Two Android clients trying to authenticate to a RADIUS server (Windows 2008 R2). WORKING = Android version 4.4, NON-WORKING = > Android version 5.1. TLS version seems to be negotiated fine. The only difference I can see between WORKING and NON-WORKING is the number of CIPHER SUITES presented by the clients (both clients are samsung android devices). Here are the packet captures: Working EAP Success: https://drive.google.com/file/d/0B5ttjkGSReNeRnd6dUdNb0JiNkU/view?usp=sharing NOT WORKING eap failure: https://drive.google.com/file/d/0B5ttjkGSReNeb0dDdllsd19INkE/view?usp=sharing asked 06 Jan '16, 11:03  deckhopper edited 06 Jan '16, 11:05 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
I looked at both file captures. I was able to see up to the UDP layer, but after that the Data portion was still encoded. Were you able to "see" EAP decoded information in the Packet Details section of Wireshark?
@deckhopper: Can you please add instructions how you successfully decoded these pcap files as TLS traffic in Wireshark (including the Wireshark version)?