Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000035182 - How to decrypt RADIUS traffic using Wireshark with RSA Authentication Manager

Document created by RSA Customer Support

on Jun 6, 2017•Last modified by RSA Customer Support

on Jun 6, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000035182
Applies To	RSA Product Set: SecurID RSA Product/ Service Type: Authentication Manager RSA Version/Condition: 7.x, 8.1, 8.0, 8.1
Issue	This article explains how to decrypt RADIUS traffic captured by Wireshark when having authentication issues. Steps in this article explain how to decrypt the traffic to be able to see the username and passcode in plain text.
Resolution	You must know the RADIUS shared secret used in order to decrypt the packets. You can follow the below steps to be able to decrypt the Radius Packets: Capture RADIUS authentication traffic. See 000016395 - TCPDump for the Authentication Manager Appliance 8.x for more information. Launch the Wireshark app. Open the capture of of the RADIUS traffic, typically in .pcap format. Go to Edit > Preferences. Click the + next to Protocols to expand the tree. Scroll down and select RADIUS. Key in the RADIUS shared secret and click Apply. The passcode in clear text. The packet capture before entering the RADIUS shared secret: The packet capture after entering the RADIUS shared secret:

Attachments

Outcomes

0 Comments

Recommended Content