This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

tshark doesn’t seem to like radius

0

I have a capture file that i'd like to post process a bit and needing to focus on the sub name and framed ip addr in the radius files, but each time i try to filter off specific radius fields i get:

RADIUS$ tshark -r radius.cap2 -R 'radius.Framed-Ip-Address'

tshark: "radius.Framed-Ip-Address" is neither a field nor a protocol name.

asked 20 Jun '12, 09:43

deedr's gravatar image

deedr
6114
accept rate: 0%

edited 20 Jun '12, 09:52

thanks guys!

(20 Jun '12, 11:27) deedr

2 Answers:

1

Do you mean radius.Framed-IP-Address (note the caps "IP")

I don't have any RADIUS traffic to look at - if you have a sample, can you put it on CloudShark and then post the URL so we can look? It supports the same display filters.

answered 20 Jun '12, 10:20

zachad's gravatar image

zachad
331149
accept rate: 21%

edited 20 Jun '12, 10:20

2

Please run the following command to find the available (radius) fields in tshark (and wireshark).

Windows

tshark.exe -G fields | find "radius."

Unix:

tshark -G fields | grep 'radius\.'

Regards
Kurt

answered 20 Jun '12, 11:24

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 20 Jun '12, 15:17

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196

1

...and pipe it to more (or less, if you have it; Ludwig Mies van der Rohe would be proud :-)), as you're going to get several thousands of lines (8,613 lines in the SVN trunk version).

(20 Jun '12, 15:17) Guy Harris ♦♦