Best way to capture RADIUS passwords
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Mon Nov 12 11:36:51 CET 2012
On 12 Nov 2012, at 10:24, Øystein Gyland <oystegy at usit.uio.no> wrote:
> On Fri, 2012-11-09 at 15:37 -0400, Chris Taylor wrote:
>
>> I setup tcpdump to dump to a file (tcpdump -i eth0 -n -s0 port radius
>> -w rad-capture.lpc) , but when I check it out with wireshark I am
>> unable to see the password (just the username). Am I going about this
>> the wrong way?
>
> You can decrypt the password from the tcpdump capture with radsniff:
>
> radsniff -I rad-capture.lpc -s <shared-secret>
Yes, but that's a PITA if you have multiple NAS with different shared secrets, hence suggesting using the server which has knowledge of all the client to secret associations.
You can use tcpreplay to read packets back into the server from a PCAP file.
-Arran
More information about the Freeradius-Users
mailing list