WIFI空口包在Wireshark中过滤条件

bobhu4201

已于 2024-10-26 15:20:25 修改

阅读量1.2k

点赞数 39

分类专栏： WIFI 文章标签： wireshark 网络 WIFI

于 2024-09-05 15:03:30 首次发布

本文链接：https://blog.csdn.net/bobhu4201/article/details/141931336

版权

WIFI 专栏收录该内容

28 篇文章 0 订阅

订阅专栏

一）三大类 WIFI包过滤

wlan.fc.type == 0 管理帧

wlan.fc.type == 1 控制帧

wlan.fc.type == 2 数据帧

二）管理帧

Association Req /Rsp wlan.fc.type_subtype == 0x0000||wlan.fc.type_subtype == 0x0001

Reassociation Req /Rsp wlan.fc.type_subtype == 0x00002||wlan.fc.type_subtype == 0x0003

Probe Req/Rsp wlan.fc.type_subtype == 0x0004||wlan.fc.type_subtype == 0x0005

Measurement Pilot wlan.fc.type_subtype == 0x00006

Unrecognized wlan.fc.type_subtype == 0x00007

Beacon wlan.fc.type_subtype == 0x0008

ATIM wlan.fc.type_subtype == 0x0009

DisAssociation wlan.fc.type_subtype == 0x000a

Auth wlan.fc.type_subtype == 0x000b

Disauthention wlan.fc.type_subtype == 0x000c

Action wlan.fc.type_subtype == 0x000d

Action No ACK wlan.fc.type_subtype == 0x000e

Aruba Management wlan.fc.type_subtype == 0x000f

三）控制帧

ACK帧：wlan.fc.type_subtype == 0x1D。

CTS帧：wlan.fc.type_subtype == 0x1C。

RTS帧：wlan.fc.type_subtype == 0x1B

PS-POLL帧： wlan.fc.type_subtype == 0x1A

四）数据帧

Null Data帧：要过滤Null Data帧，使用wlan.fc.type_subtype == 0x24。

Acknowledgement(No data)帧 wlan.fc.type_subtype == 0x25

QoS Data帧：质量服务数据帧可以通过wlan.fc.type_subtype == 0x28来过滤

Qos CF-Ack + CF-Poll (No data)帧： wlan.fc.type_subtype == 0x2f

802.1X 4次握手帧: llc.type == 0x888e

五）WIFI组合包过滤条件

Auth帧 + Association Req /Rsp + Reassociation Req /Rsp + Disauthention + DisAssociation + 802.1X 4次握手包过滤条件

wlan.fc.type_subtype == 0x0000||wlan.fc.type_subtype == 0x0001||wlan.fc.type_subtype == 0x00002||wlan.fc.type_subtype == 0x0003||wlan.fc.type_subtype == 0x000a||wlan.fc.type_subtype == 0x000b||wlan.fc.type_subtype == 0x000c||llc.type == 0x888e

源MAC+目的MAC + (Auth帧 + Association Req /Rsp + Reassociation Req /Rsp + Disauthention + DisAssociation + 802.1X 4次握手包 ) 过滤条件

((wlan.da == 96:17:5e:00:8e:60) || (wlan.sa == 96:17:5e:00:8e:60))&& (wlan.fc.type_subtype == 0x0000||wlan.fc.type_subtype == 0x0001||wlan.fc.type_subtype == 0x00002||wlan.fc.type_subtype == 0x0003||wlan.fc.type_subtype == 0x000a||wlan.fc.type_subtype == 0x000b||wlan.fc.type_subtype == 0x000c||llc.type == 0x888e)

发送端MAC+ 接收端MAC + (Auth帧 + Association Req /Rsp + Reassociation Req /Rsp + Disauthention + DisAssociation + 802.1X 4次握手包 ) 过滤条件

((wlan.ra == 96:17:5e:00:8e:60) || (wlan.ta == 96:17:5e:00:8e:60))&& (wlan.fc.type_subtype == 0x0000||wlan.fc.type_subtype == 0x0001||wlan.fc.type_subtype == 0x00002||wlan.fc.type_subtype == 0x0003||wlan.fc.type_subtype == 0x000a||wlan.fc.type_subtype == 0x000b||wlan.fc.type_subtype == 0x000c||llc.type == 0x888e)