分析空口包的抓包资源:https://download.csdn.net/download/yudelian/21455721 (本文使用的空口包)
分析空口包,可以发现连接流程是:
Authentication --> association --> 4-way hanshake
管理帧分为两类:
1、帧主体中大部份的数据,如果使用长度固定的位,就称为固定式位;
如下图,在wireshark上叫Fixed parameters
2、如果位长度不定,就称为信息元素(information element);
如下图,在wireshark上叫Tagged parameters
wifi认证
Authentiaction帧:
长度固定的管理帧,即Authentication Algorithm Number(身份认证算法编号),目前只定义了两种值,如下图:
现在的80211一般这个值一般为0,指的是后面使用802.1X认证;
为1时,deprecated by 802.11i显示被802.1i废弃,应该在wep时的认证(需要再考证一下)
association之后会进行4-way的802.1X认证
Association Request包解析:
IEEE 802.11 Wireless Management
Fixed parameters (4 bytes)
Capabilities Information: 0x0031
Listen Interval: 0x0001
Tagged parameters (127 bytes)
Tag: SSID parameter set: Xiaomi_EFE1_5G
Tag: Supported Rates 6(B), 9, 12(B), 18, 24(B), 36, 48, 54, [Mbit/sec]
Tag: RSN Information
Tag Number: RSN Information (48)
Tag length: 20
RSN Version: 1
Group Cipher Suite: 00:0f:ac (Ieee 802.11) TKIP
Group Cipher Suite OUI: 00:0f:ac (Ieee 802.11)
Group Cipher Suite type: TKIP (2)
Pairwise Cipher Suite Count: 1
Pairwise Cipher Suite List 00:0f:ac (Ieee 802.11) AES (CCM)
Pairwise Cipher Suite: 00:0f:ac (Ieee 802.11) AES (CCM)
Pairwise Cipher Suite OUI: 00:0f:ac (Ieee 802.11)
Pairwise Cipher Suite type: AES (CCM) (4)
Auth Key Management (AKM) Suite Count: 1
Auth Key Management (AKM) List 00:0f:ac (Ieee 802.11) PSK
Auth Key Management (AKM) Suite: 00:0f:ac (Ieee 802.11) PSK
Auth Key Management (AKM) OUI: 00:0f:ac (Ieee 802.11)
Auth Key Management (AKM) type: PSK (2)
RSN Capabilities: 0x0000
.... .... .... ...0 = RSN Pre-Auth capabilities: Transmitter does not support pre-authentication
.... .... .... ..0. = RSN No Pairwise capabilities: Transmitter can support WEP default key 0 simultaneously with Pairwise key
.... .... .... 00.. = RSN PTKSA Replay Counter capabilities: 1 replay counter per PTKSA/GTKSA/STAKeySA (0x0)
.... .... ..00 .... = RSN GTKSA Replay Counter capabilities: 1 replay counter per PTKSA/GTKSA/STAKeySA (0x0)
.... .... .0.. .... = Management Frame Protection Required: False
.... .... 0... .... = Management Frame Protection Capable: False
.... ...0 .... .... = Joint Multi-band RSNA: False
.... ..0. .... .... = PeerKey Enabled: False
..0. .... .... .... = Extended Key ID for Individually Addressed Frames: Not supported
Tag: Supported Operating Classes
Tag: VHT Capabilities
Tag: Vendor Specific: Microsoft Corp.: WMM/WME: Information Element
Tag: Vendor Specific: Qualcomm Inc.
Association response的帧解析:
association response:
IEEE 802.11 Wireless Management
Fixed parameters (6 bytes)
Capabilities Information: 0x0031
Status code: Successful (0x0000)
..00 0000 0000 0001 = Association ID: 0x0001
Tagged parameters (204 bytes)
Tag: Supported Rates 6(B), 9, 12(B), 18, 24(B), 36, 48, 54, [Mbit/sec]
Tag: Vendor Specific: Microsoft Corp.: WMM/WME: Parameter Element
Tag: HT Capabilities (802.11n D1.10)
Tag: HT Information (802.11n D1.10)
Tag: Vendor Specific: Epigram, Inc.: HT Capabilities (802.11n D1.10)
Tag: Vendor Specific: Epigram, Inc.: HT Additional Capabilities (802.11n D1.00)
Tag: Overlapping BSS Scan Parameters
Tag: VHT Capabilities
Tag: VHT Operation
Tag: Extended Capabilities (8 octets)
Tag: Vendor Specific: Ralink Technology, Corp.
4-way handshake:
1hanshake:
Key Information: 0x008a
.... .... .... .010 = Key Descriptor Version: AES Cipher, HMAC-SHA1 MIC (2)
.... .... .... 1... = Key Type: Pairwise Key
.... .... ..00 .... = Key Index: 0
.... .... .0.. .... = Install: Not set
.... .... 1... .... = Key ACK: Set
.... ...0 .... .... = Key MIC: Not set
.... ..0. .... .... = Secure: Not set
.... .0.. .... .... = Error: Not set
.... 0... .... .... = Request: Not set
...0 .... .... .... = Encrypted Key Data: Not set
..0. .... .... .... = SMK Message: Not set
WPA Key Nonce: 9e4501d537bdf13a30fa17133acfd20735a741d97542c18530d06c833077a332
Key IV: 00000000000000000000000000000000
WPA Key RSC: 0000000000000000
WPA Key ID: 0000000000000000
WPA Key MIC: 00000000000000000000000000000000
2hanshake:
Key Information: 0x010a
.... .... .... .010 = Key Descriptor Version: AES Cipher, HMAC-SHA1 MIC (2)
.... .... .... 1... = Key Type: Pairwise Key
.... .... ..00 .... = Key Index: 0
.... .... .0.. .... = Install: Not set
.... .... 0... .... = Key ACK: Not set
.... ...1 .... .... = Key MIC: Set
.... ..0. .... .... = Secure: Not set
.... .0.. .... .... = Error: Not set
.... 0... .... .... = Request: Not set
...0 .... .... .... = Encrypted Key Data: Not set
..0. .... .... .... = SMK Message: Not set
WPA Key Nonce: 7460b9d95fb0b4a4e0660a437a8558812e6e6c10b23355854e738b04a0f3146f
Key IV: 00000000000000000000000000000000
WPA Key RSC: 0000000000000000
WPA Key ID: 0000000000000000
WPA Key MIC: bce61494be0e381a9cbcd0e463102c11
WPA Key Data: 30140100000fac020100000fac040100000fac020000
Tag: RSN Information
Tag Number: RSN Information (48)
Tag length: 20
RSN Version: 1
Group Cipher Suite: 00:0f:ac (Ieee 802.11) TKIP
Group Cipher Suite OUI: 00:0f:ac (Ieee 802.11)
Group Cipher Suite type: TKIP (2)
Pairwise Cipher Suite Count: 1
Pairwise Cipher Suite List 00:0f:ac (Ieee 802.11) AES (CCM)
Pairwise Cipher Suite: 00:0f:ac (Ieee 802.11) AES (CCM)
Pairwise Cipher Suite OUI: 00:0f:ac (Ieee 802.11)
Pairwise Cipher Suite type: AES (CCM) (4)
Auth Key Management (AKM) Suite Count: 1
Auth Key Management (AKM) List 00:0f:ac (Ieee 802.11) PSK
Auth Key Management (AKM) Suite: 00:0f:ac (Ieee 802.11) PSK
Auth Key Management (AKM) OUI: 00:0f:ac (Ieee 802.11)
Auth Key Management (AKM) type: PSK (2)
RSN Capabilities: 0x0000
.... .... .... ...0 = RSN Pre-Auth capabilities: Transmitter does not support pre-authentication
.... .... .... ..0. = RSN No Pairwise capabilities: Transmitter can support WEP default key 0 simultaneously with Pairwise key
.... .... .... 00.. = RSN PTKSA Replay Counter capabilities: 1 replay counter per PTKSA/GTKSA/STAKeySA (0x0)
.... .... ..00 .... = RSN GTKSA Replay Counter capabilities: 1 replay counter per PTKSA/GTKSA/STAKeySA (0x0)
.... .... .0.. .... = Management Frame Protection Required: False
.... .... 0... .... = Management Frame Protection Capable: False
.... ...0 .... .... = Joint Multi-band RSNA: False
.... ..0. .... .... = PeerKey Enabled: False
..0. .... .... .... = Extended Key ID for Individually Addressed Frames: Not supported
3hanshake:
802.1X Authentication
Version: 802.1X-2001 (1)
Type: Key (3)
Key Descriptor Type: EAPOL RSN Key (2)
.... .... .... .010 = Key Descriptor Version: AES Cipher, HMAC-SHA1 MIC (2)
.... .... .... 1... = Key Type: Pairwise Key
.... .... ..00 .... = Key Index: 0
.... .... .1.. .... = Install: Set
.... .... 1... .... = Key ACK: Set
.... ...1 .... .... = Key MIC: Set
.... ..1. .... .... = Secure: Set
.... .0.. .... .... = Error: Not set
.... 0... .... .... = Request: Not set
...1 .... .... .... = Encrypted Key Data: Set
..0. .... .... .... = SMK Message: Not setWPA Key Nonce: 9e4501d537bdf13a30fa17133acfd20735a741d97542c18530d06c833077a332
Key IV: 00000000000000000000000000000000
WPA Key RSC: df0b000000000000
WPA Key ID: 0000000000000000
WPA Key MIC: 0c904248df4cb58119561536b6a5f9f4
WPA Key Data Length: 80
WPA Key Data: 0187687631b588f887a3be70d0b59ec439a8e70e78f3678aef6de229550af19b91696d91…
4hanshake:
Key Information: 0x030a
.... .... .... .010 = Key Descriptor Version: AES Cipher, HMAC-SHA1 MIC (2)
.... .... .... 1... = Key Type: Pairwise Key
.... .... ..00 .... = Key Index: 0
.... .... .0.. .... = Install: Not set
.... .... 0... .... = Key ACK: Not set
.... ...1 .... .... = Key MIC: Set
.... ..1. .... .... = Secure: Set
.... .0.. .... .... = Error: Not set
.... 0... .... .... = Request: Not set
...0 .... .... .... = Encrypted Key Data: Not set
..0. .... .... .... = SMK Message: Not set
WPA Key Nonce: 0000000000000000000000000000000000000000000000000000000000000000
Key IV: 00000000000000000000000000000000
WPA Key RSC: 0000000000000000
WPA Key ID: 0000000000000000
WPA Key MIC: 00f4f175e65a985de56bbf672505ab10
WPA Key Data Length: 0
5万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
