From: Herwin Weststrate Date: Wed, 22 Jul 2015 15:03:56 +0000 (+0200) Subject: Translate UDP/1700 as RADIUS X-Git-Tag: tcpdump-4.8.0~58^2 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/266720f258d96234610c25de7b6407e5cf5ef3b2 Translate UDP/1700 as RADIUS Used for Cisco CoA/Disconnect, as shown on https://supportforums.cisco.com/discussion/11719766/ise-112-change-authorization-avaya-switches-5520. The RFC says port 3799, but Cisco does this otherwise, which means this is not an officially reserved port for RADIUS. --- diff --git a/print-udp.c b/print-udp.c index 313a332c..37679eb1 100644 --- a/print-udp.c +++ b/print-udp.c @@ -613,6 +613,7 @@ udp_print(netdissect_options *ndo, register const u_char *bp, u_int length, IS_SRC_OR_DST_PORT(RADIUS_NEW_PORT) || IS_SRC_OR_DST_PORT(RADIUS_ACCOUNTING_PORT) || IS_SRC_OR_DST_PORT(RADIUS_NEW_ACCOUNTING_PORT) || + IS_SRC_OR_DST_PORT(RADIUS_CISCO_COA_PORT) || IS_SRC_OR_DST_PORT(RADIUS_COA_PORT) ) radius_print(ndo, (const u_char *)(up+1), length); else if (dport == HSRP_PORT) diff --git a/tests/RADIUS-port1700.pcap b/tests/RADIUS-port1700.pcap new file mode 100644 index 00000000..aa7b24e6 Binary files /dev/null and b/tests/RADIUS-port1700.pcap differ diff --git a/tests/TESTLIST b/tests/TESTLIST index 97cd83b8..33d5697c 100644 --- a/tests/TESTLIST +++ b/tests/TESTLIST @@ -249,6 +249,7 @@ decnet DECnet_Phone.pcap decnet.out -t radius-v RADIUS.pcap radius-v.out -t -v radius-rfc4675 RADIUS-RFC4675.pcap radius-rfc4675-v.out -t -v radius-rfc5176 RADIUS-RFC5176.pcap radius-rfc5176-v.out -t -v +radius-port1700 RADIUS-port1700.pcap radius-port1700-v.out -t -v # link-level protocols dtp-v DTP.pcap dtp-v.out -t -v diff --git a/tests/radius-port1700-v.out b/tests/radius-port1700-v.out new file mode 100644 index 00000000..389c7630 --- /dev/null +++ b/tests/radius-port1700-v.out @@ -0,0 +1,4 @@ +IP (tos 0x0, ttl 64, id 44978, offset 0, flags [none], proto UDP (17), length 53) + 127.0.0.1.42172 > 127.0.0.1.1700: RADIUS, length: 25 + CoA-Request (43), id: 0xa6, Authenticator: 7fbf02c6662b5990838a5e6e331b3ff0 + User-Name Attribute (1), length: 5, Value: bob diff --git a/udp.h b/udp.h index 0927c6b8..0e7cf970 100644 --- a/udp.h +++ b/udp.h @@ -200,6 +200,9 @@ struct udphdr { #ifndef RADIUS_ACCOUNTING_PORT #define RADIUS_ACCOUNTING_PORT 1646 #endif +#ifndef RADIUS_CISCO_COA_PORT +#define RADIUS_CISCO_COA_PORT 1700 +#endif #ifndef L2TP_PORT #define L2TP_PORT 1701 /*XXX*/ #endif