EAPOL Packets after successful authentication and 4 way handshake

ramprasad.rajendran at wipro.com ramprasad.rajendran at wipro.com
Sat Mar 3 10:27:49 EST 2007

>-----Original Message-----
>From: hostap-bounces+ramprasad.rajendran=wipro.com at shmoo.com 
>[mailto:hostap-bounces+ramprasad.rajendran=wipro.com at shmoo.com]
> On Behalf Of Jouni Malinen
>Sent: Saturday, March 03, 2007 11:16 AM
>To: hostap at shmoo.com
>Subject: Re: EAPOL Packets after successful authentication and 
>4 way handshake
>On Fri, Mar 02, 2007 at 10:31:05PM +0530, 
>ramprasad.rajendran at wipro.com wrote:
>> I've observed very rarely, that I receive EAPOL packets 
>seconds after 
>> a 4 way handshake is through. Is this ok ? What sort of packets can 
>> they be ?
>How did you observe the packets? With a sniffer? Could you 
>please send a dump of such frames? What software was used in 
>the AP/Authenticator and client/Supplicant?

Yeah I've observed the packets with the sniffer. I don't have the
unencrypted frame format.
I was using Linksys WRT54G as the authenticator and wpa_supplicant_0.5.7
I have only the encrypted dump that is attached.

>It's difficult to say what these frames were without seeing 
>the capture log. Anyway, if 4-way handshake is completed, all 
>data frames (including EAPOL packets) should be sent 
>encrypted. EAPOL packets can be sent after this for things 
>like rekeying, but still, they would be encrypted and not very 
>easily identifiable in capture logs.
>Jouni Malinen                                            PGP 
>id EFC895FA
>HostAP mailing list
>HostAP at shmoo.com

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Url: http://lists.shmoo.com/pipermail/hostap/attachments/20070303/8fa51d63/attachment.txt 

More information about the HostAP mailing list