Hi, I am having an issue with retrieving the value for the field radius.Framed_IP_Address but all other fields seem to be returned fine. Here is the command I'm running and sample output. I have confirmed that there is a value for the AVP for Framed-IP-Address by viewing the output. All other fields seem to work and I have tried using both radius.Framed_IP_Address and radius.Framed-IP-Address with no success. is there any reason why only this field doesn't seem to work? asked 13 Feb '13, 19:01  TsharkNewb |
One Answer:
it could be a bug in your tshark version. What is the output of Regards answered 13 Feb '13, 19:28  Kurt Knochner ♦ |
Thanks Kurt,
I have tried both commands. No output for that field for either one.
tshark -v shows: TShark 1.8.5 (SVN Rev Unknown from unknown)
...
Compiled (64-bit) with GLib 2.22.5, with libpcap, with libz 1.2.3, with POSIX capabilities (Linux), without SMI, without c-ares, without ADNS, without Lua, without Python, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT Kerberos, without GeoIP.
Running on Linux 2.6.32-220.el6.x86_64, with locale en_US.UTF-8, with libpcap version 1.3.0, with libz 1.2.3.
Built using gcc 4.4.6 20110731 (Red Hat 4.4.6-3).
I just ran it using one of the input file you supplied with the command:
tshark -r radius-acct-no-dups-sample.pcap -T fields -e radius.Framed-IP-Address
This works and returns the IP addresses. It only seems to not be working when I am trying to capture from the interface.
does it work, if you capture from the interface and write to a file. Then, afterwards read from that file with tshark?
I just want to check if it's the live capturing or a 'problem' with the radius protocol in your environment.
If does work that way, it might be a bug in tshark. Then, please file a bug report at bugs.wireshark.org. Please add a detailed problem description and a link to this question.