Posts

Microsoft NPS as a RADIUS Server for WiFi Networks: RADIUS Client Limits

Image
The Microsoft Network Policy Server (NPS) is often used as a RADIUS server for WiFi networks. It can provide authentication and authorization services for users on a wireless network. I put this document together to highlight one particular little 'gotcha' when using NPS with Windows 2008. Windows 2008 comes in three flavours: Data Centre Enterprise Standard When using NPS as a RADIUS server, you have to add a number of 'RADIUS clients' to the configuration of the NPS server. These are the devices on your WiFi network that will send the RADIUS requests to NPS each time a user tries to logon to the network. The screenshot below shows where RADIUS clients are configured in NPS: The RADIUS request contains username and password information for the user trying to logon to the network. The request is generally checked against a Windows AD domain to see if the user is supplying a valid set of AD credentials to access the WiFi network. In controll

WLAN Packet Capture - Wi-Fi Filter Categories in Wireshark

Image
Wireshark has an expression builder to help build filter expressions to filter out the frames that perhaps you don't want to see, or to allow you to select the frames would like to view. At first glance, the categories are pretty overwhelming due to the fantastic array of protocols that Wireshark can decode for us. I certainly had to dig around a little the first time I looked through the list before I found the WiFi related categories. I thought it might be useful to list the categories (that I have found so far!) that relate to WiFi traffic.  Here is the list, together with a brief description of each one: 802.11MGT - IEEE 802.11 Wireless LAN management frame 802.11MGT - Radiotap - IEEE 802.11 Radiotap Capture Header IEEE 802.11 - IEEE 802.11 wireless LAN IEEE 802.11 Aggregate Data - IEEE 802.11 wireless LAN aggregate frames Wi-Fi P2P - Wi-Fi Peer-to-Peer

WLAN Packet Capture - Displaying Only 802.11 Decodes in the Frames Summary

Image
I quite like to be able to see the frame type, sequence numbers and flags field when looking at a summary of an 802.11 capture in Wireshark.  However, Wireshark can be too helpful when decoding frames and  will display a summary of the frame which shows the detail of hight layer protocols (thus hiding the 802.11 summary info). This generally happens when decoding a capture of a WiFi network that has a guest network that is not using over the air encryption. Here is an example. Some data frames in the trace summary below are shown as ' https ' or ' Application Data ' frames, rather than layer 2 data frames: To prevent this behaviour, simply go to the " Analyze > Enabled Protocol" menu option in Wireshark and de-select 'LLC ': This will restore the standard 802.11 frame summary so that 802.11 frame types, flags etc. are available: One thing to bear in mind with this approach is that some exchanges you would normally decoded (e.g