Capture pcap files using TcpDump command for Radius protocol

pcap radius
iRunner picture iRunner · Apr 9, 2014 · Viewed 17.2k times · Source

I am trying to capture the pcap files using following command.

tcpdump -c 25 -i eth0.

I want to capture packets specifically for Radius Protocol. I tried

tcpdump -c 25 -i etho radius,It is giving syntax error.

Answer

user862787 picture user862787 · Apr 9, 2014

There are a very small number of protocols whose names can directly be used in filters in tcpdump (and capture filters in Wireshark - they use the same libpcap/WinPcap library for capturing and thus for capture filters), and RADIUS isn't one of them.

Tcpdump filters can't easily check anything above the transport layer headers, so you have to identify protocols running atop TCP or UDP by the port number. You'd want

tcpdump -c 25 -i eth0 port 1812 or port 1813 or port 3799

and, on most systems, the /etc/services file has entries for RADIUS, so you could do

tcpdump -c 25 -i eth0 port radius or port radius-acct or port radius-dynauth

Related questions

Parsing a pcap file in python

I am trying to parse through a pcap file in python. My goal is to be able to pull out the type of TCP or UDP file it is and the time they start/end. Does anyone have any advice …

Read More
How to filter MAC addresses using tcpdump?

I am running tcpdump on DD-WRT routers in order to capture uplink data from mobile phones. I would like to listen only to some mac addresses. To do this I tried to run the command using a syntax similar to …

Read More
How to parse packets in a python library?

How to you parse a packet from either a .pcap file, or an interface, using python? I'm specifically looking for a solution that uses a well documented library.

Read More