raddump man page

raddump — decipher captured RADIUS packets

Synopsis

raddump [-?vsn] < pktfile

Description

raddump(1) interprets captured RADIUS packets to print details about them, including a timestamp, packet lengths, RADIUS packet type, source and destination hosts and ports, and included attribute names and values. It is primarily useful in conjunction with packet capture programs such as tcpdump(1) or snoop(1M), and can be used either on a saved file or in a pipeline to monitor ongoing communications.

raddump(1) currently understands packet traces that are RFC 1761-compliant (e.g. those produced by snoop v2) as well as those that are stored in the libpcap format (e.g. those produced by tcpdump). raddump(1) is able to distinguish these file formats on the fly, so it is not necessary to indicate which type of trace you are feeding it.

Options

-?
print a usage summary
-v

increase verbosity of output. Multiple -v arguments increase verbosity. Without any -v's, raddump(1) will print simply a one-line summary per packet consisting of timestamp, source and destination host and port, RADIUS packet type, and RADIUS packet size.

With one -v argument, raddump(1) will also print any attributes contained in the packet, including the attribute name and value. For attributes containing binary data, the actual contents are not printed, just a summary indicating the size of the binary data.

With two -v arguments, raddump(1) will additionally print a hex dump of any attributes containing binary data.

-n
By default, raddump(1) does a reverse DNS lookup on the source and destination IP addresses and prints the associated hostnames. The -n switch suppresses this lookup, so that raddump(1) will simply print the IP addresses in dotted quad notation.
-s
Print short hostnames. If hostnames are being printed, omit the domain part of the hostname.

Examples

With a saved packet trace:

$ raddump < pktfile

For real-time monitoring with snoop:

$ mkfifo ./snoopfifo
$ snoop -q -s 1500 -o ./snoopfifo udp port 1812 &
$ raddump < snoopfifo

For real-time monitoring with tcpdump:

$ tcpdump -s 1500 -w - udp port 1812 | raddump

See Also

tcpdump(1), snoop(1M), pcap(3), RFC 1761

Authors

The original author of raddump(1) was Jon Moore.

Bugs

Please send bug reports, enhancements, or questions to:

jonm@isc.upenn.edu

Info