This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Distinguishing between EAPOL messages (1, 2, 3, and 4)

Wireshark presents each of the EAPOL messages with "(Message 1 of 4)" then 2 of 4, 3 of 4, and finally 4 of 4. This information appears in the "Info" column within Wireshark. From the packet data, I'd like to know how to make the same distinction for each of the 4 EAPOL packets that Wireshark does.

Thanks!

eapol messages wireshark

asked 18 May '14, 17:49

SwiftAero
56●2●2●7
accept rate: 0%

One Answer:

0	These info's come from the WPA key dissection in packet-ieee80211.c. Have a look at `dissect_wlan_rsna_eapol_wpa_or_rsn_key()`. answered 24 May '14, 06:43 Jaap ♦ 11.7k●16●101 accept rate: 14%