DragonFly On-Line Manual Pages
raddump(1) DragonFly General Commands Manual raddump(1)
NAME
raddump - decipher captured RADIUS packets
SYNOPSIS
raddump [-?vsn] < pktfile
DESCRIPTION
raddump(1) interprets captured RADIUS packets to print details about
them, including a timestamp, packet lengths, RADIUS packet type, source
and destination hosts and ports, and included attribute names and
values. It is primarily useful in conjunction with packet capture
programs such as tcpdump(1) or snoop(1M), and can be used either on a
saved file or in a pipeline to monitor ongoing communications.
raddump(1) currently understands packet traces that are RFC
1761-compliant (e.g. those produced by snoop v2) as well as those that
are stored in the libpcap format (e.g. those produced by tcpdump).
raddump(1) is able to distinguish these file formats on the fly, so it
is not necessary to indicate which type of trace you are feeding it.
OPTIONS
-? print a usage summary
-v increase verbosity of output. Multiple -v arguments increase
verbosity. Without any -v's, raddump(1) will print simply a one-
line summary per packet consisting of timestamp, source and
destination host and port, RADIUS packet type, and RADIUS packet
size.
With one -v argument, raddump(1) will also print any attributes
contained in the packet, including the attribute name and value.
For attributes containing binary data, the actual contents are
not printed, just a summary indicating the size of the binary
data.
With two -v arguments, raddump(1) will additionally print a hex
dump of any attributes containing binary data.
-n By default, raddump(1) does a reverse DNS lookup on the source
and destination IP addresses and prints the associated
hostnames. The -n switch suppresses this lookup, so that
raddump(1) will simply print the IP addresses in dotted quad
notation.
-s Print short hostnames. If hostnames are being printed, omit the
domain part of the hostname.
EXAMPLES
With a saved packet trace:
$ raddump < pktfile
For real-time monitoring with snoop:
$ mkfifo ./snoopfifo
$ snoop -q -s 1500 -o ./snoopfifo udp port 1812 &
$ raddump < snoopfifo
For real-time monitoring with tcpdump:
$ tcpdump -s 1500 -w - udp port 1812 | raddump
SEE ALSO
tcpdump(1), snoop(1M), pcap(3), RFC 1761
AUTHORS
The original author of raddump(1) was Jon Moore.
BUGS
Please send bug reports, enhancements, or questions to:
jonm@isc.upenn.edu
raddump(1)