This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

radius eap message decoding

0

I have server sertificate and key. I made dump. Key installed in wireshark preferences.

I see Secure Socket Layer, TLS, Sertificates, but Encrypted Application Data still encrypted.

'Follow SSL' stream not works : tcp.stream eq 4369 in filter is wrong - radius uses udp.

How to extract and decode EAP messages?

asked 06 Dec '16, 07:48

eri's gravatar image

eri
6114
accept rate: 0%

edited 06 Dec '16, 07:49


2 Answers:

0

I couldn't get this to work either, maybe someone can point us in the right direction. Until then, here are some links:

https://wiki.freeradius.org/guide/stats-with-radsniff https://supportforums.cisco.com/blog/154046 http://security.stackexchange.com/questions/70981/decoding-tunnel-bytes-in-eap-tls-or-eap-ttls-using-wireshark

I use radsniff now to get at the primary master keys for 802.11/WPA2 when using Enterprise authentication. It doesn't directly address what you wanted, decryption of the TLS tunnel, but it provides what I needed so maybe you would get lucky too. The Cisco link walks through a way to decrypt the tunnel in Radius packets, assuming you are not using DH.

answered 06 Dec '16, 11:49

Bob%20Jones's gravatar image

Bob Jones
1.0k2515
accept rate: 21%

0

answered 08 Dec '16, 03:05

eri's gravatar image

eri
6114
accept rate: 0%