SSH to the NAC Appliance you wish to run the tcpdump command on
For ALL examples, use Control-C
to stop the packet capture. To limit capture size, read Additional notes below.
For issues with Radius or Authentication coming from a source switch or wireless controller use the below as example
tcpdump -i eth0 -s0 port 1812 and port 1813 -w radius.pcap
Note that it may be easier if you know the target device sending the radius packets. In that case, add the IP address into that command.
tcpdump -i eth0 -s0 port 1812 and port 1813 and host 126.96.36.199 -w radius.pcap
If one omits the -w radius.pcap
, the information will print to the screen with limited detail. It is often used to see if one sees any traffic at all prior to capturing to a file.
For issues with the NAC Captive Portal
here is a common example
tcpdump -i eth0 -s0 port 80 and port 445 and host <host IP of connecting device to portal> -w portal trace.
For issues with LDAP Authentication
tcpdump -i eth0 -s0 port 389 or port 636