This article explains how to capture RADIUS traffic using Wireshark.

If using PAP authentication protocol, then this article will explain how to decrypt the traffic to be able to see the username and passcode in plain text.

Start by installing Wireshark on the same server as DualShield.

Capture RADIUS packets

  1. Launch the Wireshark app
  2. Select "Capture | Options"
  3. Enter "udp port 1812" in the Capture filter to capture UDP packet only
  4. Click the "Start" button to start capture
  5. Click "Capture | Stop" to end capture
  6. Enter "udp.port == 1812" in the display filter to display RADIUS traffic only
  7. You will now be able to view the Access-Request and Challenge packets

Decrypt RADIUS packets (PAP authentication only)

  1. Go to Edit > Preferences
  2. Click to expand the Protocols tree
  3. Scroll down and select RADIUS

  4. Enter the RADIUS shared secret and click OK to save

  • No labels