How to decrypt RADIUS traffic using Wireshark with RSA Authentication Manager

4 years ago

Originally Published: 2017-05-19

Article Number

000067693

Applies To

RSA Product Set: SecurID
RSA Product/ Service Type: Authentication Manager
RSA Version/Condition: 7.x, 8.1, 8.0, 8.1

Issue

This article explains how to decrypt RADIUS traffic captured by Wireshark when having authentication issues. Steps in this article explain how to decrypt the traffic to be able to see the username and passcode in plain text.

Resolution

You must know the RADIUS shared secret used in order to decrypt the packets.

You can follow the below steps to be able to decrypt the Radius Packets:

Capture RADIUS authentication traffic. See 000016395 - TCPDump for the Authentication Manager Appliance 8.x for more information.
Launch the Wireshark app.
Open the capture of of the RADIUS traffic, typically in .pcap format.
Go to Edit > Preferences.
Click the + next to Protocols to expand the tree.
Scroll down and select RADIUS.
Key in the RADIUS shared secret and click Apply.
The passcode in clear text.

The packet capture before entering the RADIUS shared secret:

The packet capture after entering the RADIUS shared secret:

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles