Re: Radius

[Guy Harris <guy () alum mit edu>]

On Nov 16, 2004, at 1:08 PM, jesk wrote:

> in some auth-replies iam missing some attributes but instead of them i
> can see at the end of a tcpdump line the following:
> "[|radius]"
>
> what does this exactly mean?

It probably means that either

	1) the RADIUS packet didn't fit in a single link-layer packet (and was 
thus fragmented at the IP layer)

or

	2) the RADIUS packet didn't fit within the "snapshot length" used for 
the capture.

The default snapshot length for tcpdump is 68 for versions of tcpdump 
that don't support IPv6 and 96 for versions of tcpdump that do support 
IPv6, so, unless you specify a larger snapshot length with the "-s" 
flag, RADIUS packets that don't fit within 68 or 96 bytes (depending on 
whether the version of tcpdump you're using was built with IPv6 support 
or not) will get an |radius report.

In modern versions of tcpdump, "-s 0" requests a snapshot length of 
65535, which should be sufficient to handle all link layers supported 
by tcpdump.  In older versions, you'd have to do "-s 65535".  (Don't 
try to use the MTU of the network - using 0 or 65535 is easier, and 
more likely to be large enough; for example, note that "-s 1500" is 
*NOT* large enough for Ethernet, as the snapshot length includes the 
link-layer header, so it'd have to be "-s 1514".)

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.