there is a difference between the first
and the second below?

Frame 1056 (121 bytes on wire, 121 bytes captured)
    Arrival Time: Jul 12, 2013 21:56:28.665290000
    [Time delta from previous captured frame: 0.000353000 seconds]
    [Time delta from previous displayed frame: 0.000353000 seconds]
    [Time since reference or first frame: 20.611588000 seconds]
    Frame Number: 1056
    Frame Length: 121 bytes
    Capture Length: 121 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:ip:udp:radius]
Ethernet II, Src: Vmware_b7:5f:ec (00:50:56:b7:5f:ec), Dst: Vmware_b7:2d:6f
(00:50:56:b7:2d:6f)
    Destination: Vmware_b7:2d:6f (00:50:56:b7:2d:6f)
        Address: Vmware_b7:2d:6f (00:50:56:b7:2d:6f)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
    Source: Vmware_b7:5f:ec (00:50:56:b7:5f:ec)
        Address: Vmware_b7:5f:ec (00:50:56:b7:5f:ec)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 10.66.xx.13 (10.66.53.13), Dst: 10.66.xx.36
(10.66.xx.36)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 107
    Identification: 0xeebe (61118)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: UDP (0x11)
    Header checksum: 0x0d0f [correct]
        [Good: True]
        [Bad : False]
    Source: 10.66.xx.13 (10.66.xx.13)
    Destination: 10.66.xx.36 (10.66.xx.36)
User Datagram Protocol, Src Port: radius (1812), Dst Port: 50336 (50336)
    Source port: radius (1812)
    Destination port: 50336 (50336)
    Length: 87
    Checksum: 0x47a5 [correct]
        [Good Checksum: True]
        [Bad Checksum: False]
Radius Protocol
    Code: Access-Accept (2)
    Packet identifier: 0x1c (28)
    Length: 79
    Authenticator: D38F5770F534410FA9BB0BE0753FB2E8
    [This is a response to a request in frame 1053]
    [Time from request: 0.011186000 seconds]
    Attribute Value Pairs
        AVP: l=6  t=Acct-Interim-Interval(85): 1800
            Acct-Interim-Interval: 1800
        AVP: l=6  t=Idle-Timeout(28): 1800
            Idle-Timeout: 1800
        AVP: l=6  t=Session-Timeout(27): 1800
            Session-Timeout: 1800
        AVP: l=41  t=Vendor-Specific(26) v=WISPr(14122)
            VSA: l=35 t=WISPr-Redirection-URL(4): https://mydomain.com:443/
                WISPr-Redirection-URL: https://mydomain.com:443/




krisdigitx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130712/3f221ff4/attachment-0001.html>

More information about the Freeradius-Users mailing list