On Jun 17, 2021, at 10:07 PM, Michel Verhagen <mike@guruce.com> wrote:
I am using the test certs as generated by ./bootstrap. I am having trouble finding the right instructions for setting up Wireshark to decode EAPOL-TLS (over LAN, not WIFI). If you could provide some guidance, that would be much appreciated.
It's been a while since I did it. But I don't recall it being complex.
With whatever I have tried, wireshark always complains about the .pem files, passwords, etc. I have tried this:
Wireshark -> Edit -> Preferences -> Protocols -> TLS -> RSA keys list [Edit...] -> ip any, port 0, protocol data, key file ca.pem, password <nothing>,
No, you want to load the server cert, and the servers private key. The CA cert isn't helpful here.
but wireshark pops up an error dialog stating "Can't load private key from ca.pem: can't import pem data: The requested data were not available". I don't think I can use the (Pre)-Master-Secret log filename (setting the "SSLKEYLOGFILE" environment variable) because that requires a webbrowser like Chrome. Anyway, any pointers on how to capture the right stuff and decode using the certs from Freeradius would be appreciated.
I'll take a look. But you should be able to just put the server cert && private key into a file, load that, and enter the password. It should then decrypt everything fine. Alan DeKok.