If the protected authentication method is PAP or CHAP (supported only by TTLS), the User-Name and other authentication attributes recovered from the TLS payload are placed in the outgoing RADIUS message in place of the anonymous User-Name and TTLS EAP-Message attributes included in the incoming RADIUS request. The User-Name attribute of the outgoing RADIUS message contains the user’s true identity – not the anonymous identity from the User-Name attribute of the incoming RADIUS request. If the protected authentication method is EAP, the inner EAP messages are transmitted to the home RADIUS server without the EAP-PEAP or EAP-TTLS wrapper. This new RADIUS request has the PEAP or TTLS protocol stripped out. Alternatively, the PEAP/TTLS server may forward a new RADIUS request to the user’s home RADIUS server. Change the above mac address to the one you want to filter by. If the PEAP/TTLS server is also authenticating the user, it now knows the user’s identity and proceeds with the authentication method being protected by the TLS tunnel. The true identity may be either in the form or simply user. Therefore it is not possible to use a capture. My take is that Wireshark capture filters use the Berkeley Packet Filter syntax, which does not have any functions for filtering by BLE hardware addresses. I have come to the, perhaps incorrect, conclusion that it is not possible. With either protocol, the PEAP/TTLS server learns the user’s true identity once the TLS tunnel has been established. I have been crazy trying to use a capture filter on BLE traffic.
0 kommentar(er)
