[OT] Is it possible to use Wireshark to visualize RFC7268 AVP (instead of Unkown-Attribute) ?

Rens Houben rhouben at systemec.nl
Tue Apr 5 12:35:41 UTC 2022

> Van: Freeradius-Users <freeradius-users-bounces+rhouben=systemec.nl at lists.freeradius.org> namens Alan DeKok  <aland at deployingradius.com>

> On Apr 5, 2022, at 7:56 AM, Olivier <oza.4h07 at gmail.com> wrote:
> > Debugging some Radius accounting sessions on Debian Bullseye,
> > Wireshark shows some AVP as "t=Unkown-Attribute(186)" or
> > "t=Unkown-Attribute(187)".
> > Looking at [1], it seems those AVP belongs to RFC7268.
> > In my PC, a /usr/share/wireshark/radius/dictionary.rfc7268 file exists
> > and it contains data about AVP 186 and 187.

> > Is it possible to use Wireshark to read these Unkown attributes ? If
> > positive, how ?

>  The RADIUS dictionaries should be loaded by default in Wireshark.

>  But if they're not, you'll have to ask the Wireshark people why their software doesn't work.

>  Alan DeKok.

Having just checked wireshark on a debian 11 system, I can confirm that it does in fact load the RADIUS dictionaries -- and it doesn't need to have freeradius installed to look them up either.

The dictionaries are contained in the libwireshark-data package which should have been installed automatically as a dependency of wireshark by apt.

Rens Houben
Systemec Internet Services

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list