Thursday, November 19, 2015

Wireshake WPA2-PSK decryption is not working

I have tried many times to decrypt wifi pkt captures using Wireshark without success. I googled extensively but didn't find why the decryption is not working. Finally I think I found how to decrypt wifi captures. The secret is in Edit --> Preferences --> Protocols --> IEEE 802.11

Ignore the protection bit is set to "no" by default. Set that to "Yes - with IV".  As soon as I set this I could see the data pkts.

Also make sure that the pkt capture contains a 4-way handshake.

Saturday, November 7, 2015

Cisco controller Layer 3 authentication(CWP) with Windows 2008 NPS

If you want use captive web portal authentication for wireless users using Cisco wireless lan controller (WLC) and Windows NPS as the RADIUS server you need to tick few boxes that are not ticked by default. In simple term you need to enable PAP in the NPS network policy.

WLC configuration,

Create a SSID

Select no Layer 2 security 

Select "Web policy" as layer 3 security 

Windows NPS configuration 

Select NPS and click on configure 802.1x

Finally the pkt capture at the RADIUS server looks like this. The service type is "login", instead of "Framed".