wired 802.1X authorization for Asus wl500gx router

Jouni Malinen j at w1.fi
Sun Feb 18 13:13:30 EST 2007


On Sat, Feb 17, 2007 at 10:37:07PM +0100, Mikhail Kostousov wrote:
> I've compiled tcpdump for router, but I cannot find information how to
> define ethertype :( Can you help me a bit?

"tcpdump -ni <ifname> -ex ether proto 0x888e" shows only EAPOL frames
(with header information and hex dump).

> I have also tried tcpdump on desktop, and it is visible that there is EAP
> packets. But, router is in the same net and connected to net via usual hub.

Yes, this is expected behavior. These are EAPOL packets for the
authentication. You should be able to verify that the MAC addresses
shown are the addresses of the authenticator and the supplicant and in
casde of wired authentiation, the destination address should be a group
address reserved for EAPOL (01:80:c2:00:00:03). The main question is in
whether the router is receiving these multicast frames.

> I am not sure, must router's tcpdump also show EAP frames or not?

Yes.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list