This is our old Q&A Site. Please post any new questions and answers at

Hi, sorry if this has been clarified before, but I've had a quick search through the mailing lists and nothing jumps out at me.

I am trying to decode EAP-TTLS. Wireshark works out of the box down up as far as TLS layer. That is, I can see the following:

  1. Radius over UDP, or EAPoL fragments
  2. EAP packets
  3. SSL Handshake over a sequence of EAP packets

After the handshake however, the TLS cipher kicks in and I can't see what's happening. This is a "good thing" in the normal operation of the protocol. I'm trying to perform some diagnostics however so this is a bit of a problem.

I have the private key and all, so it should in theory be possible to decode this, but I guess it's just a case of making a few modifications.

I'd be interested in taking a look at adding this feature. It seems this is a solved problem for many other protocols (HTTPS, LDAP) so how hard could it be?

It seems as though I can see it attempt to decode the TLS layer for the first EAP frame, but then it gives up for the remainder of the session, so all that needs to be done is to correlate the remaining frames. Easy!

I'll have a look now at the code and see if it makes any sense. If anybody can provide and guidance I would be very grateful.

Thanks, Rob

asked 21 Oct '14, 11:04

robert_'s gravatar image

accept rate: 0%

Very well. Have a look at packet-eap.c and packet-ssl[-utils].c which handle this case. At least that's what the code suggests. Sounds as if it's not working right?

(22 Oct '14, 01:41) Jaap ♦
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 21 Oct '14, 11:04

question was seen: 2,616 times

last updated: 22 Oct '14, 01:41

p​o​w​e​r​e​d by O​S​Q​A