raddump(1)raddump(1)NAMEraddump - decipher captured RADIUS packets
SYNOPSISraddump [-?vsn] < pktfile
DESCRIPTIONraddump(1) interprets captured RADIUS packets to print details about
them, including a timestamp, packet lengths, RADIUS packet type, source
and destination hosts and ports, and included attribute names and val‐
ues. It is primarily useful in conjunction with packet capture programs
such as tcpdump(1) or snoop(1M), and can be used either on a saved file
or in a pipeline to monitor ongoing communications.
raddump(1) currently understands packet traces that are RFC 1761-com‐
pliant (e.g. those produced by snoop v2) as well as those that are
stored in the libpcap format (e.g. those produced by tcpdump). rad‐
dump(1) is able to distinguish these file formats on the fly, so it is
not necessary to indicate which type of trace you are feeding it.
OPTIONS
-? print a usage summary
-v increase verbosity of output. Multiple -v arguments increase
verbosity. Without any -v's, raddump(1) will print simply a one-
line summary per packet consisting of timestamp, source and des‐
tination host and port, RADIUS packet type, and RADIUS packet
size.
With one -v argument, raddump(1) will also print any attributes
contained in the packet, including the attribute name and value.
For attributes containing binary data, the actual contents are
not printed, just a summary indicating the size of the binary
data.
With two -v arguments, raddump(1) will additionally print a hex
dump of any attributes containing binary data.
-n By default, raddump(1) does a reverse DNS lookup on the source
and destination IP addresses and prints the associated host‐
names. The -n switch suppresses this lookup, so that raddump(1)
will simply print the IP addresses in dotted quad notation.
-s Print short hostnames. If hostnames are being printed, omit the
domain part of the hostname.
EXAMPLES
With a saved packet trace:
$ raddump < pktfile
For real-time monitoring with snoop:
$ mkfifo ./snoopfifo
$ snoop -q -s 1500 -o ./snoopfifo udp port 1812 &
$ raddump < snoopfifo
For real-time monitoring with tcpdump:
$ tcpdump -s 1500 -w - udp port 1812 | raddumpSEE ALSOtcpdump(1), snoop(1M), pcap(3), RFC 1761
AUTHORS
The original author of raddump(1) was Jon Moore.
BUGS
Please send bug reports, enhancements, or questions to:
jonm@isc.upenn.edu
raddump(1)