Protocol for carrying Authentication for Network Access (PANA)
PANA is a protocol used to authenticate users before granting network access. PANA is an IP based protocol and it enables the client to interact with a back-end AAA server, deployed in the network provide's domain. It enables the client to authenticate against the AAA server without using link-layer specific mechanisms or knowing the specific AAA protocol. PANA can be used on both multi-access and point-to-point links and it supports various authentication methods, dynamic network provider selection, and roaming clients. PANA does not define any new authentication mechanism but uses EAP to transfer authentication related data. Any authentication method on top of EAP can be used in PANA.
XXX - add a brief description of PANA history
The depicted trace is available here: SampleCaptures/pana-rfc5191.cap
The PANA dissector is fully functional.
There are no PANA related preference settings.
Example capture file
SampleCaptures/pana-rfc5191.cap PANA authentication and re-authentication sequences.
A complete list of PANA display filter fields can be found in the display filter reference
Show only the PANA based traffic:
IETF PANA Working Group
RFC5191 Protocol for Carrying Authentication for Network Access (PANA)
RFC4016 Protocol for Carrying Authentication and Network Access (PANA) - Threat Analysis and Security Requirements
RFC4058 Protocol for Carrying Authentication for Network Access (PANA) - Requirements
Q:I don't think a capture filter named "pana" will work. - UlfLamping
R:It will work if packets are decoded as pana.
R:As display filter yes, but not as capture filter. - JaapKeuter
Q:In the pana_draft_17 the pana header contains a session identifier. Wireshark dont take car of it. is it a interpretation error?
R:pana.sid is used for session ID. If there is an error please file a bug report with a capture file showing it. - JaapKeuter