Radius sniffing tools for PAP passwords

Well, you know that with SecurePass we had to write a radius server from scratch to be able to apply security labels and segregation.

I tested the radius with many appliances, but I had problems with ProFTPD, a very popular FTP server with a several features. During the investigation, I wasn’t unsure if the problem was in the ProFTPD radius module or in our radius server. Unfortunately, both debugs reported that everything was ok, but I was certain that something was wrong in the wire.

The most used packet sniffer is probably tcpdump, but unfortunately does not show the password in cleartext. I need to “see” if the password was good or not when sent over the network. As such I decided to modify a radius packet sniffer, raddump, to be able to decrypt the PAP radius password with the given secret.

Here’s the Gippa version of raddump that you can freely download.