Hi Here,
Could someone tell me how to Decode Radius MS-MPPE-Recv-Key in Access-Accept?
The Secret is cisco123.
The MS-MPPE-Recv-Key is as below:
93:aa:87:b2:ea:86:d4:15:3e:fe:f4:7e:0d:ec:fb:f5:8a:1a:20:d2:2b:38:b5:10:03:19:72:81:b1:17:80:0c:10:37:01:d0:17:92:e1:a4:12:4f:5b:9d:3a:ac:4b:87:ec:ce
I want to decode 802.11 for WPA2 follow the link below:
An alternative tool:
radsniff –x -I <pcap> -s <radius secret>
This comes with my freeradius package on a Linux host. It also assumes you have the packet capture. I have not seen other radius servers make the keys available via debug so a packet capture is a general solution. I also had to remove vlan tags from the frames for radsniff to work.
Thanks for your reply. The MS-MPPE-Recv-Key was from the capture which captured from the Radius Server Cisco ISE.
It required 60 Points to upload the capture, so I couldn't upload it.
If you need anything, just let me know
I can run your capture through this tool if you want, but you need to put it in a freely-available location so I can access it. Google Drive, or some other sharing tool? You can also try cloudshark.
thanks, May I know if there is software which could install on the Win 10? Or I can setup a freeradius on my linux server, may I know if the version and the name of your freeradius package?
I don't know any software to do this type of decryption on Windows platforms directly. However, Linux VMs are cheap and easy.
The package I use for this radsniff tool is freeradius-utils on either Debian or RH based distros. The main package is freeradius.
Thanks, but I think changing the radius server is not a good way to solve my issue. I need to decode traffic for one of my co-worker, but I can't change our Radius server to Linux.
Comments