This article explains how to capture and decrypt RADIUS traffic using Wireshark. Steps in this article explain how to decrypt the traffic to be able to see the username and passcode in plain text.

Start by installing Wireshark on the same server as DualShield.

Capture RADIUS packets

  1. Launch the Wireshark app
  2. Select "Capture | Options"
  3. Enter "udp port 1812" in the Capture filter to capture UDP packet only
  4. Click the "Start" button to start capture
  5. Click "Capture | Stop" to end capture

Decrypt RADIUS packets

  1. Go to Edit > Preferences
  2. Click to expand the Protocols tree
  3. Scroll down and select RADIUS

  4. Enter the RADIUS shared secret and click OK to save
  5. Enter "udp.port == 1812" in the display filter to display RADIUS traffic only
  6. You will now be able to view the Access-Request and Challenge packets

  • No labels