1raddump(1)                  General Commands Manual                 raddump(1)
2
3
4

NAME

6       raddump - decipher captured RADIUS packets
7

SYNOPSIS

9       raddump [-?vsn] < pktfile
10

DESCRIPTION

12       raddump(1)  interprets  captured  RADIUS packets to print details about
13       them, including a timestamp, packet lengths, RADIUS packet type, source
14       and  destination hosts and ports, and included attribute names and val‐
15       ues. It is primarily useful in conjunction with packet capture programs
16       such as tcpdump(1) or snoop(1M), and can be used either on a saved file
17       or in a pipeline to monitor ongoing communications.
18
19       raddump(1) currently understands packet traces that are  RFC  1761-com‐
20       pliant  (e.g.  those  produced  by  snoop v2) as well as those that are
21       stored in the libpcap format (e.g. those  produced  by  tcpdump).  rad‐
22       dump(1)  is able to distinguish these file formats on the fly, so it is
23       not necessary to indicate which type of trace you are feeding it.
24

OPTIONS

26       -?     print a usage summary
27
28       -v     increase verbosity of output.  Multiple  -v  arguments  increase
29              verbosity. Without any -v's, raddump(1) will print simply a one-
30              line summary per packet consisting of timestamp, source and des‐
31              tination  host  and  port, RADIUS packet type, and RADIUS packet
32              size.
33
34              With one -v argument, raddump(1) will also print any  attributes
35              contained in the packet, including the attribute name and value.
36              For attributes containing binary data, the actual  contents  are
37              not  printed,  just  a summary indicating the size of the binary
38              data.
39
40              With two -v arguments, raddump(1) will additionally print a  hex
41              dump of any attributes containing binary data.
42
43       -n     By  default,  raddump(1) does a reverse DNS lookup on the source
44              and destination IP addresses and  prints  the  associated  host‐
45              names.  The -n switch suppresses this lookup, so that raddump(1)
46              will simply print the IP addresses in dotted quad notation.
47
48       -s     Print short hostnames. If hostnames are being printed, omit  the
49              domain part of the hostname.
50

EXAMPLES

52       With a saved packet trace:
53              $ raddump < pktfile
54
55       For real-time monitoring with snoop:
56              $ mkfifo ./snoopfifo
57              $ snoop -q -s 1500 -o ./snoopfifo udp port 1812 &
58              $ raddump < snoopfifo
59
60       For real-time monitoring with tcpdump:
61              $ tcpdump -s 1500 -w - udp port 1812 | raddump
62

SEE ALSO

64       tcpdump(1), snoop(1M), pcap(3), RFC 1761
65

AUTHORS

67       The original author of raddump(1) was Jon Moore.
68

BUGS

70       Please send bug reports, enhancements, or questions to:
71              jonm@isc.upenn.edu
72
73
74
75
76                                                                    raddump(1)
Impressum