Capture pcap files using TcpDump command for Radius protocol

StackOverflow https://stackoverflow.com/questions/22962301

  •  30-06-2023
  •  | 
  •  

Question

I am trying to capture the pcap files using following command.

tcpdump -c 25 -i eth0.

I want to capture packets specifically for Radius Protocol. I tried

tcpdump -c 25 -i etho radius,It is giving syntax error.

Was it helpful?

Solution

There are a very small number of protocols whose names can directly be used in filters in tcpdump (and capture filters in Wireshark - they use the same libpcap/WinPcap library for capturing and thus for capture filters), and RADIUS isn't one of them.

Tcpdump filters can't easily check anything above the transport layer headers, so you have to identify protocols running atop TCP or UDP by the port number. You'd want

tcpdump -c 25 -i eth0 port 1812 or port 1813 or port 3799

and, on most systems, the /etc/services file has entries for RADIUS, so you could do

tcpdump -c 25 -i eth0 port radius or port radius-acct or port radius-dynauth
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top