Proxy Radius Server Analyzer Code
Status: Alpha
Brought to you by:
r_west
radanalyze ========== Radanalyze is a tool for diagnosing faults on radius proxy servers. It listens to packets on the default network interface, analyzes them and then logs them in the form of conversations. One of the major problems when analyzing packets on heavily loaded radius servers is that it is very difficult to see exactly what is happening within a complete conversation. From inital request, to proxy to proxy server, the request that comes back from that server, and the final response back to the access server. Radanalyze does this work for you, assembing all of the packets from an individual conversation, and logging them into a sigle log entry. INSTALL ======= Installation uses the standard GNU build system. So (for those that don't know)..... 1) ./configure 2) make 3) make install RUNNING ======= USAGE: radanalyze [-q] [-w logfile] [-t capture_filter] [-o our_ip] [-i interface] Radanalyze should be run on the machine that is running the radius server. So that it is able to understand and see all of the ongoing communication. Normally by default radanalyze shows a summary of the on going traffic. It shows packet counts of requests from and responses to the access servers on the left of the screen. On the right of the screen it shows the requests the server is making of proxy servers and the responses from them. To turn off this display use the [-q] option. Also by default, radanalyze doesn't generate it's log files. Logging is enabled with the [-w] option. When enabled radanalyze will generate two files <logfile> and <logfile>.detail. <logfile> contains a summary of the converstaions. This file is a tab delimted logfile. The fields are as follows: 1) Timestamp (number of seconds.milliseconds since Jan 1st 1970) 2) Radanalyze's status. 3) Number of milliseconds for complete conversation. 4) Conversation ID 5) Access server that made the request (ip address and :port) 6) Proxy server that the request was forwarded to (ip address and :port) 7) Username of the user making the request. Radanlyze status is radanlzyes conclusion on whether or not the conversation was successful: SELF:OK - Radius server responed its self successfully SELF:RETRIES - Radius server responded successfully but with retries SELF:NORESPONSE - Radius server never responded PARTIAL - Radanalyze only captured part of a conversation. PROXY:OK - Radius server proxied the request and then responded successfully PROXY:RETRIES - Radius server proxied successfully but with retries PROXY:NORESPONSE - Radius server proxied, but proxy never replied PROXY:OTHER - Radius server proxied, but some other error occured <logfile>.detail contains the complete detail of the conversation. The conversation ID links the two files. Each conversation shows all the packets within the conversation, in timestamp order.