Challenge Handshake Authentication Protocol, or CHAP, is one of two authentication protocols supported by PPP. Similar to PAP, CHAP is works with Link Control Protocol to authenticate a connection after the link establishment phase. Unlike its counterpart, however, CHAP constantly rechecks the validity of the connecting host to protect against unauthorized access. CHAP packets use a challenge system, meaning that authenticators transmit a challenge packet continuously until the connecting system responds with a packet containing a response. If this message contains a correct value, calculated using a hash function, the authenticator sends back a success packet. If not, the connection fails.
A CHAP packet header consists of 40 bits, composed of the following fields:

Code: The code field determines the function of the CHAP packet. Possible values are as follows:
1 - Challenge 2 - Response 3 - Success 4 - Failure

Identifier: The identifier field contains the actual information that determines whether or not a host will authorize the connection and allow it to take place.

Length: The length field is the total size of the packet, including the data field that follows the CHAP header.

The CHAP specification is fully defined in RFC 1994.