Mar 292018
For some reason when I look at RADIUS packet captures using Wireshark, the attribute Operator_Name is instead interpreted as Multi-Link-Flag (an integer rather than a string). I’m not sure what this is, but it is much more useful to me to be able to see the Operator_Name properly – and for example, filter on it.
It turns out this is easy to “fix” (if it is a fix) :-
- Find the file radius/dictionary.usr (mine was /usr/share/wireshark/radius/dictionary.usr)
- Edit that file, and comment out three lines containing “Multi-Link-Flag” which in my case appeared like :-
- ATTRIBUTE Multi-Link-Flag 126 integer
- VALUE Multi-Link-Flag True 1
- VALUE Multi-Link-Flag False 0
- Save the modified file.
After a restart, Wireshark now understands it.
It is possible that later versions of Wireshark have fixed this, or not – it is possible that the bug is down to whoever assigned RADIUS attribute codes!