This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 2 and 3
Revision 2 as of 2005-01-16 21:28:17
Size: 18
Editor: GuyHarris
Comment: Just redirect to RADIUS.
Revision 3 as of 2005-07-25 19:33:58
Size: 3071
Editor: LuisOntanon
Comment: the redirect directive does take me to "Radius" even if I told it "RADIUS"
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
#REDIRECT RADIUS ##language:en
= RADIUS =

RADIUS is a protocol for remote user authentication (and authorization?) and accounting. Its primary use is for Internet Service Providers, though it may as well be used on any network that needs a centralized authentication and/or accounting service for its workstations.

RADIUS is often used in larger ["Wi-Fi"] (wireless) networks for authentication purposes, replacing the simple shared key methods which are uncomfortable if a Wi-Fi network reaches a specific size.

The ["DIAMETER"] protocol is the designated successor, but RADIUS is still commonly used today.

== History ==

XXX - add a brief description of RADIUS history

== Protocol dependencies ==

 * ["UDP"]: RADIUS uses ["UDP"] as its underlying protocol. The registered UDP port for RADIUS traffic is 1812; the early deployment of RADIUS used UDP port 1645, which conflicted with the "datametrics" service. When RADIUS is used for accounting rather than authentication and configuration, the registered UDP port is 1813; the early deployment used port 1646, which conflicted with the "sa-msg-port" service.

== Example traffic ==

XXX - Add example traffic here (as plain text or Ethereal screenshot).

== Ethereal ==

RADIUS dissector is fully functional.

== Preference Settings ==

(XXX add links to preference settings affecting how RADIUS is dissected).

== Example capture file ==

XXX - Add a simple example capture file. Keep it short, it's also a good idea to gzip it to make it even smaller, as Ethereal can open gzipped files automatically.

== Display Filter ==

A complete list of RADIUS display filter fields can be found in the [http://www.ethereal.com/docs/dfref/r/radius.html display filter reference]

 Show only the RADIUS traffic: {{{
 radius }}}

== Capture Filter ==

You cannot directly filter RADIUS protocols while capturing. However, if the RADIUS traffic is using one or more of the standard ["UDP"] ports (see above), you can filter on that port or ports.

 Capture RADIUS authentication and configuration traffic over the assigned port (1812): {{{
 udp port 1812 }}}
 Capture RADIUS accounting traffic over the assigned port (1813): {{{
 udp port 1813 }}}
 Capture RADIUS authentication and configuration traffic, and RADIUS accounting traffic, over the assigned ports): {{{
 udp port 1812 or udp port 1813 }}}

== External links ==

 * [http://www.ietf.org/rfc/rfc2865.txt RFC2865] Remote Authentication Dial In User Service (RADIUS)
 * [http://www.ietf.org/rfc/rfc2866.txt RFC2866] RADIUS Accounting
 * [http://www.ietf.org/rfc/rfc2867.txt RFC2867] RADIUS Accounting Modifications for Tunnel Protocol Support
 * [http://www.ietf.org/rfc/rfc2868.txt RFC2868] RADIUS Attributes for Tunnel Protocol Support
 * [http://www.ietf.org/rfc/rfc2869.txt RFC2869] RADIUS Extensions
 * [http://www.iana.org/assignments/radius-types RADIUS attributes and packet type codes]

== RADIUS servers ==

See RadiusServers for information about various RADIUS server distributions.

== Discussion ==

RADIUS

RADIUS is a protocol for remote user authentication (and authorization?) and accounting. Its primary use is for Internet Service Providers, though it may as well be used on any network that needs a centralized authentication and/or accounting service for its workstations.

RADIUS is often used in larger ["Wi-Fi"] (wireless) networks for authentication purposes, replacing the simple shared key methods which are uncomfortable if a Wi-Fi network reaches a specific size.

The ["DIAMETER"] protocol is the designated successor, but RADIUS is still commonly used today.

History

XXX - add a brief description of RADIUS history

Protocol dependencies

  • ["UDP"]: RADIUS uses ["UDP"] as its underlying protocol. The registered UDP port for RADIUS traffic is 1812; the early deployment of RADIUS used UDP port 1645, which conflicted with the "datametrics" service. When RADIUS is used for accounting rather than authentication and configuration, the registered UDP port is 1813; the early deployment used port 1646, which conflicted with the "sa-msg-port" service.

Example traffic

XXX - Add example traffic here (as plain text or Ethereal screenshot).

Ethereal

RADIUS dissector is fully functional.

Preference Settings

(XXX add links to preference settings affecting how RADIUS is dissected).

Example capture file

XXX - Add a simple example capture file. Keep it short, it's also a good idea to gzip it to make it even smaller, as Ethereal can open gzipped files automatically.

Display Filter

A complete list of RADIUS display filter fields can be found in the [http://www.ethereal.com/docs/dfref/r/radius.html display filter reference]

  • Show only the RADIUS traffic:

     radius 

Capture Filter

You cannot directly filter RADIUS protocols while capturing. However, if the RADIUS traffic is using one or more of the standard ["UDP"] ports (see above), you can filter on that port or ports.

  • Capture RADIUS authentication and configuration traffic over the assigned port (1812):

     udp port 1812 

    Capture RADIUS accounting traffic over the assigned port (1813):

     udp port 1813 

    Capture RADIUS authentication and configuration traffic, and RADIUS accounting traffic, over the assigned ports):

     udp port 1812 or udp port 1813 

RADIUS servers

See RadiusServers for information about various RADIUS server distributions.

Discussion

Radius (last edited 2009-04-29 23:56:07 by KonradRoeder)