Wireshark · Wireshark-users: [Wireshark-users] EAP-PEAP

Wireshark-users: [Wireshark-users] EAP-PEAP - Decryption of SSL traffic

From: teknet9 <teknet9@xxxxx>

Date: Fri, 11 Jan 2013 07:20:46 +0100

Hello Team, Everybody,

I want to decrypt SSL traffic inside 802.1x/EAP-PEAP packets.
I can see that SSL decryption works fine, but only when it's encapsulated into TCP.

Are there any plans to add/fix that plugin so it could decrypt SSL inside EAP-PEAP ?
I was wondering to write something for my own, but do not want to reinvent wheel.
Question1: Do you know any solution for that ?

I have already written perl scritps which extract that SSL traffic from EAP frames, now i just need to decode it
(using server private key, most EAP-PEAP servers still uses RSA ciphersuits instead of DH - so it's easy).

Now i am wondering if to put that SSL data back into some TCP session (i would have to contruct packet by packet to make sure TCP seq/ack is fine) and then use wireshark to decrypt that SSL.

Question2: Let's assume that i will put that SSL into TCP session and wireshark will decrypt it. Will wireshark decode decrypted content ? (MSCHAPv2 session) ?

Best Regards,
Michal Garcarz

Follow-Ups:
- Re: [Wireshark-users] EAP-PEAP - Decryption of SSL traffic
  - From: Jaap Keuter

Prev by Date: [Wireshark-users] getting the stats through -z io, stat for extended time
Next by Date: Re: [Wireshark-users] EAP-PEAP - Decryption of SSL traffic
Previous by thread: [Wireshark-users] getting the stats through -z io, stat for extended time
Next by thread: Re: [Wireshark-users] EAP-PEAP - Decryption of SSL traffic
Index(es):
- Date
- Thread