\u56fe1 \u5bf9\u4f7f\u7528 PAP \u65b9\u6cd5\u8fdb\u884c RADIUS \u9a8c\u8bc1\u7684 Blast-RADIUS \u653b\u51fb<\/figcaption><\/figure><\/div>\n\n\n\u5982\u679c\u65e0\u6cd5\u76f4\u63a5\u4f7f\u7528 TLS \u6216 DTLS \u8fdb\u884c\u4f20\u8f93\u52a0\u5bc6\uff0c\u53ef\u4ee5\u4f7f\u7528 RFC 2869 \u4e2d\u63cf\u8ff0\u7684\u53ef\u9009 RADIUS \u5c5e\u6027 “Message-Authenticator” \u4f5c\u4e3a\u66ff\u4ee3\u65b9\u6cd5\u3002<\/p>\n\n\n\n
\u8be5\u65b9\u6cd5\u4e3a\u6574\u4e2a RADIUS \u6570\u636e\u5305\u8ba1\u7b97\u4e00\u4e2a HMAC-MD5 \u6821\u9a8c\u548c\u3002\u672a\u901a\u8fc7\u6b64\u5b8c\u6574\u6027\u68c0\u67e5\u7684\u6570\u636e\u5305\u5fc5\u987b\u88ab\u9759\u9ed8\u4e22\u5f03\u3002\u6839\u636e\u5f53\u524d\u7684\u72b6\u6001\uff0c\u6ca1\u6709\u5171\u4eab\u5bc6\u94a5\u7684\u60c5\u51b5\u4e0b\uff0cHMAC-MD5 \u6821\u9a8c\u548c\u65e0\u6cd5\u88ab\u4f2a\u9020\u3002<\/p>\n\n\n\n
\u5982\u679c\u5728\u6240\u6709\u6570\u636e\u5305\u4e2d\u90fd\u8981\u6c42\u4f7f\u7528\u6709\u6548\u7684\u6d88\u606f\u8ba4\u8bc1\u5c5e\u6027\uff0c\u8fd9\u79cd\u653b\u51fb\u5c06\u53d8\u5f97\u4e0d\u53ef\u80fd\u3002\u7136\u800c\uff0c\u8fd9\u4e2a\u5c5e\u6027\u4ec5\u5728 EAP \u8ba4\u8bc1\u65b9\u6cd5\u4e2d\u662f\u5f3a\u5236\u6027\u7684\uff0c\u800c\u5728 PAP \u548c CHAP \u4e2d\u5e76\u4e0d\u662f\u3002\u5373\u4f7f\u5728 RFC 5080 \u4e2d\u4e5f\u53ea\u662f\u5b9a\u4e49\u4e86\u4e00\u4e2a “SHOULD”\uff08\u5efa\u8bae\u4f7f\u7528\uff09\u3002<\/p>\n\n\n\n
\u5982\u4f55\u68c0\u67e5\u6f0f\u6d1e\uff1f<\/h2>\n\n\n\n
\u8981\u68c0\u67e5\u60a8\u7684\u5b9e\u73b0\u662f\u5426\u5b58\u5728\u6f0f\u6d1e\uff0c\u53ef\u4ee5\u6355\u83b7 RADIUS \u670d\u52a1\u5668\u548c RADIUS \u5ba2\u6237\u7aef\u4e4b\u95f4\u7684\u901a\u4fe1\u6570\u636e\u5305\uff0c\u5e76\u6839\u636e\u53d7\u5f71\u54cd\u7684\u534f\u8bae\u7279\u6027\u8fdb\u884c\u7b5b\u9009\u3002\u6211\u4eec\u53ef\u4ee5\u4f7f\u7528 ProfiShark \u6216 IOTA \u6355\u83b7\u6570\u636e\u5305\uff0c\u57fa\u4e8e RADIUS \u534f\u8bae\u5bf9 IOTA \u8fdb\u884c\u9884\u7b5b\u9009\uff0c\u5e76\u4f7f\u7528 Wireshark \u8fdb\u884c\u5206\u6790\u3002\u9700\u8981\u6355\u83b7 RADIUS \u5ba2\u6237\u7aef\u4e0e\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u6570\u636e\u5305\uff0c\u4f8b\u5982\uff0c\u5728\u56fe2\u6240\u793a\u7684\u5185\u8054\u6a21\u5f0f\u4e0b\u8fdb\u884c\u6355\u83b7\u3002<\/p>\n\n\n
\n
\u56fe2 \u5728 RADIUS \u5ba2\u6237\u7aef\uff08\u4ea4\u6362\u673a\uff09\u548c RADIUS \u670d\u52a1\u5668\u4e4b\u95f4\u5b9a\u4f4d IOTA \u6216 ProfiShark<\/figcaption><\/figure><\/div>\n\n\n\u4f7f\u7528 ProfiShark \u8fdb\u884c\u6355\u83b7<\/h2>\n\n\n\n
\u5728 ProfiShark Manager \u4e2d\uff0c\u6211\u4eec\u9700\u8981\u5728 “Network Ports” \u9009\u9879\u5361\u4e2d\u5c06 ProfiShark \u8bbe\u7f6e\u4e3a\u5185\u8054\u6a21\u5f0f\uff08\u5373\u53d6\u6d88\u52fe\u9009 “Span Mode” \u590d\u9009\u6846\uff0c\u5982\u56fe 3 \u6240\u793a\uff09\uff0c\u7136\u540e\u5c06\u5176\u5185\u8054\u96c6\u6210\u5230\u6211\u4eec\u7684\u7f51\u7edc\u4e2d\uff08\u5982\u56fe 2 \u6240\u793a\uff09\u3002<\/p>\n\n\n
\n
\u56fe3\u00a0 \u5728 ProfiShark Manager \u4e2d\u7981\u7528 SPAN \u6a21\u5f0f\uff0c\u5c06 ProfiShark \u5185\u8054\u96c6\u6210\u5230 RADIUS \u5ba2\u6237\u7aef\u548c RADIUS \u670d\u52a1\u5668\u4e4b\u95f4<\/figcaption><\/figure><\/div>\n\n\n\u63a5\u4e0b\u6765\uff0c\u5728 “Capture” \u9009\u9879\u5361\u4e2d\uff0c\u6839\u636e\u9700\u8981\u8bbe\u7f6e\u6355\u83b7\u76ee\u5f55\uff0c\u5e76\u901a\u8fc7\u70b9\u51fb “Start Capture” \u6309\u94ae\u5f00\u59cb\u6355\u83b7\u6570\u636e\uff0c\u76f4\u5230\u6211\u4eec\u83b7\u53d6\u5230\u8db3\u591f\u7684\u6570\u636e\u4e3a\u6b62\u3002<\/p>\n\n\n
\n
\u56fe4 \u5728 ProfiShark Manager \u4e2d\u8bbe\u7f6e\u6355\u83b7\u76ee\u5f55\u5e76\u5f00\u59cb\u6355\u83b7<\/figcaption><\/figure><\/div>\n\n\n\u4f7f\u7528 IOTA \u8fdb\u884c\u6355\u83b7<\/h2>\n\n\n\n
\u9996\u5148\uff0c\u6211\u4eec\u9700\u8981\u786e\u4fdd\u5728 IOTA \u7ba1\u7406\u754c\u9762\u7684 “Capture > Interface Configuration” \u9875\u9762\u4e0a\uff0c\u5c06 IOTA \u7684\u6355\u83b7\u63a5\u53e3\u8bbe\u7f6e\u4e3a\u5185\u8054\u6a21\u5f0f\u3002<\/p>\n\n\n
\n
\u56fe5 \u5c06\u7aef\u53e3\u63a7\u5236\u8bbe\u7f6e\u4e3a\u5185\u8054\u6a21\u5f0f<\/figcaption><\/figure><\/div>\n\n\n\u7136\u540e\uff0c\u6211\u4eec\u5c06 IOTA \u5185\u8054\u96c6\u6210\u5230\u751f\u4ea7\u7f51\u7edc\u4e2d\uff0c\u5e76\u901a\u8fc7\u6309\u4e0b\u8bbe\u5907\u4e0a\u7684\u7269\u7406\u6309\u94ae\u6216\u5728 “Capture > Capture Control” \u9875\u9762\u4e0a\u70b9\u51fb “Start Capture” \u6309\u94ae\u5f00\u59cb\u6355\u83b7\u6570\u636e\u3002<\/p>\n\n\n
\n
\u56fe6 \u901a\u8fc7 “Capture Control” \u9875\u9762\u4e0a\u7684 “Start Capture” \u6309\u94ae\u5f00\u59cb\u6355\u83b7<\/figcaption><\/figure><\/div>\n\n\n\u73b0\u5728\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u5e94\u7528\u7a0b\u5e8f\u6216\u534f\u8bae\u6808\u8fc7\u6ee4\u5668\u5bf9 RADIUS \u534f\u8bae\u8fdb\u884c\u8fc7\u6ee4\u3002\u6700\u7b80\u5355\u7684\u65b9\u6cd5\u662f\u8fc7\u6ee4 “APPLICATION” \u5c5e\u6027\uff0c\u5e76\u5c06\u5176\u503c\u8bbe\u7f6e\u4e3a “RADIUS”\uff08\u5982\u56fe 7 \u6240\u793a\uff09\uff0c\u8fd9\u6837\u53ea\u4f1a\u83b7\u53d6 RADIUS \u6570\u636e\u5305\u3002\u53e6\u4e00\u79cd\u9009\u62e9\u662f\u901a\u8fc7 “PROTOCOL_STACK” \u8fdb\u884c\u8fc7\u6ee4\uff0c\u8bbe\u7f6e\u503c\u4e3a “Ethernet | IPv4 | UDP | RADIUS”\u3002<\/p>\n\n\n
\n
\u56fe7 \u8fc7\u6ee4 RADIUS \u6570\u636e\u5305<\/figcaption><\/figure><\/div>\n\n\n\u5728\u6b63\u786e\u8fc7\u6ee4\u534f\u8bae\u540e\uff0c\u6211\u4eec\u53ef\u4ee5\u6eda\u52a8\u81f3\u6982\u89c8\u4eea\u8868\u677f\u7684\u5e95\u90e8\uff0c\u76f4\u5230\u770b\u5230\u6d41\u5217\u8868\u3002\u63a5\u4e0b\u6765\uff0c\u6211\u4eec\u9700\u8981\u9009\u62e9\u8981\u8fdb\u4e00\u6b65\u5206\u6790\u7684\u6d41\uff0c\u5e76\u70b9\u51fb\u5de6\u4fa7\u7684\u4e0b\u8f7d\u6309\u94ae\u3002<\/p>\n\n\n
\n
\u56fe8 \u53ef\u4e0b\u8f7d\u7684\u6d41\u5217\u8868<\/figcaption><\/figure><\/div>\n\n\n\u5206\u6790\u6613\u53d7\u653b\u51fb\u7684\u6267\u884c\u65b9\u5f0f<\/h2>\n\n\n\n
\u4f8b\u5982\uff0c\u6211\u4eec\u53ef\u4ee5\u4f7f\u7528 Wireshark \u68c0\u67e5 RADIUS \u8bf7\u6c42\u4e2d\u662f\u5426\u5305\u542b\u6613\u53d7\u653b\u51fb\u7684\u5c5e\u6027\u3002\u9996\u5148\uff0c\u6211\u4eec\u9700\u8981\u6253\u5f00\u4f4d\u4e8e\u4e4b\u524d\u5728 ProfiShark Manager \u4e2d\u914d\u7f6e\u7684\u76ee\u5f55\u6216\u4ece IOTA \u4e0b\u8f7d\u7684\u6587\u4ef6\u5939\u4e2d\u7684 PCAPNG \u6587\u4ef6\u3002\u63a5\u4e0b\u6765\uff0c\u6211\u4eec\u9700\u8981\u4e00\u4e2a\u663e\u793a\u8fc7\u6ee4\u5668\u6765\u83b7\u53d6 RADIUS Access-Requests\uff08\u4ee3\u7801 1\uff09\u3001Access-Accepts\uff08\u4ee3\u7801 2\uff09\u3001Access-Rejects\uff08\u4ee3\u7801 3\uff09\u548c Access-Challenges\uff08\u4ee3\u7801 11\uff09\uff0c\u4f46\u4e0d\u5305\u62ec\u4f7f\u7528 EAP \u65b9\u6cd5\u6216\u5e26\u6709 “Message-Authenticator” \u5c5e\u6027\u503c\u5bf9\u7684 RADIUS \u6d88\u606f\uff0c\u56e0\u4e3a\u5b83\u4eec\u4e0d\u53d7\u6b64\u6f0f\u6d1e\u5f71\u54cd\u3002\u4e3a\u6b64\uff0c\u6211\u4eec\u53ef\u4ee5\u4f7f\u7528\u663e\u793a\u8fc7\u6ee4\u5668 \u201c(radius.code in {1,2,3,11}) and not (radius.Message_Authenticator or eap)\u201d\uff0c\u5982\u56fe 9 \u6240\u793a\u3002\u8fd9\u6837\uff0c\u6211\u4eec\u53ea\u4f1a\u83b7\u53d6\u53d7\u6b64\u534f\u8bae\u6f0f\u6d1e\u5f71\u54cd\u7684 RADIUS \u6570\u636e\u5305\uff0c\u5e76\u4e14\u53ef\u4ee5\u770b\u5230\u53d7\u5f71\u54cd\u4ea7\u54c1\u7684\u6e90 IP \u5730\u5740\u3002<\/p>\n\n\n