If your network is live, ensure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration. The information in this document was created from the devices in a specific lab environment. The information in this document is based on these software and hardware versions: Ability to perform Over-the-Air (OTA) capture containing four-way EAPoL handshakes.Ability to capture radius packet capture between NAS and authenticator from the first access-request (from NAS to Authenticator) to the last access-accept (from Authenticator to NAS) throughout the EAP session.Privilege to obtain the shared secret between network access server (NAS ) and Authenticator.
Wireshark/Omnipeek or any software that is capable of decrypting 802.11 wireless traffic.Prerequisites RequirementsĬisco recommends that you have knowledge of these topics: Hence, many enterprises choose dot1x with Remote Authentication Dial-In User Service (RADIUS ) as a better security solution for their wireless network. Cracking a hard-coded password is just a matter of time. However, Pre-shared Key (PSK) is not always recommended from a security perspective. It is relatively easy to decrypt PSK based/WPA2-personal 802.11 OTA capture as long as the full four-way EAP over LAN (EAPoL) handshakes are captured. This document describes a how-to of decrypting Wi-Fi Protected Access 2 - Enterprise (WPA2-Enterprise) or 802.1x (dot1x) encrypted wireless over-the-air (OTA) sniffer, with any Extensible Authentication Protocol (EAP) methods.
0 kommentar(er)
