Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: RE: [Ethereal-users] Decoding Cisco VSA

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Deepa Gandhavalli Ramaniah -X (dgandhav - HCL at Cisco)" <dgandhav@xxxxxxxxx>
Date: Mon, 24 Apr 2006 10:53:26 +0530

Hi Martin,

 

Many thanks for your reply.

 

Could you also help me in decoding the following attribute values?

1. T:Vendor Specific(26) l:21, vendor:Cisco(9)

      T:Cisco Command Info(252) l:15, value:01333830353538323533383930

 

I believe this is account-logon for the username 380558253890. Please correct me if I am wrong.

 

2.  T:Vendor Specific(26) l:21, vendor:Cisco(9)

       T:Cisco Command Info(252) l:15, value:042026

 

I believe this is account-ping. Please correct me if I am wrong.

 

3. T:Vendor Specific(26) l:21, vendor:Cisco(9)

       T:Cisco Command Info(252) l:15, value:0B4F30313030305F4B425333

 

I believe this is service-logon for the service name O00100_KBS3. Please correct me if I am wrong.

 

Many thanks,

Deepa

 

From: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Visser, Martin
Sent: Monday, April 24, 2006 3:00 AM
To: Ethereal user support
Subject: RE: [Ethereal-users] Decoding Cisco VSA

 

Deepa,

 

If I'm not incorrectly interpreting http://www.cisco.com/en/US/products/hw/iad/ps4349/products_installation_guide_chapter09186a008007e511.html , the VSA with sub-attribute ID of 252 from Cisco (9) is "Command-code"

 

The code for this attribute according to your dump begins with hex 0C, which I think the cisco doc refers to as octal or \014 or "Service Logoff". The remain Hex is converted with the following Perl one-liner 

 

perl -e '$h = pack "H*", "4F30303130305F4B425333"; print $h'

 

To give the user name "O00100_KBS3"

 

Martin Visser

Technology Consultant
Consulting & Integration
Technology Solutions Group - HP Services

410 Concord Road
Rhodes NSW  2138
Australia

Mobile: +61-411-254-513
Fax: +61-2-9022-1800    
E-mail: martin.visserAThp.com

This email (including any attachments) is intended only for the use of the individual or entity named above and may contain information that is confidential, proprietary or privileged. If you are not the intended recipient, please notify HP immediately by return email and then delete the email, destroy any printed copy and do not disclose or use the information in it.

 

 

From: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Deepa Gandhavalli Ramaniah -X (dgandhav - HCL at Cisco)
Sent: Saturday, 22 April 2006 4:14 PM
To: Ethereal user support
Subject: RE: [Ethereal-users] Decoding Cisco VSA

Hi all,

 

Radius Protocol

 Code: Access Accept (2)

 Packet identifier: 0x26 (38)

 Length: 72

 Authenticator: 0x9CAFB35071EA14E24A7CAF61539177

Attribute value pairs

 T:Vendor Specific(26) l:20, vendor:Cisco(9)

            T:Cisco Command Info(252) l:14, value:0C4F30303130305F4B425333

 T:Vendor Specific(26) l:26, vendor:Cisco(9)

            Cisco-Account-Info: s97.251.244.30:428

            T:Cisco Account Info(250) l:20, value:” s97.251.244.30:428”

 

In the above RADIUS packet, I want to decode the value of Cisco Command Info VSA (shown in bold).

Could anyone help me in decoding the value of this attribute?

 

Thanks,

Deepa

 

 

 

From: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Andreas Fink
Sent: Saturday, April 22, 2006 12:17 AM
To: Ethereal user support
Subject: Re: [Ethereal-users] Decoding Cisco VSA

 

Most cisco VSA these days are in cleartext in variable = value style so you should be simply able to read them.

Cisco only uses very few numeric VSA codes and packet all the other interesting radius attributes into a generic attribute for named variables.

 

On 21.04.2006, at 17:13, Deepa Gandhavalli Ramaniah -X (dgandhav - HCL at Cisco) wrote:

 

Hi Ethereal experts,

 

I use the Ethereal tool to analyze the snoop output captured in a Solaris machine. I would like to know how to decode a vendor (Cisco Systems, Inc.) specific RADIUS attribute – Cisco Command Code VSA.

Please share your views on this.

 

Thanks in advance,

Deepa

_______________________________________________

Ethereal-users mailing list

 

 

Andreas Fink

Fink Consulting GmbH

 

---------------------------------------------------------------

Tel: +41-61-6666332 Fax: +41-61-6666331  Mobile: +41-79-2457333

Address: Clarastrasse 3, 4058 Basel, Switzerland

E-Mail:  afink@xxxxxxxxxxxxxxxxxx

Homepage: http://www.finkconsulting.com

---------------------------------------------------------------

 

ICQ: 101946485 MSN: msn1@xxxxxx AIM: smsrelay Skype: andreasfink

Yahoo: finkconsulting SMS: +41792457333

PGP9: 0714 DF2B A189 A760 6201  5CBD D040 3E71 4DAF 68BB

 

 

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube