Your 802.1X header says the packet is 227 bytes. You have 199 bytes highlighted and 28 bytes not highlighted, so that sums up to 227. Good.
So if your entire packet is 227 bytes, your EAP header certainly must be less than that. Except your EAP header says that the EAP data is 227 bytes, too.
Your EAP header should look like:
+------+------+------------+------+----
| code | ID | length | type | data ...
+------+------+------------+------+----
1 byte 1 byte 2 bytes 1 byte n bytes
RFC2716 says:
Length
The Length field is two octets and indicates the length of the EAP
packet including the Code, Identifier, Length, Type, and Data
fields. Octets outside the range of the Length field should be
treated as Data Link Layer padding and should be ignored on
reception.
So the length is the number of bytes starting at code
and going to the end of the packet, which in this case I suppose would be 227 - 18 = 209
.
Moving on, we see that the message type is 13, so it's an EAP-TLS packet. I see the S
bit isn't set, which implies that this packet is a fragment acknowledgement. Is that correct? (probably not, but only you would know)
The S bit
(EAP-TLS start) is set in an EAP-TLS Start message. This
differentiates the EAP-TLS Start message from a fragment
acknowledgement.
Getting to the EAP-TLS length, that tells us the total length of your message, in case your payload is spread out over many packets. Is the packet we're looking at your entire TLS message? Only you would know how long your message is and what its length is.
TLS Message Length
The TLS Message Length field is four octets, and is present only
if the L bit is set. This field provides the total length of the
TLS message or set of messages that is being fragmented.
I'm assuming the entire message is what you have highlighted, so its length would be 199.
Even if some of the details above are wrong for your packet, the general idea is that you've got the lengths wrong, and perhaps the flags are wrong, too.
Resources:
http://www.netcraftsmen.net/resources/archived-articles/429-examining-8021x-and-eap.html
http://www.ietf.org/rfc/rfc2716.txt