Key Knowledge Areas:

  • Understand wireless networks security mechanisms
  • Configure FreeRADIUS to authenticate network nodes
  • Use Wireshark and tcpdump to analyze network traffic, including filters and statistics
  • Use Kismet to analyze wireless networks and capture wireless network traffic
  • Identify and deal with rogue router advertisements and DHCP messages
  • Awareness of aircrack-ng and bettercap

The following is a partial list of the used files, terms and utilities:

  • radiusd
  • radmin
  • radtest
  • radclient
  • radlast
  • radwho
  • radiusd.conf
  • /etc/raddb/*
  • wireshark
  • tshark
  • tcpdump
  • kismet
  • ndpmon

Terms

RADIUS

Remote Authentication Dial-In User Service

Protocol that controls network access by providing centralized authentication, authorization, and accounting (AAA). Clients contact a Network Access Server (NAS) which sends an access request to the RADIUS server. The RADIUS server verifies the request and responds with a reject, challenge, or accept message. If accounting is enabled the NAS communicates start, interim updates, and stop of a client session to the RADIUS server.

Files

radiusd.conf

Main configuration file of the FreeRADIUS server. It consists of configuration items, sections, and comments. Its default path is /etc/raddb/radiusd.conf.

configuration items

name = value

string1 = "hello world"

string2 = 'hello mom'

foo = "blah \


 blah \


 blah"

Note: When using continuations (\$) any CR or LF is dropped, but all other whitespace is preserved.

sections

section {
        ...

}

section foo {
        ...

}

comments

# comment

/etc/raddb/*

FreeRADIUS configuration file path. The main configuration file, radiusd.conf, references other files in this path by including them.

Utilities

radiusd

The FreeRADIUS server.

radmin

This is the FreeRADIUS server administration tool.

radtest

Frontend to radclient, generating a list of configuration options and feeding these into radclient.

radclient

Client able to send arbitrary packets to a RADIUS server, and show its reply.

radlast

Frontend to the host’s last command, passing the database path and options specified on the command line.

radwho

Shows the content of the session database.

wireshark

Wireshark is a graphical network packet analyzer.

tshark

TShark is a text-based network protocol analyzer. It captures packets by using the pcap library. It operates similar to tcpdump.

tcpdump

Home of both tcpdump, a command-line packet analyzer, and libpcap, a library for network traffic capture.

kismet

Kismet is a sniffer, wireless intrusion prevention system (WIDS), and wardriving tool for Wi-Fi, Bluetooth, Zigbee, etc.

ndpmon

Network Discovery Protocol Monitor (NDPMon) is used to monitor ICMPv6 packets, especially during Stateless Address Autoconfiguration (SLAAC).

Notes

Technical Guide by Network RADIUS

Recommended by FreeRADIUS

aircrack-ng

Aircrack-ng is a collection of tools for WiFi security. Its features include: monitoring, attacking, testing, and cracking.

bettercap

A self-proclaimed Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking, CAN-bus, and IPv4/IPv6 networks inspection and MITM attacks, bettercap is an extensible framework written in Go.

Detect rogue router advertisements

How to Detect Rogue Router Advertisements on IPv6 Networks