leadsjae.blogg.se - Tcpdump wireshark setup

If your network is live, ensure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration. The information in this document was created from the devices in a specific lab environment. The information in this document is based on these software and hardware versions:

Ability to perform Over-the-Air (OTA) capture containing four-way EAPoL handshakes.

Ability to capture radius packet capture between NAS and authenticator from the first access-request (from NAS to Authenticator) to the last access-accept (from Authenticator to NAS) throughout the EAP session.

Privilege to obtain the shared secret between network access server (NAS ) and Authenticator.

Wireshark/Omnipeek or any software that is capable of decrypting 802.11 wireless traffic.

Prerequisites RequirementsĬisco recommends that you have knowledge of these topics: Hence, many enterprises choose dot1x with Remote Authentication Dial-In User Service (RADIUS ) as a better security solution for their wireless network.

Cracking a hard-coded password is just a matter of time. However, Pre-shared Key (PSK) is not always recommended from a security perspective. It is relatively easy to decrypt PSK based/WPA2-personal 802.11 OTA capture as long as the full four-way EAP over LAN (EAPoL) handshakes are captured.

This document describes a how-to of decrypting Wi-Fi Protected Access 2 - Enterprise (WPA2-Enterprise) or 802.1x (dot1x) encrypted wireless over-the-air (OTA) sniffer, with any Extensible Authentication Protocol (EAP) methods.