当前位置:文档之家› 802.1x抓包详解

802.1x抓包详解

1.当用户有上网需求时打开802.1X客户端程序,输入用户名和口令,发起连接请求。此时客户端程序将发出请求认证的报文给交换机,启动一次认证过程。
如下:
Frame 90 (64 bytes on wire, 64 bytes captured)
Arrival Time: Nov 27, 2006 16:27:33.446030000
Time delta from previous packet: 3.105345000 seconds
Time since reference or first frame: 5.082965000 seconds
Frame Number: 90
Packet Length: 64 bytes
Capture Length: 64 bytes
Ethernet II, Src: 00:e0:4c:d7:65:cd, Dst: 01:80:c2:00:00:03
Destination: 01:80:c2:00:00:03 (Spanning-tree-(for-bridges)_03)
Source: 00:e0:4c:d7:65:cd (RealtekS_d7:65:cd)
Type: 802.1X Authentication (0x888e)
Trailer: A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5...
Frame check sequence: 0xa5a5a5a5 (incorrect, should be 0xcc6d5b40)
802.1x Authentication
Version: 1
Type: Start (1)
Length: 0
2.交换机在收到请求认证的数据帧后,将发出一个EAP-Request/Identitybaowe请求帧要求客户端程序发送用户输入的用户名。
Frame 91 (64 bytes on wire, 64 bytes captured)
Arrival Time: Nov 27, 2006 16:27:33.447236000
Time delta from previous packet: 0.001206000 seconds
Time since reference or first frame: 5.084171000 seconds
Frame Number: 91
Packet Length: 64 bytes
Capture Length: 64 bytes
Ethernet II, Src: 00:03:0f:01:3a:5a, Dst: 00:e0:4c:d7:65:cd
Destination: 00:e0:4c:d7:65:cd (RealtekS_d7:65:cd)
Source: 00:03:0f:01:3a:5a (DigitalC_01:3a:5a)
Type: 802.1X Authentication (0x888e)
Trailer: A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5...
Frame check sequence: 0xa5a5a5a5 (incorrect, should be 0x7d263869)
802.1x Authentication
Version: 1
Type: EAP Packet (0)
Length: 5
Extensible Authentication Protocol
Code: Request (1)
Id: 1
Length: 5
Type: Identity [RFC3748] (1)
3.客户端程序响应交换机的请求,将包含用户名信息的一个EAP-Response/Identity送给交换机,交换机将客户端送来的数据帧经过封包处理后生成RADIUS Access-Request报文送给认证服务器进行处理。
Frame 148 (77 bytes on wire, 77 bytes captured)
Arrival Time: Nov 27, 2006 16:27:36.446199000
Time delta from previous packet: 2.998963000 seconds
Time since reference or first frame: 8.083134000 seconds
Frame Number: 148
Packet Length: 77 bytes
Capture Length: 77 bytes
Ethernet II, Src: 00:e0:4c:d7:65:cd, Dst: 01:80:c2:00:00:03
Destination: 01:80:c2:00:00:03 (Spanning-tree-(for-bridges)_03)
Source: 00:e0:4c:d7:65:cd (RealtekS_d7:65:cd)
Type: 802.1X Authentication (0x888e)
802.1x Authentication
Version: 1
Type: EAP Packet (0)
Length: 59
Extensible Authentication Protocol
Code: Response (2)
Id: 1
Length: 13
Type: Identity [RFC3748] (1)
Identity (8 bytes): 03051020
4.认证服务器收到交换机转发上来的用户名信息后,将该信息与数据库中的用户名表相比对,找到该用户名对应的口令信息,用随机生成的一个加密字Challenge

对它进行加密处理(MD5),通过接入设备将RADIUS Access-Challenge报文发送给客户端,其中包含有EAP-Request/MD5-Challenge。
Frame 154 (64 bytes on wire, 64 bytes captured)
Arrival Time: Nov 27, 2006 16:27:36.567003000
Time delta from previous packet: 0.120804000 seconds
Time since reference or first frame: 8.203938000 seconds
Frame Number: 154
Packet Length: 64 bytes
Capture Length: 64 bytes
Ethernet II, Src: 00:03:0f:01:3a:5a, Dst: 00:e0:4c:d7:65:cd
Destination: 00:e0:4c:d7:65:cd (RealtekS_d7:65:cd)
Source: 00:03:0f:01:3a:5a (DigitalC_01:3a:5a)
Type: 802.1X Authentication (0x888e)
Trailer: A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5...
Frame check sequence: 0xa5a5a5a5 (incorrect, should be 0x4ec1ac73)
802.1x Authentication
Version: 1
Type: EAP Packet (0)
Length: 22
Extensible Authentication Protocol
Code: Request (1)
Id: 2
Length: 22
Type: MD5-Challenge [RFC3748] (4)
Value-Size: 16
Value: 1CBFEE2149E38D2928DABB4772D285EB
5.客户端收到EAP-Request/MD5-Challenge报文后,用该加密字对口令部分进行加密处理(MD5)给交换机发送在EAP-Response/MD5-Challenge回应,交换机将Challenge,Challenged Password和用户名一起送到RADIUS 服务器进行认证。
Frame 199 (94 bytes on wire, 94 bytes captured)
Arrival Time: Nov 27, 2006 16:27:39.446161000
Time delta from previous packet: 2.879158000 seconds
Time since reference or first frame: 11.083096000 seconds
Frame Number: 199
Packet Length: 94 bytes
Capture Length: 94 bytes
Ethernet II, Src: 00:e0:4c:d7:65:cd, Dst: 01:80:c2:00:00:03
Destination: 01:80:c2:00:00:03 (Spanning-tree-(for-bridges)_03)
Source: 00:e0:4c:d7:65:cd (RealtekS_d7:65:cd)
Type: 802.1X Authentication (0x888e)
802.1x Authentication
Version: 1
Type: EAP Packet (0)
Length: 76
Extensible Authentication Protocol
Code: Response (2)
Id: 2
Length: 30
Type: MD5-Challenge [RFC3748] (4)
Value-Size: 16
Value: CBAC378ABB609123D2BB412840AEC614
Extra data (8 bytes): 3033303531303230
6.认证服务器将送上来的加密后的口令信息和其自己经过加密运算后的口令信息进行对比,判断用户是否合法,然后回应认证成功/失败报文到接入设备。如果认证成功,则向交换机发出打开端口的指令,允许用户的业务流通过端口访问网络。否则,保持交换机端口的关闭状态,只允许认证信息数据通过。
Frame 205 (243 bytes on wire, 243 bytes captured)
Arrival Time: Nov 27, 2006 16:27:39.632706000
Time delta from previous packet: 0.186545000 seconds
Time since reference or first frame: 11.269641000 seconds
Frame Number: 205
Packet Length: 243 bytes
Capture Length: 243 bytes
Ethernet II, Src: 00:03:0f:01:3a:5a, Dst: 00:e0:4c:d7:65:cd
Destination: 00:e0:4c:d7:65:cd (RealtekS_d7:65:cd)
Source: 00:03:0f:01:3a:5a (DigitalC_01:3a:5a)
Type: 802.1X Authentication (0x888e)
802.1x Authent

ication
Version: 1
Type: EAP Packet (0)
Length: 225
Extensible Authentication Protocol
Code: Success (3)
Id: 0
Length: 4

相关主题
相关文档 最新文档