hostAPD EAP server not responding to EAP Identity Response

Neelansh Mittal neelansh
Wed Dec 3 13:18:18 PST 2014 

Hi,


With 802.1x EAP-FAST authentication , After an EAP failure ,sometimes the
hostapd server is not replying to EAP-Identity response messages, for long
durations of time.(Sniffer snippet below)



No.     Time           Source                Destination           Protocol
Length Info
  39156 381.550810000  AirgoNet_95:da:b0     Epigram_09:1d:cd      TLSv1
133    Change Cipher Spec, Encrypted Handshake Message
  39158 381.565063000  Epigram_09:1d:cd      AirgoNet_95:da:b0     TLSv1
180    Application Data, Application Data
  39160 381.570683000  AirgoNet_95:da:b0     Epigram_09:1d:cd      TLSv1
175    Application Data
  39162 381.584312000  Epigram_09:1d:cd      AirgoNet_95:da:b0     TLSv1
212    Application Data, Application Data
  39164 381.586559000  AirgoNet_95:da:b0     Epigram_09:1d:cd      TLSv1
111    Application Data
  39167 381.596189000  Epigram_09:1d:cd      AirgoNet_95:da:b0     TLSv1
212    Application Data, Application Data
  39169 381.599442000  AirgoNet_95:da:b0     Epigram_09:1d:cd      TLSv1
175    Application Data
  39171 381.607438000  Epigram_09:1d:cd      AirgoNet_95:da:b0     TLSv1
308    Application Data, Application Data
  39173 381.610944000  AirgoNet_95:da:b0     Epigram_09:1d:cd      TLSv1
127    Application Data
  39176 381.623056000  Epigram_09:1d:cd      AirgoNet_95:da:b0     EAP
72     Failure
.
.
.
.
  39967 394.500445000  AirgoNet_95:da:b0     Epigram_09:1d:cd      EAPOL
68     Start
  39983 394.521195000  Epigram_09:1d:cd      AirgoNet_95:da:b0     EAP
73     Request, Identity
  39989 394.528570000  AirgoNet_95:da:b0     Epigram_09:1d:cd      EAP
82     Response, Identity
  41524 425.561573000  AirgoNet_95:da:b0     Epigram_09:1d:cd      EAPOL
68     Start
  41773 428.554224000  AirgoNet_95:da:b0     Epigram_09:1d:cd      EAPOL
68     Start
  41775 428.563452000  Epigram_09:1d:cd      AirgoNet_95:da:b0     EAP
73     Request, Identity
  41777 428.565825000  AirgoNet_95:da:b0     Epigram_09:1d:cd      EAP
82     Response, Identity
  42347 441.395074000  Epigram_09:1d:cd      AirgoNet_95:da:b0     EAP
73     Request, Identity
  42349 441.398819000  AirgoNet_95:da:b0     Epigram_09:1d:cd      EAP
82     Response, Identity
  42351 441.406568000  Epigram_09:1d:cd      AirgoNet_95:da:b0     TLSv1
86     Ignored Unknown Record

As seen here, after the EAP-Failure , when the supplicant again sends an
EAPOL start followed by EAP Request Identity/Respose, the server is not
responding with the EAP-Request Method Frame(Ignored Unknown Record) for
almost 50 seconds.

Sometimes this time exceeds 60 seconds.

What could be the reason?


Regards
Neelansh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20141204/27a0ae67/attachment.htm>

More information about the Hostap mailing list