Proxy Radius Server Analyzer Code
Status: Alpha
Brought to you by:
r_west
Menu
▾
▴
Tree [r2] / History
Read Me
radanalyze
==========
Radanalyze is a tool for diagnosing faults on radius proxy servers. It listens
to packets on the default network interface, analyzes them and then logs them
in the form of conversations.
One of the major problems when analyzing packets on heavily loaded radius
servers is that it is very difficult to see exactly what is happening
within a complete conversation. From inital request, to proxy to proxy server,
the request that comes back from that server, and the final response back
to the access server.
Radanalyze does this work for you, assembing all of the packets from an
individual conversation, and logging them into a sigle log entry.
INSTALL
=======
Installation uses the standard GNU build system. So (for those that don't
know).....
1) ./configure
2) make
3) make install
RUNNING
=======
USAGE: radanalyze [-q] [-w logfile] [-t capture_filter] [-o our_ip]
[-i interface]
Radanalyze should be run on the machine that is running the radius server.
So that it is able to understand and see all of the ongoing communication.
Normally by default radanalyze shows a summary of the on going traffic.
It shows packet counts of requests from and responses to the access servers
on the left of the screen. On the right of the screen it shows the requests
the server is making of proxy servers and the responses from them. To turn
off this display use the [-q] option.
Also by default, radanalyze doesn't generate it's log files. Logging is
enabled with the [-w] option. When enabled radanalyze will generate
two files <logfile> and <logfile>.detail.
<logfile> contains a summary of the converstaions. This file is a tab delimted
logfile. The fields are as follows:
1) Timestamp (number of seconds.milliseconds since Jan 1st 1970)
2) Radanalyze's status.
3) Number of milliseconds for complete conversation.
4) Conversation ID
5) Access server that made the request (ip address and :port)
6) Proxy server that the request was forwarded to (ip address and :port)
7) Username of the user making the request.
Radanlyze status is radanlzyes conclusion on whether or not the conversation
was successful:
SELF:OK - Radius server responed its self successfully
SELF:RETRIES - Radius server responded successfully but with retries
SELF:NORESPONSE - Radius server never responded
PARTIAL - Radanalyze only captured part of a conversation.
PROXY:OK - Radius server proxied the request and then responded successfully
PROXY:RETRIES - Radius server proxied successfully but with retries
PROXY:NORESPONSE - Radius server proxied, but proxy never replied
PROXY:OTHER - Radius server proxied, but some other error occured
<logfile>.detail contains the complete detail of the conversation. The
conversation ID links the two files. Each conversation shows all the packets
within the conversation, in timestamp order.