Nicolas Baradakis wrote:
When debugging a problem in prod environment, it's not possible to restart FreeRADIUS in debug mode, so we have to use a sniffer to display the RADIUS traffic on the network. However, general purpose sniffers like tcpdump or ethereal can only decode a few RADIUS attribute, while FreeRADIUS has thousands of attributes in its dictionaries.
That's why I wrote a simple sniffer based on the libradius of FreeRADIUS. It prints the RADIUS packets exactly like running "radiusd -X". It can also filter the packets based on any RADIUS attributes: the sniffer accepts the same strings as the "users" file to match a packet. I think it's a very useful RADIUS debug tool.
Since now you can go and replay the request to another radius server running on say port 11812
As it's easier to build the sniffer in the FreeRADIUS source tree, I've made a patch against CVS head. It is available here:
http://nbk.perso.cegetel.net/radsniff.patch
If people would be interested, it can be added to the CVS tree (pending Alan's approval).