[tcpdump-workers] [tcpdump] Feature request: conditional run dissector on traffic (#495)
mcr at sandelman.ca
Wed Dec 16 13:01:45 EST 2015
> It has been mentioned briefly in #471: with the option -T radius it is
> possible to dissect traffic over non-RADIUS ports as RADIUS, but this
> means all traffic will be dissected as RADIUS
> A short use case as an example: FreeRADIUS has the possibility to use a
> RESTful server for authorization My RESTful daemon will send a
> CoA/Disconnect if this user still has another session, and my NAS
> requires that I send it to port 1700 instead of the standard port I
> want to see all the traffic that is relevant, which means UDP port 1812
> for RADIUS authentication, TCP port 80 for the RESTful traffic and UDP
> port 1700 for RADIUS CoA/Disconnect
> Until yesterday, UDP port 1700 was not marked as RADIUS, which means
> that would not be dissected If I use -T radius, all traffic would be
> dissected as RADIUS, so the HTTP traffic would be mangled
> It would be nice if there was a possibility to conditionally mark
> traffic as a certain protocol, like saying -T "udp port 1700 = radius,
> tcp port 4080 = http"
Being able to dynamically map ports -> protocols in TCPDUMP would indeed be a
nice thing to have. I think that squishing it all into -T is too hard.
I'd rather have a file that describes the mapping, and just bake a file like
that in as the default. As for a syntax...
I was thinking that maybe we could use pcap filters as the matchers.
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [
More information about the tcpdump-workers