Attacking WPA-Enterprise
WPA-Enterprise, as the name says, is the authentication mode used in enterprise networks.
In WPA-Enterprise, the AP does not authenticate the client as in WPA-Personal mode, but instead delegates it to an Authentication Server (AS) that communicates with the AP through the RADIUS protocol.
The authentication packets exchanged between AP and AS are carried using the Extensible Authentication Protocol (EAP) and specifically the EAP Over LAN (EAPOL), a protocol defined in the 802.1x standard for authentication on wired LANs. The AP (authenticator) acts as a relay that forwards the authentication packets between the two parties, the client (supplicant) and the AS.
EAP is an authentication framework rather than a single protocol and comes in many types, among which the most important are:
Lightweight EAP (LEAP)
EAP-MD5
EAP-TLS
EAP-FAST
EAP-TTLS
PEAP
The last three are the most common EAP types in use by enterprise networks. The authentication process takes place with an EAP-handshake...
