Linux - Wireless Networking This forum is for the discussion of wireless networking in Linux.
Notices
Welcome to
LinuxQuestions.org , a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free.
Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please
contact us . If you need to reset your password,
click here .
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a
virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month.
Click here for more info.
01-15-2007, 01:11 AM
#1
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Rep:
FreeRADIUS,PEAP and SSL
I have been trying to figure out why I cannot connect to my network via RADIUS and PEAP. I am using the NETGEAR WG511T B/G and am using the madwifi driver.I can connect using fine using several W2K clients but when I attempt to connect a linux client I cannot. I logged the errors and have noticed that there is an issue with SSL and my client server handshake:
PHP Code:
EAP - PEAP : Phase2 EAP types - hexdump ( len = 8 ): 00 00 00 00 1a 00 00 00 TLS : Trusted root certificate ( s ) loaded OpenSSL : tls_connection_client_cert - SSL_use_certificate_file ( DER ) failed error : 0D0680A8 : asn1 encoding routines : ASN1_CHECK_TLEN : wrong tag OpenSSL : pending error : error : 0D07803A : asn1 encoding routines : ASN1_ITEM_EX_D2I : nested asn1 error OpenSSL : pending error : error : 140C800D : SSL routines : SSL_use_certificate_file : ASN1 lib OpenSSL : SSL_use_certificate_file ( PEM ) --> OK CTRL - EVENT - EAP - METHOD EAP vendor 0 method 25 ( PEAP ) selected EAP : EAP entering state METHOD SSL : Received packet ( len = 6 ) - Flags 0x20 EAP - PEAP : Start ( server ver = 0 , own ver = 1 ) EAP - PEAP : Using PEAP version 0 SSL : ( where = 0x10 ret = 0x1 ) SSL : ( where = 0x1001 ret = 0x1 ) SSL : SSL_connect : before / connect initialization SSL : ( where = 0x1001 ret = 0x1 ) SSL : SSL_connect : SSLv3 write client hello A SSL : ( where = 0x1002 ret = 0xffffffff ) SSL : SSL_connect : error in SSLv3 read server hello A SSL : SSL_connect - want more data SSL : 100 bytes pending from ssl_out SSL : 100 bytes left to be sent out ( of total 100 bytes ) EAP : method process -> ignore = FALSE methodState = MAY_CONT decision = FAIL EAP : EAP entering state SEND_RESPONSE EAP : EAP entering state IDLE EAPOL : SUPP_BE entering state RESPONSE EAPOL : txSuppRsp TX EAPOL - hexdump ( len = 110 ): 01 00 00 6a 02 02 00 6a 19 00 16 03 01 00 5f 01 00 00 5b 03 01 45 ab 23 a2 65 d3 50 a2 6e 07 5c 1f 11 5c 06 04 b3 4c b9 82 18 8e 26 7e 28 5c 26 30 98 26 cf 9e 00 00 34 00 39 00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 00 66 00 05 00 04 00 63 00 62 00 61 00 15 00 12 00 09 00 65 00 64 00 60 00 14 00 11 00 08 00 06 00 03 01 00 EAPOL : SUPP_BE entering state RECEIVE RX EAPOL from 00 : 07 : 50 : d5 : ac : 3c RX EAPOL - hexdump ( len = 1038 ): 01 00 04 0a 01 03 04 0a 19 c0 00 00 06 40 16 03 01 00 4a 02 00 00 46 03 01 45 ab 27 39 c0 d0 8e 8f a6 c9 63 8c 46 91 b3 e6 29 72 d0 02 6f 02 86 58 85 08 42 4e c6 db a3 9e 20 a0 3e 70 26 b9 01 a8 c5 ad 25 09 fd 60 26 91 b2 91 71 54 0e 7b 35 a7 35 be c6 9c fe 79 10 69 e6 00 39 00 16 03 01 04 d1 0b 00 04 cd 00 04 ca 00 02 3d 30 82 02 39 30 82 01 a2 a0 03 02 01 02 02 01 07 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 49 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 11 30 0f 06 03 55 04 08 13 08 4d 61 72 79 6c 61 6e 64 31 11 30 0f 06 03 55 04 0a 13 08 43 61 6c 65 78 69 63 61 31 14 30 12 06 03 55 04 03 13 0b 31 39 32 2e 31 36 38 2e 34 2e 35 30 1e 17 0d 30 36 31 31 33 30 32 33 35 38 34 31 5a 17 0d 31 36 31 31 32 37 32 33 35 38 34 31 5a 30 63 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 11 30 0f 06 03 55 04 08 13 08 4d 61 72 79 6c 61 6e 64 31 12 30 10 06 03 55 04 07 13 09 46 72 65 64 65 72 69 63 6b 31 11 30 0f 06 03 55 04 0a 13 08 43 61 6c 65 78 69 63 61 31 1a 30 18 06 03 55 04 03 13 11 5a 65 6f 73 2e 43 61 6c 65 78 69 63 61 2e 63 6f 6d 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 95 d0 7c 79 43 0b 38 c6 8e 03 cf e6 33 5c 53 aa 23 38 51 29 b2 56 54 de 57 06 86 1f 00 fb 60 ad b6 a5 e7 25 19 cd bd a7 ec 23 21 72 6d 2d 35 09 d3 4f d4 b0 cb 87 1d 71 34 90 4a 79 33 25 fb b3 17 4f 99 9f 44 ee 51 cd 05 f6 93 ce 3b 6b 80 ff 1d 37 9b c6 d6 57 cc 05 ae b7 cf 3b 2e 20 1c e7 ef 59 6f 06 83 f1 0c 16 5e 7a 21 06 fc 66 ae 34 67 fb 5c e0 89 68 74 7f b7 4e 54 f9 7b b8 19 5b 02 03 01 00 01 a3 17 30 15 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 3d e2 37 48 78 79 c2 66 b4 c7 88 f1 5f 8a aa 36 e8 36 0b e2 23 a1 1d 34 f9 98 86 e4 e3 dc c8 2c cd a6 26 6f 98 7b 00 3e d0 dd 99 d6 1f 6e 45 08 88 b4 3c 10 ac 5d 29 fa 94 3f 13 fc 46 4d 32 56 07 9c 63 91 cc 0f 37 c9 7e 9d 6a a3 4a 19 df c9 44 51 0e fb 90 fc 04 df 31 3c 61 55 02 75 4a fc d1 c2 56 d3 a5 b9 19 a3 31 bc 4e 7c 17 71 c4 02 e7 42 27 e3 15 91 27 a7 d7 ad 1b 12 53 90 9e c3 00 02 87 30 82 02 83 30 82 01 ec a0 03 02 01 02 02 01 06 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 49 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 11 30 0f 06 03 55 04 08 13 08 4d 61 72 79 6c 61 6e 64 31 11 30 0f 06 03 55 04 0a 13 08 43 61 6c 65 78 69 63 61 31 14 30 12 06 03 55 04 03 13 0b 31 39 32 2e 31 36 38 2e 34 2e 35 30 1e 17 0d 30 36 31 31 33 30 32 33 34 36 34 38 5a 17 0d 30 39 31 31 32 39 32 33 34 36 34 38 5a 30 49 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 11 30 0f 06 03 55 04 08 13 08 4d 61 72 79 6c 61 6e 64 31 11 30 0f 06 03 55 04 0a 13 08 43 61 6c 65 78 69 63 61 31 14 30 12 06 03 55 04 03 13 0b 31 39 32 2e 31 36 38 2e 34 2e 35 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 c7 84 aa 49 85 ea fe 01 c5 df a0 fe 77 26 1a 3a cd 8e fe ed 29 a6 d9 4c 4a fd b1 4e 36 23 ea 9b 4e 25 4f 63 c0 d8 c8 bb b6 8a 0a 46 f4 9c 12 7c 6f 94 56 85 f5 cb aa 9c ab 89 e0 78 92 5c f8 ec 11 75 bf 2b 7a 2b c1 4a d3 a3 d6 06 33 2e 86 ab 1a 79 56 29 4d b9 39 8f 24 c7 8a 0f 80 24 c3 70 b3 d4 f0 f9 cc 76 5f 9c 28 43 25 b6 f4 2b 02 66 EAPOL : Received EAP - Packet frame EAPOL : SUPP_BE entering state REQUEST EAPOL : getSuppRsp EAP : EAP entering state RECEIVED EAP : Received EAP - Request id = 3 method = 25 vendor = 0 vendorMethod = 0 EAP : EAP entering state METHOD SSL : Received packet ( len = 1034 ) - Flags 0xc0 SSL : TLS Message Length : 1600 SSL : Need 576 bytes more input data SSL : Building ACK EAP : method process -> ignore = FALSE methodState = MAY_CONT decision = FAIL EAP : EAP entering state SEND_RESPONSE EAP : EAP entering state IDLE
Here is my wpa_supplicant.conf
PHP Code:
network ={ ssid = "my ssid" key_mgmt = IEEE8021x eap = PEAP auth_alg = OPEN identity = "OPENRADIUS ID" password = "PASSWORD" ca_cert = "/path/to/cert/cacert.pem client_cert=" / path / to / cert / client_cert . pem phase1 = "peaplabel=1" phase2 = "auth=MSCHAPV2" priority = 10 }
So it is that my keys are not setup correctly? Can someone help a man that is down on his luck?Anyone?
Last edited by metallica1973; 01-23-2007 at 10:02 PM .
01-15-2007, 01:59 AM
#2
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
ok, well i'm not experienced specifically in this, but i've noticed your explorations into this area aren't getting a huge amount of replies....
Looking at what's beign asked for, i'd guess that it wants a longer ssl certificate than the one being provided. looks like it would quite like a cert over 1600 bytes, but yours is only 1024 bytes.
i would firstly look to capture certificate exchange traffic and comapre a windows client to a linux client, checking length of packets via wireshark. and also look to see if what it suggest firstly true, and the cert is too short, and then if the cert can be changed or a restriction relaxed. maybe windows is padding the packet size with garbage or nulls?
01-15-2007, 09:40 AM
#3
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
Acid_kewpie,
I justed wanted to say thanks for all of your replies. You have been so helpful to me in the past. This has been eating at me for so many months and I refuse to let it beat me. I tried to compare or look at the certificate that my W2K box has but cannot locate it. How would I go about doing what you suggest?
01-15-2007, 09:55 AM
#4
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
well my answer to almost anything that goes near a network is tcpdump. you can capture the certificate as it crosses the wire, and using wireshark, you'll get a huge amount of detail about the certs each time. scares me sometimes just how much wireshark can decode...
01-15-2007, 10:09 AM
#5
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
Is there a win32 version of tcpdump and wireshark?
01-15-2007, 01:44 PM
#6
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
with all due respect, have you looked?
01-15-2007, 05:39 PM
#7
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
excellent point. I am being lazy. I am just so frustrated with linux and WPA.
01-15-2007, 06:53 PM
#8
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
ok, I ran wireshark and I captured this tcpdump. This is the successful authentication from a working W2K machine :
PHP Code:
No . Time Source Destination Protocol Info 1 0.000000 Cisco_d5 : ac : 3c D - Link_8f : 4c : aa EAP Request , Identity [ RFC3748 ] Frame 1 ( 66 bytes on wire , 66 bytes captured ) Ethernet II , Src : Cisco_d5 : ac : 3c ( 00 : 07 : 50 : d5 : ac : 3c ), Dst : D - Link_8f : 4c : aa ( 00 : 11 : 95 : 8f : 4c : aa ) 802.1X Authentication No . Time Source Destination Protocol Info 2 1.729389 0.0.0.0 255.255.255.255 DHCP DHCP Request - Transaction ID 0xa23509d Frame 2 ( 359 bytes on wire , 359 bytes captured ) Ethernet II , Src : D - Link_8f : 4c : aa ( 00 : 11 : 95 : 8f : 4c : aa ), Dst : Broadcast ( ff : ff : ff : ff : ff : ff ) Internet Protocol , Src : 0.0.0.0 ( 0.0.0.0 ), Dst : 255.255.255.255 ( 255.255.255.255 ) User Datagram Protocol , Src Port : bootpc ( 68 ), Dst Port : bootps ( 67 ) Bootstrap Protocol No . Time Source Destination Protocol Info 3 3.030376 DellComp_42 : 4d : d2 Broadcast ARP Who has 192.168.3.27 ? Tell 192.168.3.5 Frame 3 ( 60 bytes on wire , 60 bytes captured ) Ethernet II , Src : DellComp_42 : 4d : d2 ( 00 : b0 : d0 : 42 : 4d : d2 ), Dst : Broadcast ( ff : ff : ff : ff : ff : ff ) Address Resolution Protocol ( request ) No . Time Source Destination Protocol Info 4 3.173446 D - Link_8f : 4c : aa Cisco_d5 : ac : 3c EAPOL Start Frame 4 ( 19 bytes on wire , 19 bytes captured ) Ethernet II , Src : D - Link_8f : 4c : aa ( 00 : 11 : 95 : 8f : 4c : aa ), Dst : Cisco_d5 : ac : 3c ( 00 : 07 : 50 : d5 : ac : 3c ) 802.1X Authentication No . Time Source Destination Protocol Info 5 3.174625 Cisco_d5 : ac : 3c D - Link_8f : 4c : aa EAP Request , Identity [ RFC3748 ] Frame 5 ( 66 bytes on wire , 66 bytes captured ) Ethernet II , Src : Cisco_d5 : ac : 3c ( 00 : 07 : 50 : d5 : ac : 3c ), Dst : D - Link_8f : 4c : aa ( 00 : 11 : 95 : 8f : 4c : aa ) 802.1X Authentication No . Time Source Destination Protocol Info 6 3.239475 D - Link_8f : 4c : aa Cisco_d5 : ac : 3c EAP Response , Identity [ RFC3748 ] Frame 6 ( 30 bytes on wire , 30 bytes captured ) Ethernet II , Src : D - Link_8f : 4c : aa ( 00 : 11 : 95 : 8f : 4c : aa ), Dst : Cisco_d5 : ac : 3c ( 00 : 07 : 50 : d5 : ac : 3c ) 802.1X Authentication No . Time Source Destination Protocol Info 7 3.246453 DellComp_42 : 4d : d2 Broadcast ARP 192.168.3.3 is at 00 : 07 : 50 : d5 : ac : 3c Frame 7 ( 60 bytes on wire , 60 bytes captured ) Ethernet II , Src : DellComp_42 : 4d : d2 ( 00 : b0 : d0 : 42 : 4d : d2 ), Dst : Broadcast ( ff : ff : ff : ff : ff : ff ) Address Resolution Protocol ( reply ) No . Time Source Destination Protocol Info 8 3.247176 Cisco_d5 : ac : 3c D - Link_8f : 4c : aa EAP Request , PEAP [ Palekar ] Frame 8 ( 24 bytes on wire , 24 bytes captured ) Ethernet II , Src : Cisco_d5 : ac : 3c ( 00 : 07 : 50 : d5 : ac : 3c ), Dst : D - Link_8f : 4c : aa ( 00 : 11 : 95 : 8f : 4c : aa ) 802.1X Authentication No . Time Source Destination Protocol Info 9 3.269133 D - Link_8f : 4c : aa Cisco_d5 : ac : 3c TLSv1 Client Hello Frame 9 ( 130 bytes on wire , 130 bytes captured ) Ethernet II , Src : D - Link_8f : 4c : aa ( 00 : 11 : 95 : 8f : 4c : aa ), Dst : Cisco_d5 : ac : 3c ( 00 : 07 : 50 : d5 : ac : 3c ) 802.1X Authentication No . Time Source Destination Protocol Info 10 3.277926 Cisco_d5 : ac : 3c D - Link_8f : 4c : aa TLSv1 Server Hello , Certificate , Server Hello Done Frame 10 ( 1052 bytes on wire , 1052 bytes captured ) Ethernet II , Src : Cisco_d5 : ac : 3c ( 00 : 07 : 50 : d5 : ac : 3c ), Dst : D - Link_8f : 4c : aa ( 00 : 11 : 95 : 8f : 4c : aa ) 802.1X Authentication No . Time Source Destination Protocol Info 11 3.298470 D - Link_8f : 4c : aa Cisco_d5 : ac : 3c EAP Response , PEAP [ Palekar ] Frame 11 ( 24 bytes on wire , 24 bytes captured ) Ethernet II , Src : D - Link_8f : 4c : aa ( 00 : 11 : 95 : 8f : 4c : aa ), Dst : Cisco_d5 : ac : 3c ( 00 : 07 : 50 : d5 : ac : 3c ) 802.1X Authentication No . Time Source Destination Protocol Info 12 3.303818 Cisco_d5 : ac : 3c D - Link_8f : 4c : aa TLSv1 Server Hello , Certificate , Server Hello Done Frame 12 ( 326 bytes on wire , 326 bytes captured ) Ethernet II , Src : Cisco_d5 : ac : 3c ( 00 : 07 : 50 : d5 : ac : 3c ), Dst : D - Link_8f : 4c : aa ( 00 : 11 : 95 : 8f : 4c : aa ) 802.1X Authentication No . Time Source Destination Protocol Info 13 3.331329 D - Link_8f : 4c : aa Cisco_d5 : ac : 3c TLSv1 Client Key Exchange , Change Cipher Spec , Encrypted Handshake Message Frame 13 ( 210 bytes on wire , 210 bytes captured ) Ethernet II , Src : D - Link_8f : 4c : aa ( 00 : 11 : 95 : 8f : 4c : aa ), Dst : Cisco_d5 : ac : 3c ( 00 : 07 : 50 : d5 : ac : 3c ) 802.1X Authentication No . Time Source Destination Protocol Info 14 3.350963 Cisco_d5 : ac : 3c D - Link_8f : 4c : aa TLSv1 Change Cipher Spec , Encrypted Handshake Message Frame 14 ( 67 bytes on wire , 67 bytes captured ) Ethernet II , Src : Cisco_d5 : ac : 3c ( 00 : 07 : 50 : d5 : ac : 3c ), Dst : D - Link_8f : 4c : aa ( 00 : 11 : 95 : 8f : 4c : aa ) 802.1X Authentication No . Time Source Destination Protocol Info 15 3.361992 D - Link_8f : 4c : aa Cisco_d5 : ac : 3c EAP Response , PEAP [ Palekar ] Frame 15 ( 24 bytes on wire , 24 bytes captured ) Ethernet II , Src : D - Link_8f : 4c : aa ( 00 : 11 : 95 : 8f : 4c : aa ), Dst : Cisco_d5 : ac : 3c ( 00 : 07 : 50 : d5 : ac : 3c ) 802.1X Authentication No . Time Source Destination Protocol Info 16 3.366401 Cisco_d5 : ac : 3c D - Link_8f : 4c : aa TLSv1 Application Data Frame 16 ( 50 bytes on wire , 50 bytes captured ) Ethernet II , Src : Cisco_d5 : ac : 3c ( 00 : 07 : 50 : d5 : ac : 3c ), Dst : D - Link_8f : 4c : aa ( 00 : 11 : 95 : 8f : 4c : aa ) 802.1X Authentication No . Time Source Destination Protocol Info 17 3.392542 D - Link_8f : 4c : aa Cisco_d5 : ac : 3c TLSv1 Application Data Frame 17 ( 53 bytes on wire , 53 bytes captured ) Ethernet II , Src : D - Link_8f : 4c : aa ( 00 : 11 : 95 : 8f : 4c : aa ), Dst : Cisco_d5 : ac : 3c ( 00 : 07 : 50 : d5 : ac : 3c ) 802.1X Authentication No . Time Source Destination Protocol Info 18 3.397426 Cisco_d5 : ac : 3c D - Link_8f : 4c : aa TLSv1 Application Data Frame 18 ( 74 bytes on wire , 74 bytes captured ) Ethernet II , Src : Cisco_d5 : ac : 3c ( 00 : 07 : 50 : d5 : ac : 3c ), Dst : D - Link_8f : 4c : aa ( 00 : 11 : 95 : 8f : 4c : aa ) 802.1X Authentication No . Time Source Destination Protocol Info 19 3.429073 D - Link_8f : 4c : aa Cisco_d5 : ac : 3c TLSv1 Application Data Frame 19 ( 107 bytes on wire , 107 bytes captured ) Ethernet II , Src : D - Link_8f : 4c : aa ( 00 : 11 : 95 : 8f : 4c : aa ), Dst : Cisco_d5 : ac : 3c ( 00 : 07 : 50 : d5 : ac : 3c ) 802.1X Authentication No . Time Source Destination Protocol Info 20 3.434866 Cisco_d5 : ac : 3c D - Link_8f : 4c : aa TLSv1 Application Data Frame 20 ( 92 bytes on wire , 92 bytes captured ) Ethernet II , Src : Cisco_d5 : ac : 3c ( 00 : 07 : 50 : d5 : ac : 3c ), Dst : D - Link_8f : 4c : aa ( 00 : 11 : 95 : 8f : 4c : aa ) 802.1X Authentication No . Time Source Destination Protocol Info 21 3.456287 D - Link_8f : 4c : aa Cisco_d5 : ac : 3c TLSv1 Application Data Frame 21 ( 47 bytes on wire , 47 bytes captured ) Ethernet II , Src : D - Link_8f : 4c : aa ( 00 : 11 : 95 : 8f : 4c : aa ), Dst : Cisco_d5 : ac : 3c ( 00 : 07 : 50 : d5 : ac : 3c ) 802.1X Authentication No . Time Source Destination Protocol Info 22 3.460738 Cisco_d5 : ac : 3c D - Link_8f : 4c : aa TLSv1 Application Data Frame 22 ( 56 bytes on wire , 56 bytes captured ) Ethernet II , Src : Cisco_d5 : ac : 3c ( 00 : 07 : 50 : d5 : ac : 3c ), Dst : D - Link_8f : 4c : aa ( 00 : 11 : 95 : 8f : 4c : aa ) 802.1X Authentication No . Time Source Destination Protocol Info 23 3.499618 D - Link_8f : 4c : aa Cisco_d5 : ac : 3c TLSv1 Application Data Frame 23 ( 56 bytes on wire , 56 bytes captured ) Ethernet II , Src : D - Link_8f : 4c : aa ( 00 : 11 : 95 : 8f : 4c : aa ), Dst : Cisco_d5 : ac : 3c ( 00 : 07 : 50 : d5 : ac : 3c ) 802.1X Authentication No . Time Source Destination Protocol Info 24 3.507027 Cisco_d5 : ac : 3c D - Link_8f : 4c : aa EAP Success Frame 24 ( 22 bytes on wire , 22 bytes captured ) Ethernet II , Src : Cisco_d5 : ac : 3c ( 00 : 07 : 50 : d5 : ac : 3c ), Dst : D - Link_8f : 4c : aa ( 00 : 11 : 95 : 8f : 4c : aa ) 802.1X Authentication
Last edited by metallica1973; 01-15-2007 at 06:56 PM .
01-16-2007, 01:47 AM
#9
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
Right, so for the errors you;re seeing i'd expect if you drill down into packet 9, the TLSv1 hello, you should see the statistics about the certificate you would want to compare.
01-16-2007, 05:56 PM
#10
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
I do not see anything at all that resembles a certificate name or anything of the sort on line 9 or anywhere in the tcp packet capture? Is there a module or an option that I have to enable?
Last edited by metallica1973; 01-16-2007 at 05:59 PM .
01-17-2007, 09:34 AM
#11
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
no not at all. i was only guessing at that packet... but if you are exchanging certificates on the wire, and are capture all packets, the certificate is in there somewhere.
01-18-2007, 05:09 PM
#12
Newbie
Registered: Jan 2007
Posts: 16
Rep:
Thank you very much for your helpful replies acid_kewpie.
01-19-2007, 01:39 AM
#13
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
heh, been a while since i had a dumb troll as a stalker... kinda miss it actually.
01-19-2007, 09:47 AM
#14
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
hey,
I have to agree acid_kewpie you are the man but what about my packet sniffing. How can I locate what certificate the windows machine is receiving and being accepted to compare it to my linux laptop. Once I figure this out I promise I will right an article and have it posted in the wiki's and the tutorial section of linuxquestions.org. You have my word of honor!
01-19-2007, 12:32 PM
#15
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
well like i said, it *will* be in wireshark, just drill down far enough in the right packet. seeing as we kinda have a thing going on, i can have a look if you email me the cap file, and trust me with it of course...
All times are GMT -5. The time now is 04:39 PM .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know .
Latest Threads
LQ News