下表是利用 omnipeek 抓下約 3 秒鐘的無線包2 r z+ X+ p" v/ U
9 q( m& \8 D& Q5 R2 N2 `% w* S動作:
5 |2 n/ D$ O0 @( t1) 啟動 Cisco AP,host 名為 Openplatform,2.4G Mac 地址為 00:19:07:58:9F:20,沒有加密,頻道為 9
- n" k5 r2 u0 q) E( g4 y/ K2) 利用 Summit 無線卡,啟動 CCX,連上 Cisco AP, 2.4G Mac 地址為 00:17:23:0D:2C:7D
7 E, }! o: x8 j# g2 I8 S- ]: n " m# A1 |8 T1 Q
** 登入論壇後資料顯示更整齊 ***
: P; u9 Z' T7 z/ ^+ _0 B" k4 n+ D% ~7 J. T* {% t y
PacketSourceDestinationData RateRelative TimeProtocol% q2 D+ A7 R3 _9 f: L" b/ @) k
100:19:07:58:9F:20Ethernet Broadcast10802.11 Beacon
/ y5 s' A- u3 _. Y; \: Z; k200:19:07:58:9F:20Ethernet Broadcast10.102401802.11 Beacon, o* u' g4 Y& D' {/ d, |
300:19:07:58:9F:20Ethernet Broadcast10.204804802.11 Beacon
+ P, ?# ~2 L7 ^( p: ^/ j400:19:07:58:9F:20Ethernet Broadcast10.307203802.11 Beacon
0 {! \& G" D! X, V500:19:07:58:9F:20Ethernet Broadcast10.409604802.11 Beacon
; |5 H7 s3 p, R5 ~1 u; i$ q600:19:07:58:9F:20Ethernet Broadcast10.512005802.11 Beacon9 j4 w+ P# H& m6 j, A
700:19:07:58:9F:20Ethernet Broadcast10.614406802.11 Beacon
3 u0 i9 }8 E# G8 z800:19:07:58:9F:20Ethernet Broadcast10.716807802.11 Beacon
+ x6 H+ [$ i% A( Q1 Q900:19:07:58:9F:20Ethernet Broadcast10.819208802.11 Beacon
7 |! M( L/ M1 [: q# f/ X0 c1000:19:07:58:9F:20Ethernet Broadcast11.024009802.11 Beacon& D* j4 s( j2 F& n+ o M
1100:19:07:58:9F:20Ethernet Broadcast11.12641802.11 Beacon9 \" D# h+ P- `& R9 U" J
1200:17:23:0D:2C:7DEthernet Broadcast11.175586802.11 Probe Req
. B- d1 [, i* ]( b- d, \% W1300:17:23:0D:2C:7DEthernet Broadcast11.208822802.11 Probe Req
: g/ ~ e2 d8 W1400:19:07:58:9F:20Ethernet Broadcast11.228811802.11 Beacon8 A! X3 x0 \" X$ ], {4 S
1500:19:07:58:9F:20Ethernet Broadcast11.331212802.11 Beacon
Q8 ^$ j8 |6 w m' k W4 x8 U1600:17:23:0D:2C:7DEthernet Broadcast11.385512802.11 Probe Req( H2 _, x# i3 U7 V
17Ethernet Broadcast00:19:07:58:9F:2011.422788802.11 Ack
6 E. ]6 Q) Y, Q* C9 m; i1800:19:07:58:9F:20Ethernet Broadcast11.433613802.11 Beacon! ~* B1 n% H. J3 O4 v# w4 ?
1900:19:07:58:9F:2000:17:23:0D:2C:7D11.4586802.11 Probe Rsp0 ?# j! V' W) V) G5 w0 a0 p7 e
2000:19:07:58:9F:2000:17:23:0D:2C:7D11.460278802.11 Probe Rsp- ], y# W' U) ?! v3 z: ^
2100:17:23:0D:2C:7D00:19:07:58:9F:2011.460593802.11 Ack( _4 ^. ^' w: k1 U5 L7 m4 F; s
2200:17:23:0D:2C:7D00:19:07:58:9F:2011.527452802.11 Auth% c5 B+ [0 U0 `
2300:19:07:58:9F:2000:17:23:0D:2C:7D11.527764802.11 Ack/ O8 D8 f8 b; P. M6 i% b+ N
2400:19:07:58:9F:2000:17:23:0D:2C:7D111.528054802.11 Auth
6 M$ h1 r/ X" E2500:17:23:0D:2C:7D00:19:07:58:9F:2011.528362802.11 Ack0 `6 F* W- E' q; Z. z
2600:17:23:0D:2C:7D00:19:07:58:9F:2011.529416802.11 Assoc Req7 J" E4 {7 }- J# c f( t
2700:19:07:58:9F:2000:17:23:0D:2C:7D11.529731802.11 Ack/ G3 p4 L( L0 ^
2800:19:07:58:9F:2000:17:23:0D:2C:7D111.530343802.11 Assoc Rsp
! C$ Y$ Q. r: I' r* Y+ ?, A2900:17:23:0D:2C:7D00:19:07:58:9F:2011.530655802.11 Ack7 R7 o6 ^# ~7 q# I' u; _7 z
30192.168.21.54224.0.0.1111.531262IGMP0 r1 d2 `6 `$ Y3 D; l
31192.168.21.54224.0.0.1111.532943IGMP
3 ^2 R, X/ o0 H3200:17:23:0D:2C:7D00:19:07:58:9F:20111.533059802.11 Ack+ M" Z$ M8 F7 K; u; v
3300:19:07:58:9F:2000:17:23:0D:2C:7D111.533673WLCCP/ E- T! Q% X5 Q; y
3400:17:23:0D:2C:7D00:19:07:58:9F:20111.53379802.11 Ack, b6 U ~7 @, |) O6 B* J# w
3500:19:07:58:9F:20Ethernet Broadcast11.536016802.11 Beacon
% J: {# g, y1 I0 }+ J5 h+ ]3600:19:07:58:9F:20Ethernet Broadcast11.638414802.11 Beacon
$ g; P" j e: M; W! X+ w5 |; T3700:19:07:58:9F:20Ethernet Broadcast11.740816802.11 Beacon4 j4 l) m9 L+ }1 x
3800:19:07:58:9F:20Ethernet Broadcast11.843218802.11 Beacon2 S/ Z" }; ]& B: J) B
3900:19:07:58:9F:20Ethernet Broadcast11.945617802.11 Beacon
' Y, ]+ Z8 {8 ]4000:19:07:58:9F:20Ethernet Broadcast12.048018802.11 Beacon* J" j) ?$ c0 x
4100:19:07:58:9F:20Ethernet Broadcast12.150419802.11 Beacon
! q8 `8 z$ R$ ~: x42192.168.21.54224.0.0.1112.172736IGMP
, v" o: D8 x' ~/ O4300:17:23:0D:2C:7D00:19:07:58:9F:20112.172852802.11 Ack
, r' ^" _9 o1 f9 ]: F6 F4400:19:07:58:9F:20Ethernet Broadcast12.25282802.11 Beacon# Z8 W ?8 U0 J0 w4 _3 `/ E
4500:19:07:58:9F:20Ethernet Broadcast12.355221802.11 Beacon ]$ Z- a/ Q) B- q) Y
4600:19:07:58:9F:20Ethernet Broadcast12.457622802.11 Beacon
" F5 V j% w( T, t$ L! T1 X9 l+ H1 n9 [, i# I, u* o8 Z
8 b- j# _* C' J$ |! T" m* @
把一些無關痛癢的包不管,整個握手過程為包括 9 r9 [& F: N2 X) M5 X5 ?% c1 y2 j
Beacon
; A, e, m8 R$ K5 J802.11 Probe Req -> 802.11 Probe Rsp
0 X6 S+ B; i3 w1 A9 f) c+ j802.11 Auth -> 802.11 Auth
- ^/ I7 k9 v0 a' c) m) w' } _802.11 Assoc Req -> 802.11 Assoc Rsp1 y; M; Q0 \6 F% i0 J4 |" Q5 B
+ o/ u' a& |6 h9 R而每當Source 傳一個包給 Destination, Destionation 都會向 source 回應 802.11 Ack,這個暫不理,那麼我們把上表簡化為下表,跟著會詳細把每個包的重點提出來。- U: \3 ^# Q5 y: E( X
) P- a$ I5 M; c; M( }
$ f M4 E& p: E, a* \3 [4 h0 H
PacketSourceDestinationData RateRelative TimeProtocol
5 c4 s' Z5 [3 c! c+ v/ j' \2 ?% V& c100:19:07:58:9F:20Ethernet Broadcast10802.11 Beacon9 x# r9 z$ O. X
1600:17:23:0D:2C:7DEthernet Broadcast11.385512802.11 Probe Req2 s4 g+ w" s( e/ D
2000:19:07:58:9F:2000:17:23:0D:2C:7D11.460278802.11 Probe Rsp3 O: u/ ~2 R F0 c$ d
2200:17:23:0D:2C:7D00:19:07:58:9F:2011.527452802.11 Auth
6 N4 k9 Y7 Z- R n7 }' D4 S/ u2 e2400:19:07:58:9F:2000:17:23:0D:2C:7D111.528054802.11 Auth: F: Z9 Q+ H4 R& M
2600:17:23:0D:2C:7D00:19:07:58:9F:2011.529416802.11 Assoc Req
9 ^% T# E% N7 T7 }2800:19:07:58:9F:2000:17:23:0D:2C:7D111.530343802.11 Assoc Rsp
1 j4 b# m. R5 n+ J# i& _* A |
