Let us have a look into a Radius Request example:
The NAS at 192.168.1.16 sends an Access-Request UDP packet to the RADIUS Server for a user named Nemo logging in on port 3 with password "arctangent".
The Request Authenticator is a 16 octet random number generated by the NAS.
The User-Password is 16 octets padded at end with nulls, XORed with D5 (Shared Secret|Request Authenticator).
01 00 00 38 0f 40 3f 94 73 97 80 57 bd 83 d5 cb 98 f4 22 7a 01 06 6e 65 6d 6f 02 12 0d be 70 8d 93 d4 13 ce 31 96 e4 3f 78 2a 0a ee 04 06 c0 a8 01 10 05 06 00 00 00 03
1 Code = Access-Request (1)
1 Identifier = 0
2 Length = 56
16 Request Authenticator
Attribute List
6 User-Name = "Nemo"
18 User-Password
6 NAS-IP-Address = 192.168.1.16
6 NAS-Port = 3
Here is an example of Response Packets:
The Radius server authenticates Nemo and sends an Access-Accept UDP packet to the NAS telling it to telnet Nemo to host 192.168.1.3
The Response Authenticator is a 16-octet MD5 checksum of the code (2), id (0), Length (38), the Request Authenticator from above, the attributes in this reply, and the shared secret.
02 00 00 26 86 fe 22 0e 76 24 ba 2a 10 05 f6 bf 9b 55 e0 b2 06 06 00 00 00 01 0f 06 00 00 00 00 0e 06 c0 a8 01 03
1 Code = Access-Accept (2)
1 Identifier = 0 (same as in Access-Request)
2 Length = 38
16 Response Authenticator
Attribute List:
6 Service-Type (6) = Login (1)
6 Login-Service (15) = Telnet (0)
6 Login-IP-Host (14) = 192.168.1.3