opklucid.blogg.se - Wireshark capture filter ssid

– monitor session 1 destination interface g1/0/3 encapsulation replicate – monitor session 1 source interface g1/0/14, g1/0/28 Some switches will not distribute vlan-tags natively on SPAN-port so I had to configure it. I am using Cisco equipment so it´s possible to use SPAN-ports (port mirroring). To manage that we have to capture into the air and at SW1 port g1/0/14 and g1/0/28 – between the client and the router when the client are authenticated and crypto keys are generated (ordinary traffic) – between the AP and the controller (WLC) – between the wireless client (client) and the access point (AP), in the air

The client is now able to start the dhcp-process and all traffic flow in the flexconnect-vlan directly to the router (the green line)

Phase 3: The supplicant (client) is authenticated and crypto keys are generated.

When the last message (message 4 of 4) is acknowledged the virtual controlled port authenticator opens and traffic from the client will flow directly to the router in the flex-vlan

Part 2 is creation of crypto keys (4-way handshake).

It ends with an Access-Accept from the authentication server to the authenticator and EAP-Success from the authenticator to the supplicant

Part 1 is the authentication of the client.

An important part of this process is the traffic flow between the authenticator and authentication server (the blue line) The virtual uncontrolled port on the authenticator opens and allow EAP-traffic through (the red line).

Phase 2: Starts with the authenticator (WLC) sends request identity to the supplicant (client) and the supplicant respond.

Phase 1: Establish 802.11 data link: probe request/response, authentication and association between the client and the AP.

The traffic flow in this network is like this Mac-address on wifi-nic: 5c 51 81 22 4d a1 – WLC (authenticator): Wlan with wpa2-aes and 802.1X, access point in flexconnect with native vlan to 1716 and the flex WLAN mapped to vlan 2000

Free Radius server, configured for EAP-PEAP and EAP-MSCHAPv2 – Router, two LAN-subinterfaces and internal dhcp-server for both subinterfaces, nat against internet – SW2, all vlans enabled on all trunkports – SW2 with AP, trunk against AP with vlan 1716 (ap management) and vlan 2000 (flex WLAN), 1716 as native vlan How to capture frames in Wireshark on a network with WPA2 Enterprise and AP in FlexConnect using MacBook