rad-bulk - A command line Radius bulk-testing client


    rad-bulk --secret secret --server server --dictionary dictfile ...
    [--timeout n] [--authport port] [--acctport port] [--help]
    [--children n] [--count n] [--random] [--verbose] packet-file ...


rad-bulk reads in one or more packet files containing the specification of the packets to send, and then proceed to flood the target server with a total of count requests, coming from up to children number of children.

Statistics are then printed, depicting the number of packets sent and some general timing statistics that allow for the measurement of the server's performance.

The packets are either Access-Request or Accounting-Request. The actual attributes are encoded in one or more packet files, allowing for some control in the specific work-load to be imposed in the target server.

--children n

How many children to fork() in order to send requests in parallel to the Radius server. This parameter can be used to increase the number of concurrent requests being sent to the server, to test in hight load scenarios.

Defaults to 1 child, which is useful to verify the test input parameters.

--count n

How many packets to process. Defaults to the amount of packets loaded via the packet file.

--timeout t

How much a child must wait for an answer before failing, in seconds. Defaults to 3 seconds.

--server server

Surprisingly, the server address to which to send the RADIUS packets.

--acctport port and --authport port

The accounting and authorization ports, used for Accounting-Request and Access-Request respectively. Defaults to 1812 and 1813, which are the standard ports for these purposes.

--secret secret

The RADIUS shared secret used for packet authentication.

--prompt [attribute]

Prompt the user and add a password-encoded RADIUS attribute to the request. By default, this works in the RADIUS attribute 2.

--dictionary dictfile...

Specifies one or more dictionary files to use for crafting the Radius packets and for decoding the eventual responses. Multiple files can be specified, causing the dictionaries to be loaded in order.


Shows this documentation, then exits.


Send a random sample of packets from the input packet files. By default, the requested count of packets is sent in order, from the packet file.


Send a "." to STDOUT each time a packet is sent, and a "\b" each time an answer is received. Additionally, output character codes for each error found.

Also, provide feedback about test progress.

Packet File Format

Packets are specified with a keyword (Authentication or Accounting) and a number of input lines, with each one specifying an attribute. Blank lines delimit packets. Lines whose first non-blank character is # are ignored as comments.

Radius attributes are as follows:


Where vendor and attribute are the labels specified in the dictionary.

This is an example of a valid packet specification:

    # A simple auth packet
    # A simple accounting packet. Note that
    # Acct-Session-Id will be provided automatically

Packet encoding is done as expected, depending on the type of packet being processed. Required attributes such as the Id and Authenticator are automatically provided.

Packet response authentication is checked for correctness. Invalid packets are logged and reported.


This code and all accompanying software comes with NO WARRANTY. You use it at your own risk.

This code and all accompanying software can be used freely under the terms of the GNU General Public License version 2.


Luis E. Muñoz <>


perl(1), Getopt::Long(3), Net::Radius::Packet(3), Net::Radius::Dictionary(3).

1 POD Error

The following errors were encountered while parsing the POD:

Around line 549:

Non-ASCII character seen before =encoding in 'Muñoz'. Assuming UTF-8