Protocol for carrying Authentication for Network Access (PANA)

PANA is a protocol used to authenticate users before granting network access. PANA is an IP based protocol and it enables the client to interact with a back-end AAA server, deployed in the network provide's domain. It enables the client to authenticate against the AAA server without using link-layer specific mechanisms or knowing the specific AAA protocol. PANA can be used on both multi-access and point-to-point links and it supports various authentication methods, dynamic network provider selection, and roaming clients. PANA does not define any new authentication mechanism but uses EAP to transfer authentication related data. Any authentication method on top of EAP can be used in PANA.


XXX - add a brief description of PANA history

Protocol dependencies

Example traffic

Wireshark<span data-escaped-char>_</span>1.5.0<span data-escaped-char>_</span>SVN<span data-escaped-char>_</span>Rev<span data-escaped-char>_</span>34447<span data-escaped-char>_</span>from<span data-escaped-char>_</span>trunk-pana-rfc5191<span data-escaped-char>_</span>cap.png

The depicted trace is available here: SampleCaptures/pana-rfc5191.cap


The PANA dissector is fully functional.

Preference Settings

There are no PANA related preference settings.

Example capture file

Display Filter

A complete list of PANA display filter fields can be found in the display filter reference

Show only the PANA based traffic:


Capture Filter


External links

IETF PANA Working Group

Current RFCs


Q:I don't think a capture filter named "pana" will work. - UlfLamping

R:It will work if packets are decoded as pana.

R:As display filter yes, but not as capture filter. - JaapKeuter

Q:In the pana_draft_17 the pana header contains a session identifier. Wireshark dont take car of it. is it a interpretation error?

R:pana.sid is used for session ID. If there is an error please file a bug report with a capture file showing it. - JaapKeuter

Imported from on 2020-08-11 23:17:48 UTC