Ask Your Question
0

How to Decode Radius MS-MPPE-Recv-Key

asked 2018-07-13 08:50:57 +0000

xiaohaozi0 gravatar image

updated 2018-07-16 07:29:14 +0000

Hi Here,

Could someone tell me how to Decode Radius MS-MPPE-Recv-Key in Access-Accept?

The Secret is cisco123.

The MS-MPPE-Recv-Key is as below:

93:aa:87:b2:ea:86:d4:15:3e:fe:f4:7e:0d:ec:fb:f5:8a:1a:20:d2:2b:38:b5:10:03:19:72:81:b1:17:80:0c:10:37:01:d0:17:92:e1:a4:12:4f:5b:9d:3a:ac:4b:87:ec:ce

I want to decode 802.11 for WPA2 follow the link below:

https://wirewatcher.wordpress.com/201...

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by » oldest newest most voted
0

answered 2018-07-13 09:38:32 +0000

Bob Jones gravatar image

An alternative tool:

radsniff –x -I <pcap> -s <radius secret>

This comes with my freeradius package on a Linux host. It also assumes you have the packet capture. I have not seen other radius servers make the keys available via debug so a packet capture is a general solution. I also had to remove vlan tags from the frames for radsniff to work.

edit flag offensive delete link more

Comments

Thanks for your reply. The MS-MPPE-Recv-Key was from the capture which captured from the Radius Server Cisco ISE.

It required 60 Points to upload the capture, so I couldn't upload it.

If you need anything, just let me know

xiaohaozi0 gravatar imagexiaohaozi0 ( 2018-07-16 07:28:38 +0000 )edit

I can run your capture through this tool if you want, but you need to put it in a freely-available location so I can access it. Google Drive, or some other sharing tool? You can also try cloudshark.

Bob Jones gravatar imageBob Jones ( 2018-07-16 09:23:13 +0000 )edit

thanks, May I know if there is software which could install on the Win 10? Or I can setup a freeradius on my linux server, may I know if the version and the name of your freeradius package?

xiaohaozi0 gravatar imagexiaohaozi0 ( 2018-07-24 05:37:21 +0000 )edit

I don't know any software to do this type of decryption on Windows platforms directly. However, Linux VMs are cheap and easy.

The package I use for this radsniff tool is freeradius-utils on either Debian or RH based distros. The main package is freeradius.

Bob Jones gravatar imageBob Jones ( 2018-07-24 12:27:58 +0000 )edit

Thanks, but I think changing the radius server is not a good way to solve my issue. I need to decode traffic for one of my co-worker, but I can't change our Radius server to Linux.

xiaohaozi0 gravatar imagexiaohaozi0 ( 2018-07-25 01:26:43 +0000 )edit
see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-07-13 08:50:57 +0000

Seen: 1,676 times

Last updated: Jul 16 '18

Related questions

In a WiFi capture log, why the 11ac “beamformed” bit is shown as both “true” and “false” in wireshark version 2.4.2 (v2.4.2-0-gb6c63ae086)?

No HTTP protocols in scan results

Tshark conversation view output modification

only seeing acks with tshark

Can't decrypt WPA-PSK (WPA/WPA2) even with passphrase and EAPOL Handshake

Forcing Mac OS X to reconnect in monitor mode

ios 11 802.11 frames

Disable protocol and decoded by my lua script

eapol malformed packets

Missing frames in Block Ack packet in wireless monitor-mode capture...

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2