Wireshark has support for UDP. Trying to use Decode As for a TCP packet does not work. Can native support for RFC 6613 be added to Wireshark? It uses the same ports as UDP.
RFC 6614 is TLS (over TCP) which uses TCP/2083.
.LT.
There is an open merge request (needs more work):
3885: RADIUS: Add support for RFC 6613 (RADIUS over TCP)
Thank you. Very interesting discussion.
Can native support for RFC 6613 be added to Wireshark?
There are probably no technical reasons why it could not be done.
The next question to ask is "could somebody please add support for RFC 6613 to Wireshark?", and the way to ask that question, and other questions of that sort, is to make an enhancement request in the Wireshark issues list.
As noted, there is a merge request to add that, but it's an overly simple implementation that doesn't take into account the fact that, when running over a byte-stream-oriented protocol such as TCP, packet-oriented protocols such as RADIUS require special handling, as RADIUS packet boundaries don't necessarily correspond to TCP segment boundaries; there can, for example, be multiple RADIUS packets in a single TCP segment, or a RADIUS packet may be in more than one TCP segment. The submitter of the merge request was informed of this, and pointed to the documentation on how to do this using Wireshark's facilities for this, but has not updated the merge request in two years. Therefore, somebody might want to make their own change to support this, hence the suggestion that an issue be filed to serve as an indication that it's something that should be done.
Thank you. RFC 6613 was authored by Alan DeKok. FreeRadius is one of his significant projects. Perhaps it is worth a discussion to see if FreeRadius project is willing to contribute to Wireshark.
Comments