我有一个已保存的wireshark捕获,我已经对结果应用了一个过滤器,只显示一个特定设备的通信 . 我启用了解密,解密密钥以格式密钥存储为wpa-pwd:SSID .
我不完全理解如何解释我可以获得的结果 . 我在S / O和Google上广泛搜索过 .
我想,结果中对我来说“感兴趣”的数据包将是来自源设备的数据包,传输到路由器,所有数据包都标有802.11协议 .
我目前按目的地排序过滤结果,有
-
3 "request-to-send"结果
-
后跟"802.11 Block Ack",
-
8 "request-to-send"结果,
-
后跟另一个"802.11 Block Ack"
-
3 "request-to-send"结果 .
我将按此顺序放置结果,但我只包括第一个请求发送和两个802.11阻塞ack数据包的摘要,因为请求发送数据包的摘要是一切基本相同 .
As a question, is there any way I can directly interpret these results to understand what these packets contained/were for?
Packet 1 (Request-to-send) Summary 5131 27.713095 Apple_88:85:55(TA)Actionte_30:f4:b6(18:1b:eb:30:f4:b6)(RA)802.11 45请求发送,标志= ... P .... C
Packet 1 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 57 11 bb 47 00 00 00 00 ....o...W..G....
0010 12 30 85 09 80 04 c3 a0 00 b4 10 9e 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 a4 ff c8 cc 0..,....U....
Packet 2 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 c1 b7 77 48 00 00 00 00 ....o.....wH....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a6 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 69 3a 25 10 0..,....Ui:%.
Packet 3 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 de 05 78 48 00 00 00 00 ....o.....xH....
0010 12 30 85 09 80 04 c5 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
Packet 4, 802.11 Block Ack Summary 6829 40.120666 Apple_88:85:55(TA)Actionte_30:f4:b6(18:1b:eb:30:f4:b6)(RA)802.11 57 802.11 Block Ack,Flags = ........ C
Packet 4 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 53 65 78 48 00 00 00 00 ....o...SexH....
0010 12 30 85 09 80 04 c6 9e 00 94 00 00 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 05 00 b0 3c 01 00 00 0..,....U...<...
0030 00 00 00 00 00 5d c0 d4 c7 .....]...
Packet 5 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 02 6f 78 48 00 00 00 00 ....o....oxH....
0010 12 30 85 09 80 04 c5 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
Packet 6 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 ea 77 78 48 00 00 00 00 ....o....wxH....
0010 12 30 85 09 80 04 c5 9e 00 b4 00 be 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 33 18 ce 45 0..,....U3..E
Packet 7 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 c3 ca 78 48 00 00 00 00 ....o.....xH....
0010 12 30 85 09 80 04 c5 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
Packet 8 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 f8 d4 78 48 00 00 00 00 ....o.....xH....
0010 12 30 85 09 80 04 c5 9e 00 b4 00 ce 01 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 f3 72 37 72 0..,....U.r7r
Packet 9 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 24 68 7a 48 00 00 00 00 ....o...$hzH....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
Packet 10 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 7e ed 7b 48 00 00 00 00 ....o...~.{H....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a6 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 69 3a 25 10 0..,....Ui:%.
Packet 11 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 e3 3c 7c 48 00 00 00 00 ....o....<|H....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
Packet 12 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 3c 52 7c 48 00 00 00 00 ....o...<R|H....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 0e 01 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 e0 6a fd b0 0..,....U.j..
Packet 13 (Block Ack) Summary 6978 40.406195 Apple_88:85:55(TA)Actionte_30:f4:b6(18:1b:eb:30:f4:b6)(RA)802.11 57 802.11 Block Ack,Flags = ........ C
Packet 13 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 94 bf 7c 48 00 00 00 00 ....o.....|H....
0010 12 30 85 09 80 04 c6 9e 00 94 00 00 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 05 00 40 3d 03 00 00 0..,....U..@=...
0030 00 00 00 00 00 fa 5f c6 82 ......_..
Packet 14 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 54 cd 7c 48 00 00 00 00 ....o...T.|H....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
Packet 15 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 1a f7 7c 48 00 00 00 00 ....o.....|H....
0010 12 30 85 09 80 04 c2 9e 00 b4 00 be 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 33 18 ce 45 0..,....U3..E
Packet 16 Hex + ASCII
0000 00 00 19 00 6f 08 00 00 6f 4a 7d 48 00 00 00 00 ....o...oJ}H....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
所以,我正在寻找解释如何解释这些和未来结果的解释,有点像“ grab 第一条鱼然后告诉我如何去做” .
我知道我已经阅读了有关右键单击数据包并转到“关注”和“流”的内容,但是如果有人想提及该特定功能的功能,则此选项在保存的捕获中不可用,它'我也很感激 .
1 回答
根据维基百科(https://en.wikipedia.org/wiki/IEEE_802.11_RTS/CTS),这些消息旨在避免传输冲突 . 他们的意思是"I would like to send something over WiFi, can I or is there somebody else planning to send data?" .
更多解释:WiFi卡可以首先询问“我可以吗?”而不仅仅是“大吼大叫”大量数据 . 如果没有人抱怨大量的数据跟随(没有其他人试图发送数据,因为你要求先发言) . 没有先问,每个人都有可能大声喊叫,没有人能理解任何人 .
作为“我可以吗?”如果消息比大量数据短,则会有较少的并发传输(导致冲突 - >数据需要重新发送) .