This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I have server sertificate and key. I made dump. Key installed in wireshark preferences.

I see Secure Socket Layer, TLS, Sertificates, but Encrypted Application Data still encrypted.

'Follow SSL' stream not works : tcp.stream eq 4369 in filter is wrong - radius uses udp.

How to extract and decode EAP messages?

asked 06 Dec '16, 07:48

eri's gravatar image

eri
6114
accept rate: 0%

edited 06 Dec '16, 07:49


I couldn't get this to work either, maybe someone can point us in the right direction. Until then, here are some links:

https://wiki.freeradius.org/guide/stats-with-radsniff https://supportforums.cisco.com/blog/154046 http://security.stackexchange.com/questions/70981/decoding-tunnel-bytes-in-eap-tls-or-eap-ttls-using-wireshark

I use radsniff now to get at the primary master keys for 802.11/WPA2 when using Enterprise authentication. It doesn't directly address what you wanted, decryption of the TLS tunnel, but it provides what I needed so maybe you would get lucky too. The Cisco link walks through a way to decrypt the tunnel in Radius packets, assuming you are not using DH.

permanent link

answered 06 Dec '16, 11:49

Bob%20Jones's gravatar image

Bob Jones
1.0k2515
accept rate: 21%

permanent link

answered 08 Dec '16, 03:05

eri's gravatar image

eri
6114
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×56
×25
×4
×3

question asked: 06 Dec '16, 07:48

question was seen: 2,674 times

last updated: 08 Dec '16, 03:05

p​o​w​e​r​e​d by O​S​Q​A