This is our old Q&A Site. Please post any new questions and answers at

I usd wireshark1.6.2 in Ubuntu 11.10 to capture wpa2 authentication packet, but in WPA2-PSK or EAP—TLS authentication methods I only capture EPAOL key switch packet and sequent DHCP、TCP packet ,can not capture eap-request/response packet. Why?How can i solve this problem?

asked 29 Dec '11, 04:05

zqm0209's gravatar image

accept rate: 0%

it is strange.when I first used EAP-TLS authenticate to the WLAN,I catch the eap-request/response packet,here is the packet: but when I reconnect the network,I cannot catch the eap-request/responset frame,even I close the free-radius server and use wrong authentication message,the authentication is still success.Here is the packet file in this situation:

My authentication server is free-radius2.1.2,AP is DLink DIR-618,USB wrieless Adapter is TP-Link TL-WN821N.

(02 Jan '12, 05:14) zqm0209

Try just to reboot your AP, that should force the whole EAP process to renew, I guess your AP kind of "remembers" successful EAP authentication

(02 Jan '12, 05:29) Landi

Thanks.You are right,after reboot my ap, I can capture the packet.

(07 Jan '12, 04:56) zqm0209

WPA2-PSK uses 4 EAPoL Key frames to do the authentication and authorization. After the client successfully exchanges those frames with the AP, DHCP assigns an IP address, so what you see there is perfectly the way it works.

For EAP-TLS please specify more details about your setup

permanent link

answered 29 Dec '11, 04:12

Landi's gravatar image

accept rate: 28%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 29 Dec '11, 04:05

question was seen: 6,006 times

last updated: 07 Jan '12, 04:56

p​o​w​e​r​e​d by O​S​Q​A