Dear all,
I am working on a EAP/TLS authentication with Freeradius and the Odessey client.
After a client hello message with a bunch of cipher suites, the odyssey client
receives a server hello message with one cipher suites. It responds with a
TLS Alert message that tells the server the cipher suite selection has been fatal!
At the end I attached the complete protocol as well for further studies.
How does Freeradius choose the cipher suite?
Kind regards,
Markus
------------------------------------------------------------------------------------
In Frame 3 you see the tls client hello message
[...] t:EAP Message(79) l:100
Extensible Authentication Protocol
Code: Response (2)
Id: 1
Length: 98
Type: EAP-TLS [RFC2716] [Aboba] (13)
Flags(0x80): Length
Length: 88
Secure Socket Layer
TLS Record Layer: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 83
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 79
Version: TLS 1.0 (0x0301)
Random.gmt_unix_time: Dec 10, 2003 07:34:00.000000000
Random.bytes
Session ID Length: 0
Cipher Suites Length: 40
Cipher Suites (20 suites)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
(0x0016)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
(0x0013)
Cipher Suite: TLS_DHE_DSS_WITH_RC4_128_SHA (0x0066)
Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015)
Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
Cipher Suite: TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
(0x0063)
Cipher Suite: TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA
(0x0065)
Cipher Suite: Unknown (0x0060)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
(0x0062)
Cipher Suite: Unknown (0x0061)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
(0x0064)
Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
(0x0014)
Cipher Suite: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
(0x0011)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
(0x0006)
Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
(0x0008)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
t:State(24) l:18, Value:EC4C30D787C1E6E5707DCD67163D55AD
t:Message Authenticator(80) l:18, Value:02BD363DEBC6CBD6D79384C72CA6A89D
In Frame 4 you see the server hello
[...] Extensible Authentication Protocol
Code: Request (1)
Id: 2
Length: 1034
Type: EAP-TLS [RFC2716] [Aboba] (13)
Flags(0xC0): Length More
Length: 1497
EAP-TLS Fragments
Frame:4 payload:0-1023
Frame:6 payload:1024-1496
Secure Socket Layer
TLS Record Layer: Server Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 74
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 70
Version: TLS 1.0 (0x0301)
Random.gmt_unix_time: Dec 10, 2003 07:30:44.000000000
Random.bytes
Session ID Length: 32
Session ID (32 bytes)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
<============ Cipher suite
Compression Method: null (0)
TLS Record Layer: Certificate
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 1307
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 1303
Certificates Length: 1300
Certificates (1300 bytes)
Certificate Length: 573
Certificate (573 bytes)
Certificate Length: 721
Certificate (721 bytes)
TLS Record Layer: Multiple Handshake Messages
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 101
Handshake Protocol: Certificate Request
Handshake Type: Certificate Request (13)
Length: 93
Certificate types count: 2
Certificate types (2 types)
Certificate type: RSA Sign (1)
Certificate type: DSS Sign (2)
Distinguished Names Length: 88
Distinguished Names (88 bytes)
Distinguished Name Length: 86
Distinguished Name (86 bytes)
Handshake Protocol: Server Hello Done
Handshake Type: Server Hello Done (14)
Length: 0
t:Message Authenticator(80) l:18, Value:EEE427708D3FF4AB6AD7921AA3E0FC92
t:State(24) l:18, Value:378E7C2A2E06280A7986381040618B5D
In Frame 9 you see the TLS Alert message as fatal error
[...] Extensible Authentication Protocol
Code: Response (2)
Id: 4
Length: 74
Type: EAP-TLS [RFC2716] [Aboba] (13)
Flags(0x0):
EAP-TLS Fragments
Frame:7 payload:0-1389
Frame:9 payload:1390-1457
Secure Socket Layer
TLS Record Layer: Certificate
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 1307
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 1303
Certificates Length: 1300
Certificates (1300 bytes)
Certificate Length: 573
Certificate (573 bytes)
Certificate Length: 721
Certificate (721 bytes)
TLS Record Layer: Client Key Exchange
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 134
Handshake Protocol: Client Key Exchange
Handshake Type: Client Key Exchange (16)
Length: 130
TLS Record Layer: Alert (Level: Fatal, Description: Handshake
Failure)
Content Type: Alert (21)
Version: TLS 1.0 (0x0301)
Length: 2
Alert Message
Level: Fatal (2)
Description: Handshake Failure (40) <====================
Fatal error
t:State(24) l:18, Value:7717B50DC9F3D796E9FC814587C2B057
t:Message Authenticator(80) l:18, Value:99F362B8E864AEF78B30FDBF764AA3B3
------------------------------------------------------------------------------------
COMPLETE PROTOCOL
------------------------------------------------------------------------------------
Frame 1 (200 bytes on wire, 200 bytes captured)
Arrival Time: Dec 10, 2003 07:30:44.455371000
Time delta from previous packet: 0.000000000 seconds
Time relative to first packet: 0.000000000 seconds
Frame Number: 1
Packet Length: 200 bytes
Capture Length: 200 bytes
Ethernet II, Src: 00:00:00:00:00:00, Dst: 00:00:00:00:00:00
Destination: 00:00:00:00:00:00 (00:00:00_00:00:00)
Source: 00:00:00:00:00:00 (00:00:00_00:00:00)
Type: IP (0x0800)
Internet Protocol, Src Addr: 127.0.0.1 (127.0.0.1), Dst Addr: 127.0.0.1 (127.0.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 186
Identification: 0x0047
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x3bea (correct)
Source: 127.0.0.1 (127.0.0.1)
Destination: 127.0.0.1 (127.0.0.1)
User Datagram Protocol, Src Port: 1028 (1028), Dst Port: radius (1812)
Source port: 1028 (1028)
Destination port: radius (1812)
Length: 166
Checksum: 0x9d9a (correct)
Radius Protocol
Code: Access Request (1)
Packet identifier: 0x0 (0)
Length: 158
Authenticator
Attribute value pairs
t:User Name(1) l:10, Value:"obermeim"
t:NAS IP Address(4) l:6, Value:127.0.0.1
t:NAS Port(5) l:6, Value:1
t:Called Station Id(30) l:28, Value:"00-09-5B-3E-AD-8C:Germania"
t:Calling Station Id(31) l:19, Value:"00-30-AB-12-78-42"
t:Framed MTU(12) l:6, Value:1400
t:NAS Port Type(61) l:6, Value:Wireless IEEE 802.11(19)
t:Connect Info(77) l:24, Value:"CONNECT 11Mbps 802.11b"
t:EAP Message(79) l:15
Extensible Authentication Protocol
Code: Response (2)
Id: 0
Length: 13
Type: Identity [RFC2284] (1)
Identity (8 bytes): obermeim
t:Message Authenticator(80) l:18, Value:FABE7FD695CBFDCC2FA072EC9C032EE0
Frame 2 (106 bytes on wire, 106 bytes captured)
Arrival Time: Dec 10, 2003 07:30:44.569854000
Time delta from previous packet: 0.114483000 seconds
Time relative to first packet: 0.114483000 seconds
Frame Number: 2
Packet Length: 106 bytes
Capture Length: 106 bytes
Ethernet II, Src: 00:00:00:00:00:00, Dst: 00:00:00:00:00:00
Destination: 00:00:00:00:00:00 (00:00:00_00:00:00)
Source: 00:00:00:00:00:00 (00:00:00_00:00:00)
Type: IP (0x0800)
Internet Protocol, Src Addr: 127.0.0.1 (127.0.0.1), Dst Addr: 127.0.0.1 (127.0.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 92
Identification: 0x0048
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x3c47 (correct)
Source: 127.0.0.1 (127.0.0.1)
Destination: 127.0.0.1 (127.0.0.1)
User Datagram Protocol, Src Port: radius (1812), Dst Port: 1028 (1028)
Source port: radius (1812)
Destination port: 1028 (1028)
Length: 72
Checksum: 0x22d3 (correct)
Radius Protocol
Code: Access challenge (11)
Packet identifier: 0x0 (0)
Length: 64
Authenticator
Attribute value pairs
t:EAP Message(79) l:8
Extensible Authentication Protocol
Code: Request (1)
Id: 1
Length: 6
Type: EAP-TLS [RFC2716] [Aboba] (13)
Flags(0x20): Start
t:Message Authenticator(80) l:18, Value:C992DDE8026D2E3615D24D85680D820D
t:State(24) l:18, Value:EC4C30D787C1E6E5707DCD67163D55AD
Frame 3 (303 bytes on wire, 303 bytes captured)
Arrival Time: Dec 10, 2003 07:30:44.595602000
Time delta from previous packet: 0.025748000 seconds
Time relative to first packet: 0.140231000 seconds
Frame Number: 3
Packet Length: 303 bytes
Capture Length: 303 bytes
Ethernet II, Src: 00:00:00:00:00:00, Dst: 00:00:00:00:00:00
Destination: 00:00:00:00:00:00 (00:00:00_00:00:00)
Source: 00:00:00:00:00:00 (00:00:00_00:00:00)
Type: IP (0x0800)
Internet Protocol, Src Addr: 127.0.0.1 (127.0.0.1), Dst Addr: 127.0.0.1 (127.0.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 289
Identification: 0x0049
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x3b81 (correct)
Source: 127.0.0.1 (127.0.0.1)
Destination: 127.0.0.1 (127.0.0.1)
User Datagram Protocol, Src Port: 1028 (1028), Dst Port: radius (1812)
Source port: 1028 (1028)
Destination port: radius (1812)
Length: 269
Checksum: 0xad84 (correct)
Radius Protocol
Code: Access Request (1)
Packet identifier: 0x1 (1)
Length: 261
Authenticator
Attribute value pairs
t:User Name(1) l:10, Value:"obermeim"
t:NAS IP Address(4) l:6, Value:127.0.0.1
t:NAS Port(5) l:6, Value:1
t:Called Station Id(30) l:28, Value:"00-09-5B-3E-AD-8C:Germania"
t:Calling Station Id(31) l:19, Value:"00-30-AB-12-78-42"
t:Framed MTU(12) l:6, Value:1400
t:NAS Port Type(61) l:6, Value:Wireless IEEE 802.11(19)
t:Connect Info(77) l:24, Value:"CONNECT 11Mbps 802.11b"
t:EAP Message(79) l:100
Extensible Authentication Protocol
Code: Response (2)
Id: 1
Length: 98
Type: EAP-TLS [RFC2716] [Aboba] (13)
Flags(0x80): Length
Length: 88
Secure Socket Layer
TLS Record Layer: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 83
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 79
Version: TLS 1.0 (0x0301)
Random.gmt_unix_time: Dec 10, 2003 07:34:00.000000000
Random.bytes
Session ID Length: 0
Cipher Suites Length: 40
Cipher Suites (20 suites)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
(0x0016)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
(0x0013)
Cipher Suite: TLS_DHE_DSS_WITH_RC4_128_SHA (0x0066)
Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015)
Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
Cipher Suite: TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
(0x0063)
Cipher Suite: TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA
(0x0065)
Cipher Suite: Unknown (0x0060)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
(0x0062)
Cipher Suite: Unknown (0x0061)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
(0x0064)
Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
(0x0014)
Cipher Suite: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
(0x0011)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
(0x0006)
Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
(0x0008)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
t:State(24) l:18, Value:EC4C30D787C1E6E5707DCD67163D55AD
t:Message Authenticator(80) l:18, Value:02BD363DEBC6CBD6D79384C72CA6A89D
Frame 4 (1142 bytes on wire, 1142 bytes captured)
Arrival Time: Dec 10, 2003 07:30:44.681160000
Time delta from previous packet: 0.085558000 seconds
Time relative to first packet: 0.225789000 seconds
Frame Number: 4
Packet Length: 1142 bytes
Capture Length: 1142 bytes
Ethernet II, Src: 00:00:00:00:00:00, Dst: 00:00:00:00:00:00
Destination: 00:00:00:00:00:00 (00:00:00_00:00:00)
Source: 00:00:00:00:00:00 (00:00:00_00:00:00)
Type: IP (0x0800)
Internet Protocol, Src Addr: 127.0.0.1 (127.0.0.1), Dst Addr: 127.0.0.1 (127.0.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 1128
Identification: 0x004a
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x3839 (correct)
Source: 127.0.0.1 (127.0.0.1)
Destination: 127.0.0.1 (127.0.0.1)
User Datagram Protocol, Src Port: radius (1812), Dst Port: 1028 (1028)
Source port: radius (1812)
Destination port: 1028 (1028)
Length: 1108
Checksum: 0x10dd (correct)
Radius Protocol
Code: Access challenge (11)
Packet identifier: 0x1 (1)
Length: 1100
Authenticator
Attribute value pairs
t:EAP Message(79) l:255
EAP fragment
t:EAP Message(79) l:255
EAP fragment
t:EAP Message(79) l:255
EAP fragment
t:EAP Message(79) l:255
EAP fragment
t:EAP Message(79) l:24
EAP fragment
Extensible Authentication Protocol
Code: Request (1)
Id: 2
Length: 1034
Type: EAP-TLS [RFC2716] [Aboba] (13)
Flags(0xC0): Length More
Length: 1497
EAP-TLS Fragments
Frame:4 payload:0-1023
Frame:6 payload:1024-1496
Secure Socket Layer
TLS Record Layer: Server Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 74
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 70
Version: TLS 1.0 (0x0301)
Random.gmt_unix_time: Dec 10, 2003 07:30:44.000000000
Random.bytes
Session ID Length: 32
Session ID (32 bytes)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Compression Method: null (0)
TLS Record Layer: Certificate
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 1307
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 1303
Certificates Length: 1300
Certificates (1300 bytes)
Certificate Length: 573
Certificate (573 bytes)
Certificate Length: 721
Certificate (721 bytes)
TLS Record Layer: Multiple Handshake Messages
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 101
Handshake Protocol: Certificate Request
Handshake Type: Certificate Request (13)
Length: 93
Certificate types count: 2
Certificate types (2 types)
Certificate type: RSA Sign (1)
Certificate type: DSS Sign (2)
Distinguished Names Length: 88
Distinguished Names (88 bytes)
Distinguished Name Length: 86
Distinguished Name (86 bytes)
Handshake Protocol: Server Hello Done
Handshake Type: Server Hello Done (14)
Length: 0
t:Message Authenticator(80) l:18, Value:EEE427708D3FF4AB6AD7921AA3E0FC92
t:State(24) l:18, Value:378E7C2A2E06280A7986381040618B5D
Frame 5 (211 bytes on wire, 211 bytes captured)
Arrival Time: Dec 10, 2003 07:30:44.706789000
Time delta from previous packet: 0.025629000 seconds
Time relative to first packet: 0.251418000 seconds
Frame Number: 5
Packet Length: 211 bytes
Capture Length: 211 bytes
Ethernet II, Src: 00:00:00:00:00:00, Dst: 00:00:00:00:00:00
Destination: 00:00:00:00:00:00 (00:00:00_00:00:00)
Source: 00:00:00:00:00:00 (00:00:00_00:00:00)
Type: IP (0x0800)
Internet Protocol, Src Addr: 127.0.0.1 (127.0.0.1), Dst Addr: 127.0.0.1 (127.0.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 197
Identification: 0x004b
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x3bdb (correct)
Source: 127.0.0.1 (127.0.0.1)
Destination: 127.0.0.1 (127.0.0.1)
User Datagram Protocol, Src Port: 1028 (1028), Dst Port: radius (1812)
Source port: 1028 (1028)
Destination port: radius (1812)
Length: 177
Checksum: 0x5bac (correct)
Radius Protocol
Code: Access Request (1)
Packet identifier: 0x2 (2)
Length: 169
Authenticator
Attribute value pairs
t:User Name(1) l:10, Value:"obermeim"
t:NAS IP Address(4) l:6, Value:127.0.0.1
t:NAS Port(5) l:6, Value:1
t:Called Station Id(30) l:28, Value:"00-09-5B-3E-AD-8C:Germania"
t:Calling Station Id(31) l:19, Value:"00-30-AB-12-78-42"
t:Framed MTU(12) l:6, Value:1400
t:NAS Port Type(61) l:6, Value:Wireless IEEE 802.11(19)
t:Connect Info(77) l:24, Value:"CONNECT 11Mbps 802.11b"
t:EAP Message(79) l:8
Extensible Authentication Protocol
Code: Response (2)
Id: 2
Length: 6
Type: EAP-TLS [RFC2716] [Aboba] (13)
Flags(0x0):
t:State(24) l:18, Value:378E7C2A2E06280A7986381040618B5D
t:Message Authenticator(80) l:18, Value:3A4AAB76000111F70BADFFDD4F304A08
Frame 6 (581 bytes on wire, 581 bytes captured)
Arrival Time: Dec 10, 2003 07:30:44.710602000
Time delta from previous packet: 0.003813000 seconds
Time relative to first packet: 0.255231000 seconds
Frame Number: 6
Packet Length: 581 bytes
Capture Length: 581 bytes
Ethernet II, Src: 00:00:00:00:00:00, Dst: 00:00:00:00:00:00
Destination: 00:00:00:00:00:00 (00:00:00_00:00:00)
Source: 00:00:00:00:00:00 (00:00:00_00:00:00)
Type: IP (0x0800)
Internet Protocol, Src Addr: 127.0.0.1 (127.0.0.1), Dst Addr: 127.0.0.1 (127.0.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 567
Identification: 0x004c
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x3a68 (correct)
Source: 127.0.0.1 (127.0.0.1)
Destination: 127.0.0.1 (127.0.0.1)
User Datagram Protocol, Src Port: radius (1812), Dst Port: 1028 (1028)
Source port: radius (1812)
Destination port: 1028 (1028)
Length: 547
Checksum: 0x1843 (correct)
Radius Protocol
Code: Access challenge (11)
Packet identifier: 0x2 (2)
Length: 539
Authenticator
Attribute value pairs
t:EAP Message(79) l:255
EAP fragment
t:EAP Message(79) l:228
EAP fragment
Extensible Authentication Protocol
Code: Request (1)
Id: 3
Length: 479
Type: EAP-TLS [RFC2716] [Aboba] (13)
Flags(0x0):
EAP-TLS Fragments
Frame:4 payload:0-1023
Frame:6 payload:1024-1496
Secure Socket Layer
TLS Record Layer: Server Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 74
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 70
Version: TLS 1.0 (0x0301)
Random.gmt_unix_time: Dec 10, 2003 07:30:44.000000000
Random.bytes
Session ID Length: 32
Session ID (32 bytes)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Compression Method: null (0)
TLS Record Layer: Certificate
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 1307
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 1303
Certificates Length: 1300
Certificates (1300 bytes)
Certificate Length: 573
Certificate (573 bytes)
Certificate Length: 721
Certificate (721 bytes)
TLS Record Layer: Multiple Handshake Messages
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 101
Handshake Protocol: Certificate Request
Handshake Type: Certificate Request (13)
Length: 93
Certificate types count: 2
Certificate types (2 types)
Certificate type: RSA Sign (1)
Certificate type: DSS Sign (2)
Distinguished Names Length: 88
Distinguished Names (88 bytes)
Distinguished Name Length: 86
Distinguished Name (86 bytes)
Handshake Protocol: Server Hello Done
Handshake Type: Server Hello Done (14)
Length: 0
t:Message Authenticator(80) l:18, Value:635333F6C059893DF8915D99975BEE7F
t:State(24) l:18, Value:90876CA593B38C034637D2D96C2E91F8
Frame 7 (1615 bytes on wire, 1615 bytes captured)
Arrival Time: Dec 10, 2003 07:30:45.913213000
Time delta from previous packet: 1.202611000 seconds
Time relative to first packet: 1.457842000 seconds
Frame Number: 7
Packet Length: 1615 bytes
Capture Length: 1615 bytes
Ethernet II, Src: 00:00:00:00:00:00, Dst: 00:00:00:00:00:00
Destination: 00:00:00:00:00:00 (00:00:00_00:00:00)
Source: 00:00:00:00:00:00 (00:00:00_00:00:00)
Type: IP (0x0800)
Internet Protocol, Src Addr: 127.0.0.1 (127.0.0.1), Dst Addr: 127.0.0.1 (127.0.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 1601
Identification: 0x004d
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x365d (correct)
Source: 127.0.0.1 (127.0.0.1)
Destination: 127.0.0.1 (127.0.0.1)
User Datagram Protocol, Src Port: 1028 (1028), Dst Port: radius (1812)
Source port: 1028 (1028)
Destination port: radius (1812)
Length: 1581
Checksum: 0x8f66 (correct)
Radius Protocol
Code: Access Request (1)
Packet identifier: 0x3 (3)
Length: 1573
Authenticator
Attribute value pairs
t:User Name(1) l:10, Value:"obermeim"
t:NAS IP Address(4) l:6, Value:127.0.0.1
t:NAS Port(5) l:6, Value:1
t:Called Station Id(30) l:28, Value:"00-09-5B-3E-AD-8C:Germania"
t:Calling Station Id(31) l:19, Value:"00-30-AB-12-78-42"
t:Framed MTU(12) l:6, Value:1400
t:NAS Port Type(61) l:6, Value:Wireless IEEE 802.11(19)
t:Connect Info(77) l:24, Value:"CONNECT 11Mbps 802.11b"
t:EAP Message(79) l:255
EAP fragment
t:EAP Message(79) l:255
EAP fragment
t:EAP Message(79) l:255
EAP fragment
t:EAP Message(79) l:255
EAP fragment
t:EAP Message(79) l:255
EAP fragment
t:EAP Message(79) l:137
EAP fragment
Extensible Authentication Protocol
Code: Response (2)
Id: 3
Length: 1400
Type: EAP-TLS [RFC2716] [Aboba] (13)
Flags(0xC0): Length More
Length: 1458
EAP-TLS Fragments
Frame:7 payload:0-1389
Frame:9 payload:1390-1457
Secure Socket Layer
TLS Record Layer: Certificate
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 1307
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 1303
Certificates Length: 1300
Certificates (1300 bytes)
Certificate Length: 573
Certificate (573 bytes)
Certificate Length: 721
Certificate (721 bytes)
TLS Record Layer: Client Key Exchange
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 134
Handshake Protocol: Client Key Exchange
Handshake Type: Client Key Exchange (16)
Length: 130
TLS Record Layer: Alert (Level: Fatal, Description: Handshake
Failure)
Content Type: Alert (21)
Version: TLS 1.0 (0x0301)
Length: 2
Alert Message
Level: Fatal (2)
Description: Handshake Failure (40)
t:State(24) l:18, Value:90876CA593B38C034637D2D96C2E91F8
t:Message Authenticator(80) l:18, Value:0AAD5865A0B160EB6361290E32C9CF3A
Frame 8 (106 bytes on wire, 106 bytes captured)
Arrival Time: Dec 10, 2003 07:30:45.945853000
Time delta from previous packet: 0.032640000 seconds
Time relative to first packet: 1.490482000 seconds
Frame Number: 8
Packet Length: 106 bytes
Capture Length: 106 bytes
Ethernet II, Src: 00:00:00:00:00:00, Dst: 00:00:00:00:00:00
Destination: 00:00:00:00:00:00 (00:00:00_00:00:00)
Source: 00:00:00:00:00:00 (00:00:00_00:00:00)
Type: IP (0x0800)
Internet Protocol, Src Addr: 127.0.0.1 (127.0.0.1), Dst Addr: 127.0.0.1 (127.0.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 92
Identification: 0x004e
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x3c41 (correct)
Source: 127.0.0.1 (127.0.0.1)
Destination: 127.0.0.1 (127.0.0.1)
User Datagram Protocol, Src Port: radius (1812), Dst Port: 1028 (1028)
Source port: radius (1812)
Destination port: 1028 (1028)
Length: 72
Checksum: 0x819f (correct)
Radius Protocol
Code: Access challenge (11)
Packet identifier: 0x3 (3)
Length: 64
Authenticator
Attribute value pairs
t:EAP Message(79) l:8
Extensible Authentication Protocol
Code: Request (1)
Id: 4
Length: 6
Type: EAP-TLS [RFC2716] [Aboba] (13)
Flags(0x0):
t:Message Authenticator(80) l:18, Value:B0BBCFFA2BAFC58BCB979FA3BB8572E1
t:State(24) l:18, Value:7717B50DC9F3D796E9FC814587C2B057
Frame 9 (279 bytes on wire, 279 bytes captured)
Arrival Time: Dec 10, 2003 07:30:45.954269000
Time delta from previous packet: 0.008416000 seconds
Time relative to first packet: 1.498898000 seconds
Frame Number: 9
Packet Length: 279 bytes
Capture Length: 279 bytes
Ethernet II, Src: 00:00:00:00:00:00, Dst: 00:00:00:00:00:00
Destination: 00:00:00:00:00:00 (00:00:00_00:00:00)
Source: 00:00:00:00:00:00 (00:00:00_00:00:00)
Type: IP (0x0800)
Internet Protocol, Src Addr: 127.0.0.1 (127.0.0.1), Dst Addr: 127.0.0.1 (127.0.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 265
Identification: 0x004f
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x3b93 (correct)
Source: 127.0.0.1 (127.0.0.1)
Destination: 127.0.0.1 (127.0.0.1)
User Datagram Protocol, Src Port: 1028 (1028), Dst Port: radius (1812)
Source port: 1028 (1028)
Destination port: radius (1812)
Length: 245
Checksum: 0xf191 (correct)
Radius Protocol
Code: Access Request (1)
Packet identifier: 0x4 (4)
Length: 237
Authenticator
Attribute value pairs
t:User Name(1) l:10, Value:"obermeim"
t:NAS IP Address(4) l:6, Value:127.0.0.1
t:NAS Port(5) l:6, Value:1
t:Called Station Id(30) l:28, Value:"00-09-5B-3E-AD-8C:Germania"
t:Calling Station Id(31) l:19, Value:"00-30-AB-12-78-42"
t:Framed MTU(12) l:6, Value:1400
t:NAS Port Type(61) l:6, Value:Wireless IEEE 802.11(19)
t:Connect Info(77) l:24, Value:"CONNECT 11Mbps 802.11b"
t:EAP Message(79) l:76
Extensible Authentication Protocol
Code: Response (2)
Id: 4
Length: 74
Type: EAP-TLS [RFC2716] [Aboba] (13)
Flags(0x0):
EAP-TLS Fragments
Frame:7 payload:0-1389
Frame:9 payload:1390-1457
Secure Socket Layer
TLS Record Layer: Certificate
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 1307
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 1303
Certificates Length: 1300
Certificates (1300 bytes)
Certificate Length: 573
Certificate (573 bytes)
Certificate Length: 721
Certificate (721 bytes)
TLS Record Layer: Client Key Exchange
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 134
Handshake Protocol: Client Key Exchange
Handshake Type: Client Key Exchange (16)
Length: 130
TLS Record Layer: Alert (Level: Fatal, Description: Handshake
Failure)
Content Type: Alert (21)
Version: TLS 1.0 (0x0301)
Length: 2
Alert Message
Level: Fatal (2)
Description: Handshake Failure (40)
t:State(24) l:18, Value:7717B50DC9F3D796E9FC814587C2B057
t:Message Authenticator(80) l:18, Value:99F362B8E864AEF78B30FDBF764AA3B3
Frame 10 (86 bytes on wire, 86 bytes captured)
Arrival Time: Dec 10, 2003 07:30:46.063764000
Time delta from previous packet: 0.109495000 seconds
Time relative to first packet: 1.608393000 seconds
Frame Number: 10
Packet Length: 86 bytes
Capture Length: 86 bytes
Ethernet II, Src: 00:00:00:00:00:00, Dst: 00:00:00:00:00:00
Destination: 00:00:00:00:00:00 (00:00:00_00:00:00)
Source: 00:00:00:00:00:00 (00:00:00_00:00:00)
Type: IP (0x0800)
Internet Protocol, Src Addr: 127.0.0.1 (127.0.0.1), Dst Addr: 127.0.0.1 (127.0.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 72
Identification: 0x0050
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x3c53 (correct)
Source: 127.0.0.1 (127.0.0.1)
Destination: 127.0.0.1 (127.0.0.1)
User Datagram Protocol, Src Port: radius (1812), Dst Port: 1028 (1028)
Source port: radius (1812)
Destination port: 1028 (1028)
Length: 52
Checksum: 0x7d30 (correct)
Radius Protocol
Code: Access Reject (3)
Packet identifier: 0x4 (4)
Length: 44
Authenticator
Attribute value pairs
t:EAP Message(79) l:6
Extensible Authentication Protocol
Code: Failure (4)
Id: 4
Length: 4
t:Message Authenticator(80) l:18, Value:824D2A1B4085F02EEBD22FE600ED80D9
Frame 11 (228 bytes on wire, 228 bytes captured)
Arrival Time: Dec 10, 2003 07:31:13.365139000
Time delta from previous packet: 27.301375000 seconds
Time relative to first packet: 28.909768000 seconds
Frame Number: 11
Packet Length: 228 bytes
Capture Length: 228 bytes
Ethernet II, Src: 00:00:00:00:00:00, Dst: 00:00:00:00:00:00
Destination: 00:00:00:00:00:00 (00:00:00_00:00:00)
Source: 00:00:00:00:00:00 (00:00:00_00:00:00)
Type: IP (0x0800)
Internet Protocol, Src Addr: 127.0.0.1 (127.0.0.1), Dst Addr: 127.0.0.1 (127.0.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 214
Identification: 0x0051
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x3bc4 (correct)
Source: 127.0.0.1 (127.0.0.1)
Destination: 127.0.0.1 (127.0.0.1)
User Datagram Protocol, Src Port: 1029 (1029), Dst Port: radius-acct (1813)
Source port: 1029 (1029)
Destination port: radius-acct (1813)
Length: 194
Checksum: 0xe9fc (correct)
Radius Protocol
Code: Accounting Request (4)
Packet identifier: 0x5 (5)
Length: 186
Authenticator
Attribute value pairs
t:Acct Session Id(44) l:19, Value:"3FD6BD68-00000000"
t:Acct Status Type(40) l:6, Value:Stop(2)
t:Acct Authentic(45) l:6, Value:Radius(1)
t:User Name(1) l:10, Value:"obermeim"
t:NAS IP Address(4) l:6, Value:127.0.0.1
t:NAS Port(5) l:6, Value:1
t:Called Station Id(30) l:28, Value:"00-09-5B-3E-AD-8C:Germania"
t:Calling Station Id(31) l:19, Value:"00-30-AB-12-78-42"
t:NAS Port Type(61) l:6, Value:Wireless IEEE 802.11(19)
t:Connect Info(77) l:24, Value:"CONNECT 11Mbps 802.11b"
t:Acct Session Time(46) l:6, Value:1071037873
t:Acct Input Packets(47) l:6, Value:6
t:Acct Output Packets(48) l:6, Value:6
t:Acct Input Octets(42) l:6, Value:1808
t:Acct Output Octets(43) l:6, Value:1827
t:Acct Terminate Cause(49) l:6, Value:Admin Reboot(7)
Frame 12 (62 bytes on wire, 62 bytes captured)
Arrival Time: Dec 10, 2003 07:31:13.798325000
Time delta from previous packet: 0.433186000 seconds
Time relative to first packet: 29.342954000 seconds
Frame Number: 12
Packet Length: 62 bytes
Capture Length: 62 bytes
Ethernet II, Src: 00:00:00:00:00:00, Dst: 00:00:00:00:00:00
Destination: 00:00:00:00:00:00 (00:00:00_00:00:00)
Source: 00:00:00:00:00:00 (00:00:00_00:00:00)
Type: IP (0x0800)
Internet Protocol, Src Addr: 127.0.0.1 (127.0.0.1), Dst Addr: 127.0.0.1 (127.0.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 48
Identification: 0x0052
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x3c69 (correct)
Source: 127.0.0.1 (127.0.0.1)
Destination: 127.0.0.1 (127.0.0.1)
User Datagram Protocol, Src Port: radius-acct (1813), Dst Port: 1029 (1029)
Source port: radius-acct (1813)
Destination port: 1029 (1029)
Length: 28
Checksum: 0x7aee (correct)
Radius Protocol
Code: Accounting Response (5)
Packet identifier: 0x5 (5)
Length: 20
Authenticator
Frame 13 (90 bytes on wire, 90 bytes captured)
Arrival Time: Dec 10, 2003 07:31:13.798364000
Time delta from previous packet: 0.000039000 seconds
Time relative to first packet: 29.342993000 seconds
Frame Number: 13
Packet Length: 90 bytes
Capture Length: 90 bytes
Ethernet II, Src: 00:00:00:00:00:00, Dst: 00:00:00:00:00:00
Destination: 00:00:00:00:00:00 (00:00:00_00:00:00)
Source: 00:00:00:00:00:00 (00:00:00_00:00:00)
Type: IP (0x0800)
Internet Protocol, Src Addr: 127.0.0.1 (127.0.0.1), Dst Addr: 127.0.0.1 (127.0.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00)
1100 00.. = Differentiated Services Codepoint: Class Selector 6 (0x30)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 76
Identification: 0x0053
Flags: 0x00
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: ICMP (0x01)
Header checksum: 0x7b9c (correct)
Source: 127.0.0.1 (127.0.0.1)
Destination: 127.0.0.1 (127.0.0.1)
Internet Control Message Protocol
Type: 3 (Destination unreachable)
Code: 3 (Port unreachable)
Checksum: 0xfb2c (correct)
Internet Protocol, Src Addr: 127.0.0.1 (127.0.0.1), Dst Addr: 127.0.0.1 (127.0.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 48
Identification: 0x0052
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x3c69 (correct)
Source: 127.0.0.1 (127.0.0.1)
Destination: 127.0.0.1 (127.0.0.1)
User Datagram Protocol, Src Port: radius-acct (1813), Dst Port: 1029 (1029)
Source port: radius-acct (1813)
Destination port: 1029 (1029)
Length: 28
Checksum: 0x7aee (correct)
Radius Protocol
Code: Accounting Response (5)
Packet identifier: 0x5 (5)
Length: 20
Authenticator
Markus Obermeier
System Architect HW
Connectivity
Siemens AG
ICM MP P S 2
Tel. +49-89-722-32549
Mob. +49-160-7481061
Fax. +49-89-722-913490
EMail: [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
