{"id":5212,"date":"2018-03-29T10:25:57","date_gmt":"2018-03-29T10:25:57","guid":{"rendered":"https:\/\/really.zonky.org\/?p=5212"},"modified":"2018-03-29T10:25:57","modified_gmt":"2018-03-29T10:25:57","slug":"fixing-wiresharks-interpretation-of-radius-operator_name","status":"publish","type":"post","link":"https:\/\/really.zonky.org\/?p=5212","title":{"rendered":"Fixing Wireshark&#8217;s Interpretation of RADIUS Operator_Name"},"content":{"rendered":"<p>For some reason when I look at RADIUS packet captures using Wireshark, the attribute Operator_Name is instead interpreted as Multi-Link-Flag (an integer rather than a string). I&#8217;m not sure what this is, but it is\u00a0<em>much<\/em> more useful to me to be able to see the Operator_Name properly &#8211; and for example, filter on it.<\/p>\n<p>It turns out this is easy to &#8220;fix&#8221; (if it is a fix) :-<\/p>\n<ol>\n<li>Find the file <em>radius\/dictionary.usr<\/em> (mine was\u00a0<em>\/usr\/share\/wireshark\/radius\/dictionary.usr<\/em>)<\/li>\n<li>Edit that file, and comment out three lines containing &#8220;Multi-Link-Flag&#8221; which in my case appeared like :-\n<ol>\n<li>ATTRIBUTE Multi-Link-Flag 126 integer<\/li>\n<li>VALUE Multi-Link-Flag True 1<\/li>\n<li>VALUE Multi-Link-Flag False 0<\/li>\n<\/ol>\n<\/li>\n<li>Save the modified file.<\/li>\n<\/ol>\n<p>After a restart, Wireshark now understands it.<\/p>\n<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5213\" src=\"https:\/\/i0.wp.com\/really.zonky.org\/wp-content\/uploads\/2018-03-29_1121.png?resize=695%2C25&#038;ssl=1\" alt=\"\" width=\"695\" height=\"25\" srcset=\"https:\/\/i0.wp.com\/really.zonky.org\/wp-content\/uploads\/2018-03-29_1121.png?w=1018&amp;ssl=1 1018w, https:\/\/i0.wp.com\/really.zonky.org\/wp-content\/uploads\/2018-03-29_1121.png?resize=300%2C11&amp;ssl=1 300w, https:\/\/i0.wp.com\/really.zonky.org\/wp-content\/uploads\/2018-03-29_1121.png?resize=768%2C27&amp;ssl=1 768w\" sizes=\"auto, (max-width: 695px) 100vw, 695px\" \/><\/p>\n<p>It is possible that later versions of Wireshark have fixed this, or not &#8211; it is possible that the bug is down to whoever assigned RADIUS attribute codes!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>For some reason when I look at RADIUS packet captures using Wireshark, the attribute Operator_Name is instead interpreted as Multi-Link-Flag (an integer rather than a string). I&#8217;m not sure what this is, but it is\u00a0much more useful to me to be able to see the Operator_Name properly &#8211; and for example, filter on it. It <a href='https:\/\/really.zonky.org\/?p=5212' class='excerpt-more'>[&#8230;]<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false,"_share_on_mastodon":"0"},"categories":[4,226],"tags":[1730,1729,1728,1727],"class_list":["post-5212","post","type-post","status-publish","format-standard","hentry","category-it","category-working-notes","tag-eduroam","tag-operator-name","tag-radius","tag-wireshark","category-4-id","category-226-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"share_on_mastodon":{"url":"","error":""},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p1f2KI-1m4","_links":{"self":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts\/5212","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5212"}],"version-history":[{"count":2,"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts\/5212\/revisions"}],"predecessor-version":[{"id":5215,"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts\/5212\/revisions\/5215"}],"wp:attachment":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5212"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5212"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5212"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}