How to Analyze Network Protocols, Learn More >>

Being able to support more than 300 protocols in the latest version, Capsa Network Sniffer make it easy to analyze protocols in network and understand what is happening.

Recommend Network Analysis Software >>


RFC 1492 http://tools.ietf.org/html/rfc1492

Draft http://info.internet.isi.edu:80/in-drafts/files/draft-grant-tacacs-02.txt

TACACS+ is a protocol providing access control for routers, network access servers and other networked computing devices via one or more centralized servers. TACACS+ provides separate authentication, authorization and accounting services.
(Compliant with IETF draft-grant-tacacs-00.txt 10-1996.)

The format of the header is shown in the following illustration:

4
8
16
24
32 bits

Major

Minor

Packet type

Sequence no.

Flags

Session ID (4 bytes)

Length (4 bytes)

TACACS+ header structure

Major version
The major TACACS+ version number.

Minor version
The minor TACACS+ version number. This is intended to allow revisions to the TACACS+ protocol while maintaining backwards compatibility.

Packet type
Possible values are:
TAC_PLUS_AUTHEN:= 0x01 (Authentication).
TAC_PLUS_AUTHOR:= 0x02 (Authorization).
TAC_PLUS_ACCT:= 0x03 (Accounting).

Sequence number
The sequence number of the current packet for the current session. The first TACACS+ packet in a session must have the sequence number 1 and each subsequent packet will increment the sequence number by one. Thus clients only send packets containing odd sequence numbers, and TACACS+ daemons only send packets containing even sequence numbers.

Flags
This field contains various flags in the form of bitmaps. The flag values signify whether the packet is encrypted.

Session ID
The ID for this TACACS+ session.

Length
The total length of the TACACS+ packet body (not including the header).

Vulnerabilities for this protocol (from CVE)

CVE ID Protocol Source Port Targetport

TCP/IP Protocols:

AHARP/RARPATMPBGP-4COPSDCAPDHCPDNS
DVMRPEGPEIGRPESPFANPFingerFTPHSRP
HTTPICMPICMPv6IGMPIGRPIMAP4IPIPDC
IPv6ISAKMPL2FL2TPLDAPMARSMobile IPNARP
NetBIOS/IPNHRPNTPOSPFPIMPOP3PPTPRadius
RIP2RIPng for IPv6RLOGINRSVPRTSPRUDPS-HTTPSCTP
SLPSMTPSNMPSOCKS V5TACACSTALITCPTELNET
TFTPUDPVan JacobsonVRRPWCCPX-WindowXOT