Troubleshooting TACACS+ authentication issues
Because TACACS+ requires a secret, data is encrypted and, therefore, debugging authentication problems can be difficult. Tools such as tshark can be used, provided that the secret is known. For example, to debug a TACACS+ authentication problem by using tshark , given a secret of mysecret on the well-known TACACS+ port (tacacs , which is port 49), you enter either of the following commands:
tshark -o tacplus.key:mysecret tcp port tacacs
tshark -o tacplus.key:mysecret tcp port 49