This article explains how to capture and decrypt RADIUS traffic using Wireshark. Steps in this article explain how to decrypt the traffic to be able to see the username and passcode in plain text.
Capture RADIUS packets
- Launch the Wireshark app
- Select "Capture | Options"
- Enter "udp" in the Capture filter to capture UDP packet only
- Click the "Start" button to start capture
- Click "Capture | Stop" to end capture
Decrypt RADIUS packets
- Go to Edit > Preferences
- Click to expand the Protocols tree
- Scroll down and select RADIUS
- Enter the RADIUS shared secret and click OK to save
- Enter "radius" in the display filter to display RADIUS traffic only
- Select the "Access-Request" packet to examine, and check the Attribute Value Pairs to find the decrypted username and password