This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 1 and 17 (spanning 16 versions)
Revision 1 as of 2006-07-17 12:07:10
Size: 2082
Editor: ifidyn178
Comment:
Revision 17 as of 2010-10-12 16:55:02
Size: 2784
Comment: added the screenshot at the Example traffic section.
Deletions are marked like this. Additions are marked like this.
Line 2: Line 2:
= Full PROTO name (PROTO abbreviation) = = Protocol for carrying Authentication for Network Access (PANA) =
Line 4: Line 4:
This file tries to help you add a new protocol to the wiki. Edit anything as appropriate to the specific protocol and replace any appearance of PROTO/proto/protofirstletter by your protocols name (and remove this text line before saving!).

XXX - add a brief PROTO description here
PANA is a protocol used to authenticate users before granting network access. PANA is an IP based protocol and it enables the client to interact with a back-end AAA server, deployed in the network provide's domain. It enables the client to authenticate against the AAA server without using link-layer specific mechanisms or knowing the specific AAA protocol. PANA can be used on both multi-access and point-to-point links and it supports various authentication methods, dynamic network provider selection, and roaming clients. PANA does not define any new authentication mechanism but uses EAP to transfer authentication related data. Any authentication method on top of EAP can be used in PANA.
Line 10: Line 8:
XXX - add a brief description of PROTO history XXX - add a brief description of PANA history
Line 14: Line 12:
 * ["TCP"]: Typically, PROTO uses ["TCP"] as its transport protocol. The well known TCP port for PROTO traffic is 80.  * [[UDP]]: PANA uses [[UDP]] as its transport protocol. The well known UDP port for PANA traffic is 716.
Line 18: Line 16:
XXX - Add example decoded traffic for this protocol here (as plain text or Wireshark screenshot). {{attachment:Wireshark_1.5.0_SVN_Rev_34447_from_trunk-pana-rfc5191_cap.png}}

The depicted trace is available here: [[attachment:SampleCaptures/pana-rfc5191.cap]]
Line 22: Line 22:
The PROTO dissector is (fully functional, partially functional, not existing, ... whatever the current state is). Also add info of additional Wireshark features where appropriate, like special statistics of this protocol. The PANA dissector is fully functional.
Line 26: Line 26:
(XXX add links to preference settings affecting how PROTO is dissected). There are no PANA related preference settings.
Line 30: Line 30:
XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

 * attachment:SampleCaptures/PROTO.pcap
 * [[attachment:SampleCaptures/pana-rfc5191.cap]] PANA authentication and re-authentication sequences.
Line 35: Line 33:
A complete list of PROTO display filter fields can be found in the [http://www.wireshark.org/docs/dfref/protofirstletter/proto.html display filter reference] A complete list of PANA display filter fields can be found in the [[http://www.wireshark.org/docs/dfref/p/pana.html|display filter reference]]
Line 37: Line 35:
 Show only the PROTO based traffic: {{{
 proto }}}
 Show only the PANA based traffic: {{{
 pana }}}
Line 42: Line 40:
You cannot directly filter PROTO protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one.

 Capture only the PROTO traffic over the default port (80): {{{
 tcp port 80 }}}
XXX
Line 49: Line 44:
 * add link to PROTO specification and where to find additional info on the web about it, e.g.:
 * [http://www.ietf.org/rfc/rfc123.txt RFC 123] ''The RFC title'' - explanation of the RFC content.
IETF PANA Working Group
 * [[http://ietf.org/html.charters/pana-charter.html]]

Current RFCs
 * [[http://www.ietf.org/rfc/rfc5191.txt|RFC5191]] Protocol for Carrying Authentication for Network Access (PANA)
 * [[http://www.ietf.org/rfc/rfc4016.txt|RFC4016]] Protocol for Carrying Authentication and Network Access (PANA) - Threat Analysis and Security Requirements
 * [[http://www.ietf.org/rfc/rfc4058.txt|RFC4058]] Protocol for Carrying Authentication for Network Access (PANA) - Requirements
Line 53: Line 53:

Q:I don't think a capture filter named "pana" will work. - ''UlfLamping''

R:It will work if packets are decoded as pana.

R:As display filter yes, but not as capture filter. - JaapKeuter

Q:In the [[http://www.ietf.org/internet-drafts/draft-ietf-pana-pana-17.txt|pana_draft_17]] the pana header contains a session identifier. Wireshark dont take car of it. is it a interpretation error?

R:pana.sid is used for session ID. If there is an error please file a bug report with a capture file showing it. - JaapKeuter

Protocol for carrying Authentication for Network Access (PANA)

PANA is a protocol used to authenticate users before granting network access. PANA is an IP based protocol and it enables the client to interact with a back-end AAA server, deployed in the network provide's domain. It enables the client to authenticate against the AAA server without using link-layer specific mechanisms or knowing the specific AAA protocol. PANA can be used on both multi-access and point-to-point links and it supports various authentication methods, dynamic network provider selection, and roaming clients. PANA does not define any new authentication mechanism but uses EAP to transfer authentication related data. Any authentication method on top of EAP can be used in PANA.

History

XXX - add a brief description of PANA history

Protocol dependencies

  • UDP: PANA uses UDP as its transport protocol. The well known UDP port for PANA traffic is 716.

Example traffic

Wireshark_1.5.0_SVN_Rev_34447_from_trunk-pana-rfc5191_cap.png

The depicted trace is available here: SampleCaptures/pana-rfc5191.cap

Wireshark

The PANA dissector is fully functional.

Preference Settings

There are no PANA related preference settings.

Example capture file

Display Filter

A complete list of PANA display filter fields can be found in the display filter reference

  • Show only the PANA based traffic:

     pana 

Capture Filter

XXX

IETF PANA Working Group

Current RFCs

  • RFC5191 Protocol for Carrying Authentication for Network Access (PANA)

  • RFC4016 Protocol for Carrying Authentication and Network Access (PANA) - Threat Analysis and Security Requirements

  • RFC4058 Protocol for Carrying Authentication for Network Access (PANA) - Requirements

Discussion

Q:I don't think a capture filter named "pana" will work. - UlfLamping

R:It will work if packets are decoded as pana.

R:As display filter yes, but not as capture filter. - JaapKeuter

Q:In the pana_draft_17 the pana header contains a session identifier. Wireshark dont take car of it. is it a interpretation error?

R:pana.sid is used for session ID. If there is an error please file a bug report with a capture file showing it. - JaapKeuter

PANA (last edited 2010-10-12 16:55:02 by YasuyukiTanaka)