Wireless sniffer that can decode WPA2 Enterprise

// Expert user has replied.
C Charles Zabroski 3 years 6 months ago
3 6 0

Can anyone recommend a Wireless sniffer that can decode WPA2 Enterprise?

Please Register or Login to post a reply

6 Replies

G Gerald Fehringer

Sorry, did overlook the word 'Enterprise' ! Well, the only chance to decode 802.1x is on the RADIUS side and I'm not aware of any standard product not even freeradius, which will show you on the highest debug level the dynamic changed 802.1x PMK in clear text. With wireshark you can decrypt WPA/WPA2 & WEP Pre-Shared key if you provide the correct keys per SSID in the global options. 802.1x you can only see the handshakes, like with display filter: eapol Rgds, Gerald

R Raymond Lim

You could use omnipeek 5.1 and above.

F Frank Barta

I am curious if those who are linking tools here have actually used them for this purpose. the original posting had asked about wpa enterprise. wireshark flat out states on the page listed above that it doesnt support this. from what ive reviewed of omnipeeks latest offerings,  they appear to have the same functionality as wireshark. unless the tool is going to decrpt the radius authentication to extract the msk/pmk it will not intelligently decrypt wpa enterprise. ive not tried this,  but what you can attempt would be to extract the pmk via other methods, and try entering that as a hex preshared key.

F Frank Barta

I'm not aware of any.

V Virgil Evans

I believe Omnipeek will allow this. However you must catch the 4-way EAPOL handshake, so start capture prior to a client association.

G Gerald Fehringer
CONTACT
Can’t find what you’re looking for?