This is our old Q&A Site. Please post any new questions and answers at

I'm capturing the initial EAPOL traffic between the supplicant and the switch but the return EAP traffic are not reported by Wireshark. The workstation port is SPAN to send traffic to a laptop with Wireshark 1.12.6. The monitor session is set for both direction. I would expect to see the return traffic for the request and Success but not seeing it Wireshark. The destination is shown as "Nearest: with MAC of 01:80:c2:00:00:03 which shown as static CPU. Any ideas?

Client---------------->Nearest # Start Client---------------->Nearest # Response,Idendity Client---------------->Nearest # Client Hello Client---------------->Nearest # Response, TLS EAP (EAP-TLS) Client---------------->Nearest # Certificate, Client Key Exchange, Certificate Verify, Change Cipher, Encrypted Handshake Client---------------->Switch # Response, TLS EAP (EAP-TLS)

asked 01 Jul '15, 13:14

ub40's gravatar image

accept rate: 0%

  1. Did you try to capture packets at the supplicant or server?
  2. Are you seeing the complete security exchange at one endpoint (i.e., supplicant and/or server)?
  3. Did you try using another port on the switch as a mirror port?
(02 Jul '15, 07:42) Amato_C

My guess would be that the SPAN isn't providing the authenticator packets for the capture port. Try to setup the capture differently.

permanent link

answered 02 Jul '15, 04:37

Jaap's gravatar image

Jaap ♦
accept rate: 14%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 01 Jul '15, 13:14

question was seen: 2,437 times

last updated: 02 Jul '15, 07:42

p​o​w​e​r​e​d by O​S​Q​A