Server Hello Packet Invisible - during 802.1x Authentication- from Wireshark App Version 4.0.3 (v4.0.3-0-gc552f74c) & above.
Summary
During the assessment for Products, Wireshark was used and it was identified that Wireshark from the Version 4.0.3 (v4.0.3-0-gc552f74c) to 4.0.5 Stable release is not displaying the Server Hello packet while using the display filter as ( eap || eapol || radius ) to view the 802.1x packets. Whereas when the same packet capture file was exported and viewed with older Wireshark Version (4.0.1 or 3.6.13), the server hello packet and its details could be seen. We repeated the same with different machines to sure whether the issue is present with Wireshark application and it was confirmed that the issue is present with the versions mentioned above.
Sample capture file
Cannot attach the Wireshark Packet capture file as it contains company device's sensitive data.
Steps to reproduce
- Configure a device or any product that is capable of 802.1X authentication with its respective server for authentication and capture the network packets.
- Use display filter as " eap || eapol || radius " and view the Handshake process.
- You will be able to see the whole 802.1X authentication packets.
What is the current bug behavior?
You are unable to see the Server Hello Packet in the Wireshark in the whole handshake process.
What is the expected correct behavior?
The whole Handshake process with all the packet details should be seen.
Build information
Currently, it is observed in the build Version 4.0.3 (v4.0.3-0-gc552f74cdc23) and above.