EAPOL-Start packet composition

Posted on 2006-05-30
Last Modified: 2013-12-09
I'm trying to establish a WPA-PSK TKIP connection to an AP and have seen the following bit of advice:

"To start the authentication process, your wireless card (called the SUPPLICANT in the specs) sends an EAPOL-Start (EAPOL - Extensible Authentication Protocol Over LAN) packet to the AP.  You do this by forming the packet itself using the MAC address of the AP and your WiFi card (you may have to scan the APs to get the MAC) and sending it through NDISUIO using the WriteFile() WIN32 API."

I have a valid handle to a NDISUIO wifi card, have scanned for APs, and have the MAC I wish to connect to.  I even have the DDK example, UIOTEST.C, and its DoWriteProc function as a guide.

But I don't know how to "form a packet" correctly for this (early) step.  DoWriteProc has me filling a structure with the Dst and Src MAC address and setting an EthType.  So far, I'm using EthType = 0x0800 for this, and getting an error 87 (invalid parameter) from GetLastError().

What data goes an EAPOL-Start packet after the Dst and Scr MAC addresses?

If you can help me, please find me at:

Thanks so much,

George S. Lockwood
Client Developer
San Francisco, CA  94111
voice:      415.901.6744

Question by:DevPPC
    1 Comment
    LVL 32

    Accepted Solution

    I don't think anyone at EE knows anything about EAPOL but me... (but you knew that, didn't you...)

    Here are two structs to contain the EAPOL Start packet:

    typedef struct _ETH_HEADER
          UCHAR      DstAddr[MAC_ADDR_LEN];
          UCHAR      SrcAddr[MAC_ADDR_LEN];
          USHORT      EthType;      // 0x888E

    typedef struct _EAPOL_START_PKT
          ETH_HEADER mHeader;
          UCHAR      ucVer;            // 0x01
          UCHAR      ucType;            // 0x01 - EAPOL-START
          USHORT      Length;
          UCHAR      Data[1];

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Preface: This article is part of a series focused on cross platform mobile app development (specifically Android and iOS) using the Alloy framework and Titanium Studio made by Appcelerator ( This article presumes a wor…
    This is not just another Android bug that needs patching, rather this is a major hole in one component of the the current android system, namely StageFright.
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now