It has been mentioned briefly in #471: with the option -T radius it is possible to dissect traffic over non-RADIUS ports as RADIUS, but this means all traffic will be dissected as RADIUS.
A short use case as an example: FreeRADIUS has the possibility to use a RESTful server for authorization. My RESTful daemon will send a CoA/Disconnect if this user still has another session, and my NAS requires that I send it to port 1700 instead of the standard port. I want to see all the traffic that is relevant, which means UDP port 1812 for RADIUS authentication, TCP port 80 for the RESTful traffic and UDP port 1700 for RADIUS CoA/Disconnect.
Until yesterday, UDP port 1700 was not marked as RADIUS, which means that would not be dissected. If I use -T radius, all traffic would be dissected as RADIUS, so the HTTP traffic would be mangled.
It would be nice if there was a possibility to conditionally mark traffic as a certain protocol, like saying -T "udp port 1700 = radius, tcp port 4080 = http"
It has been mentioned briefly in #471: with the option
-T radiusit is possible to dissect traffic over non-RADIUS ports as RADIUS, but this means all traffic will be dissected as RADIUS.A short use case as an example: FreeRADIUS has the possibility to use a RESTful server for authorization. My RESTful daemon will send a CoA/Disconnect if this user still has another session, and my NAS requires that I send it to port 1700 instead of the standard port. I want to see all the traffic that is relevant, which means UDP port 1812 for RADIUS authentication, TCP port 80 for the RESTful traffic and UDP port 1700 for RADIUS CoA/Disconnect.
Until yesterday, UDP port 1700 was not marked as RADIUS, which means that would not be dissected. If I use
-T radius, all traffic would be dissected as RADIUS, so the HTTP traffic would be mangled.It would be nice if there was a possibility to conditionally mark traffic as a certain protocol, like saying
-T "udp port 1700 = radius, tcp port 4080 = http"