RADIUS sniffer

Alan DeKok aland at ox.org
Thu Jan 19 18:17:46 CET 2006

Nicolas Baradakis <nbk at sitadelle.com> wrote:
> That's why I wrote a simple sniffer based on the libradius of
> FreeRADIUS. It prints the RADIUS packets exactly like running
> "radiusd -X". It can also filter the packets based on any RADIUS
> attributes: the sniffer accepts the same strings as the "users" file
> to match a packet. I think it's a very useful RADIUS debug tool.


> As it's easier to build the sniffer in the FreeRADIUS source tree,
> I've made a patch against CVS head. It is available here:
> 	     http://nbk.perso.cegetel.net/radsniff.patch


 - use #ifdef HAVE_FOO_H around the #includes, and wrap the whole
radsniff.h in #ifdef HAVE_PCAP_H.  There's some crazy system out there
with libpcap, but not pcap.h, and it's admin will complain to the list.

 - the code you're copying from lib/radius.c could be abstracted a bit
better, so you don't have to copy it.  I've started down some of that
path with the rad_encode, rad_sign, etc. functions.  We could do more.

> If people would be interested, it can be added to the CVS tree (pending
> Alan's approval).

  Looks good to me.

  Also, the Ethereal people have grabbed the FreeRADIUS dictionaries
whole-sale.  So Ethereal can understand *most* of the attributes
FreeRADIUS understands.  I've still got to send them a patch to handle
USR, Lucent, and Starent VSA's.  But once that's done, they'll be as
capable as FreeRADIUS.

  Alan DeKok.

More information about the Freeradius-Devel mailing list