Re: Radius

[jesk <jesk () killall org>]

> On Nov 16, 2004, at 1:08 PM, jesk wrote:
>
> > in some auth-replies iam missing some attributes but instead of them i
> > can see at the end of a tcpdump line the following:
> > "[|radius]"
> >
> > what does this exactly mean?
>
> It probably means that either
>
>         1) the RADIUS packet didn't fit in a single link-layer packet (and was
> thus fragmented at the IP layer)
>
> or
>
>         2) the RADIUS packet didn't fit within the "snapshot length" used for
> the capture.
>
> The default snapshot length for tcpdump is 68 for versions of tcpdump
> that don't support IPv6 and 96 for versions of tcpdump that do support
> IPv6, so, unless you specify a larger snapshot length with the "-s" flag,
> RADIUS packets that don't fit within 68 or 96 bytes (depending on whether
> the version of tcpdump you're using was built with IPv6 support or not)
> will get an |radius report.
>
> In modern versions of tcpdump, "-s 0" requests a snapshot length of
> 65535, which should be sufficient to handle all link layers supported by
> tcpdump.  In older versions, you'd have to do "-s 65535".  (Don't try to
> use the MTU of the network - using 0 or 65535 is easier, and more likely
> to be large enough; for example, note that "-s 1500" is *NOT* large
> enough for Ethernet, as the snapshot length includes the link-layer
> header, so it'd have to be "-s 1514".)
>
> -
> This is the tcpdump-workers list.
> Visit https://lists.sandelman.ca/ to unsubscribe.

Ah thanks for the reply and the answer of my question, this explains 
everything :)


kind regards,

Christian

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.