This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 6 and 7
Revision 6 as of 2007-04-21 01:32:41
Size: 5286
Editor: c-68-40-200-71
Comment:
Revision 7 as of 2008-04-12 17:50:30
Size: 5301
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 6: Line 6:
RADIUS is often used in larger ["Wi-Fi"] (wireless) networks for authentication purposes, replacing the simple shared key methods which are uncomfortable if a Wi-Fi network reaches a specific size. RADIUS is often used in larger [[Wi-Fi]] (wireless) networks for authentication purposes, replacing the simple shared key methods which are uncomfortable if a Wi-Fi network reaches a specific size.
Line 8: Line 8:
The ["DIAMETER"] protocol is the designated successor, but RADIUS is still commonly used today. The [[DIAMETER]] protocol is the designated successor, but RADIUS is still commonly used today.
Line 16: Line 16:
 * ["UDP"]: RADIUS uses ["UDP"] as its underlying protocol. The registered UDP port for RADIUS traffic is 1812; the early deployment of RADIUS used UDP port 1645, which conflicted with the "datametrics" service. When RADIUS is used for accounting rather than authentication and configuration, the registered UDP port is 1813; the early deployment used port 1646, which conflicted with the "sa-msg-port" service.  * [[UDP]]: RADIUS uses [[UDP]] as its underlying protocol. The registered UDP port for RADIUS traffic is 1812; the early deployment of RADIUS used UDP port 1645, which conflicted with the "datametrics" service. When RADIUS is used for accounting rather than authentication and configuration, the registered UDP port is 1813; the early deployment used port 1646, which conflicted with the "sa-msg-port" service.
Line 101: Line 101:
A complete list of RADIUS display filter fields can be found in the [http://www.wireshark.org/docs/dfref/r/radius.html display filter reference] A complete list of RADIUS display filter fields can be found in the [[http://www.wireshark.org/docs/dfref/r/radius.html|display filter reference]]
Line 108: Line 108:
You cannot directly filter RADIUS protocols while capturing. However, if the RADIUS traffic is using one or more of the standard ["UDP"] ports (see above), you can filter on that port or ports. You cannot directly filter RADIUS protocols while capturing. However, if the RADIUS traffic is using one or more of the standard [[UDP]] ports (see above), you can filter on that port or ports.
Line 119: Line 119:
 * [http://www.ietf.org/rfc/rfc2865.txt RFC2865] Remote Authentication Dial In User Service (RADIUS)
 * [http://www.ietf.org/rfc/rfc2866.txt RFC2866] RADIUS Accounting
 * [http://www.ietf.org/rfc/rfc2867.txt RFC2867] RADIUS Accounting Modifications for Tunnel Protocol Support
 * [http://www.ietf.org/rfc/rfc2868.txt RFC2868] RADIUS Attributes for Tunnel Protocol Support
 * [http://www.ietf.org/rfc/rfc2869.txt RFC2869] RADIUS Extensions
 * [http://www.iana.org/assignments/radius-types RADIUS attributes and packet type codes]
 * [http://www.interlinknetworks.com/app_notes/History_of_RADIUS.htm  History of RADIUS]
 * [[http://www.ietf.org/rfc/rfc2865.txt|RFC2865]] Remote Authentication Dial In User Service (RADIUS)
 * [[http://www.ietf.org/rfc/rfc2866.txt|RFC2866]] RADIUS Accounting
 * [[http://www.ietf.org/rfc/rfc2867.txt|RFC2867]] RADIUS Accounting Modifications for Tunnel Protocol Support
 * [[http://www.ietf.org/rfc/rfc2868.txt|RFC2868]] RADIUS Attributes for Tunnel Protocol Support
 * [[http://www.ietf.org/rfc/rfc2869.txt|RFC2869]] RADIUS Extensions
 * [[http://www.iana.org/assignments/radius-types|RADIUS attributes and packet type codes]]
 * [[http://www.interlinknetworks.com/app_notes/History_of_RADIUS.htm|History of RADIUS]]

RADIUS

RADIUS is a protocol for remote user authentication (and authorization?) and accounting. Its primary use is for Internet Service Providers, though it may as well be used on any network that needs a centralized authentication and/or accounting service for its workstations.

RADIUS is often used in larger Wi-Fi (wireless) networks for authentication purposes, replacing the simple shared key methods which are uncomfortable if a Wi-Fi network reaches a specific size.

The DIAMETER protocol is the designated successor, but RADIUS is still commonly used today.

History

XXX - add a brief description of RADIUS history

Protocol dependencies

  • UDP: RADIUS uses UDP as its underlying protocol. The registered UDP port for RADIUS traffic is 1812; the early deployment of RADIUS used UDP port 1645, which conflicted with the "datametrics" service. When RADIUS is used for accounting rather than authentication and configuration, the registered UDP port is 1813; the early deployment used port 1646, which conflicted with the "sa-msg-port" service.

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

RADIUS dissector is fully functional.

Preference Settings

Shared Secret

 radius.shared_secret  If not empty it will try to use the string given to decrypt encrypted AVPs (password)

Radius Dictionary

Since version 0.10.12 the Radius dissector will try to load protocol information (Vendors, Atrributes and Values) from the dictionary located in the radius directory of either the user's directory or the defaults directory.

#  The format of the dictionary (and the default dictionary)
#  is a subset of of FreeRADIUS'.
#
#  Valid data types for attributes are:
#
#       string  - 0-253 octets
#       ipaddr  - 4 octets in network byte order
#       integer - 32 bit value in big endian order (high byte first)
#             (wireshark uses this type for non-standard 1-2-3 and 8 byte integers as well)
#       date    - 32 bit value in big endian order - seconds since
#                                       00:00:00 GMT,  Jan.  1,  1970
#       ifid    - 8 octets in network byte order
#       ipv6addr   - 16 octets in network byte order
#       ipv6prefix - 18 octets in network byte order
#       octets  - raw octets, printed as hex strings

# include another dictionary file from this directory
$INCLUDE dictionary.juniper

VENDOR  Cosine  3085
VENDOR  Cisco   9

BEGIN-VENDOR  Cosine
ATTRIBUTE  Cosine-Connection-Profile-Name       1 string
ATTRIBUTE  Cosine-VPI-VCI                 5 octets
ATTRIBUTE  Cosine-DLCI                    6 integer
END-VENDOR  Cosine


# standard avps
ATTRIBUTE  User-Name            1 string


# encrypted avps 
ATTRIBUTE  Password             2 string encrypt=1

# avps with tag 
ATTRIBUTE  Tunnel-Type          64 integer has_tag
ATTRIBUTE  Tunnel-Password      69 string has_tag,encrypt=2

# single vendor avps 
ATTRIBUTE Cisco-Disconnect-Cause 195 integer Cisco

# Values are declared
VALUE  Tunnel-Type  PPTP     1
VALUE  Tunnel-Type  L2F      2
VALUE  Tunnel-Type  L2TP     3
VALUE  Tunnel-Type  ATMP     4
VALUE  Tunnel-Type  VTP      5
VALUE  Tunnel-Type  AH       6
VALUE  Tunnel-Type  IP       7
VALUE  Tunnel-Type  MIN-IP   8
VALUE  Tunnel-Type  ESP      9
VALUE  Tunnel-Type  GRE      10
VALUE  Tunnel-Type  DVS      11
VALUE  Tunnel-Type  IP-in-IP 12
VALUE  Tunnel-Type  VLAN     13

Example capture file

XXX - Add a simple example capture file. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of RADIUS display filter fields can be found in the display filter reference

  • Show only the RADIUS traffic:

     radius 

Capture Filter

You cannot directly filter RADIUS protocols while capturing. However, if the RADIUS traffic is using one or more of the standard UDP ports (see above), you can filter on that port or ports.

  • Capture RADIUS authentication and configuration traffic over the assigned port (1812):

     udp port 1812 

    Capture RADIUS accounting traffic over the assigned port (1813):

     udp port 1813 

    Capture RADIUS authentication and configuration traffic, and RADIUS accounting traffic, over the assigned ports):

     udp port 1812 or udp port 1813 

RADIUS servers

See RadiusServers for information about various RADIUS server distributions.

Discussion

Radius (last edited 2009-04-29 23:56:07 by KonradRoeder)