On 13 January 2018 at 01:55, Victor Sudakov <v...@mpeks.tomsk.su> wrote: > > > Are there any network experts willing to look at the dump of RADIUS > traffic at http://noc.sibptus.ru/~sudakov/radius.pcap ?
>From wireshark: PEAP / EAP-MD5-CHALLENGE Extensible Authentication Protocol Code: Request (1) Id: 2 Length: 6 Type: Protected EAP (EAP-PEAP) (25) EAP-TLS Flags: 0x20 Frame 2: 122 bytes on wire (976 bits), 122 bytes captured (976 bits) Ethernet II, Src: D-LinkIn_33:c9:7c (c4:12:f5:33:c9:7c), Dst: Tp-LinkT_80:65:0d (98:de:d0:80:65:0d) Internet Protocol Version 4, Src: 192.168.4.1, Dst: 192.168.4.15 User Datagram Protocol, Src Port: 1812, Dst Port: 49565 RADIUS Protocol Code: Access-Challenge (11) Packet identifier: 0x1f (31) Length: 80 Authenticator: 3ee26ab2364064973ef2ce988915ca8b [This is a response to a request in frame 1] [Time from request: 0.000410000 seconds] Attribute Value Pairs AVP: l=24 t=EAP-Message(79) Last Segment[1] Type: 79 Length: 24 EAP fragment: 0101001604106e9f4093168606ff0e9d7d965c20a895 Extensible Authentication Protocol Code: Request (1) Id: 1 Length: 22 Type: MD5-Challenge EAP (EAP-MD5-CHALLENGE) (4) [Expert Info (Warning/Security): Vulnerable to MITM attacks. If possible, change EAP type.] [Vulnerable to MITM attacks. If possible, change EAP type.] [Severity level: Warning] [Group: Security] EAP-MD5 Value-Size: 16 EAP-MD5 Value: 6e9f4093168606ff0e9d7d965c20a895 AVP: l=18 t=Message-Authenticator(80): dff9594bbb81d39e12716aae961454e0 Type: 80 Length: 18 Message-Authenticator: dff9594bbb81d39e12716aae961454e0 AVP: l=18 t=State(24): 6bf59ce96bf4982c16a18f64a0068706 Type: 24 Length: 18 State: 6bf59ce96bf4982c16a18f64a0068706 > I'd like to > understand which EAP flavour out of many (PEAP, EAP-TLS, EAP-TTLS etc) > is actually being used (and why the Android devices are readily > trusting FreeRADIUS's test server certificate, I'm a bit uneasy about > it). > > -- > Victor Sudakov, VAS4-RIPE, VAS47-RIPN > AS43859 > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" > -- Eitan Adler _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"