下表是利用 omnipeek 抓下約 3 秒鐘的無線包* d, N( |0 i: ~- Q9 J/ n; _6 }% S
% c, b5 E" z. Q
動作:
8 O* U j3 U! p. o$ c, w1) 啟動 Cisco AP,host 名為 Openplatform,2.4G Mac 地址為 00:19:07:58:9F:20,沒有加密,頻道為 9' S$ o0 c2 i* K; {% t% M4 E
2) 利用 Summit 無線卡,啟動 CCX,連上 Cisco AP, 2.4G Mac 地址為 00:17:23:0D:2C:7D( |- a6 ~) s5 u7 O0 W$ g( ~& k
5 s! L. k( ~0 u4 }- X# v8 _; D- i** 登入論壇後資料顯示更整齊 ***
7 R8 C, P6 T* a" L) Y n5 T7 P& }
PacketSourceDestinationData RateRelative TimeProtocol
4 I' x- i2 K+ M9 k, x. |$ x4 E100:19:07:58:9F:20Ethernet Broadcast10802.11 Beacon
) E9 q4 D4 O& V+ P: t200:19:07:58:9F:20Ethernet Broadcast10.102401802.11 Beacon
' O0 [+ J! i6 M4 g2 R; x300:19:07:58:9F:20Ethernet Broadcast10.204804802.11 Beacon
8 n+ `; B& i( O$ g2 Q5 H3 Q400:19:07:58:9F:20Ethernet Broadcast10.307203802.11 Beacon" t$ l/ [$ p, a* @) J; A1 c. d- p+ q
500:19:07:58:9F:20Ethernet Broadcast10.409604802.11 Beacon& e. D4 p* G2 O+ Z+ I x' H
600:19:07:58:9F:20Ethernet Broadcast10.512005802.11 Beacon
8 X5 K% R2 }& g$ i! X& w6 P2 K700:19:07:58:9F:20Ethernet Broadcast10.614406802.11 Beacon) K& y" O9 { _& F4 t6 S
800:19:07:58:9F:20Ethernet Broadcast10.716807802.11 Beacon
8 Q# z6 p) b1 f& |900:19:07:58:9F:20Ethernet Broadcast10.819208802.11 Beacon0 f; Z' H/ J) c0 o2 d5 D, n
1000:19:07:58:9F:20Ethernet Broadcast11.024009802.11 Beacon
& d) }: O) V! K( L1 O- I8 ]1100:19:07:58:9F:20Ethernet Broadcast11.12641802.11 Beacon }. v ^% w( n4 P/ D
1200:17:23:0D:2C:7DEthernet Broadcast11.175586802.11 Probe Req
4 e+ f# N* F, O1300:17:23:0D:2C:7DEthernet Broadcast11.208822802.11 Probe Req
4 z" |$ }) d R9 w1400:19:07:58:9F:20Ethernet Broadcast11.228811802.11 Beacon
9 p' z! |6 u6 {1500:19:07:58:9F:20Ethernet Broadcast11.331212802.11 Beacon. t6 }9 \- K2 m
1600:17:23:0D:2C:7DEthernet Broadcast11.385512802.11 Probe Req
; C: z5 [( g. B. F+ I$ g7 [0 I17Ethernet Broadcast00:19:07:58:9F:2011.422788802.11 Ack5 h: |1 Y' a9 u2 x. Z/ j
1800:19:07:58:9F:20Ethernet Broadcast11.433613802.11 Beacon
1 o& v4 `% d! h% }1900:19:07:58:9F:2000:17:23:0D:2C:7D11.4586802.11 Probe Rsp
( |, B" W; v0 n% S( G6 t5 D2000:19:07:58:9F:2000:17:23:0D:2C:7D11.460278802.11 Probe Rsp5 Y1 {1 J1 i4 r
2100:17:23:0D:2C:7D00:19:07:58:9F:2011.460593802.11 Ack Y& k$ c4 `) E. ?0 A- e2 V+ e' t
2200:17:23:0D:2C:7D00:19:07:58:9F:2011.527452802.11 Auth2 D; I* O- B; R" T
2300:19:07:58:9F:2000:17:23:0D:2C:7D11.527764802.11 Ack& z1 }+ \, ]( E/ q! B. \* S
2400:19:07:58:9F:2000:17:23:0D:2C:7D111.528054802.11 Auth9 G, c9 |- ~0 v6 G
2500:17:23:0D:2C:7D00:19:07:58:9F:2011.528362802.11 Ack
5 K( h! Q% `9 Y, V9 x$ |9 G0 N4 \( Z2600:17:23:0D:2C:7D00:19:07:58:9F:2011.529416802.11 Assoc Req
0 V1 x, ^& Q8 G2700:19:07:58:9F:2000:17:23:0D:2C:7D11.529731802.11 Ack
' H! H1 p5 W# w7 W6 J3 y/ r# E; S2800:19:07:58:9F:2000:17:23:0D:2C:7D111.530343802.11 Assoc Rsp
" S, w4 c) p/ b7 c2900:17:23:0D:2C:7D00:19:07:58:9F:2011.530655802.11 Ack2 m& K3 h. \. [1 [& O! ^
30192.168.21.54224.0.0.1111.531262IGMP. q" E$ D# o4 E
31192.168.21.54224.0.0.1111.532943IGMP
% K! a" t; a, k. P3200:17:23:0D:2C:7D00:19:07:58:9F:20111.533059802.11 Ack
- x# V+ R8 T* E& `) D3300:19:07:58:9F:2000:17:23:0D:2C:7D111.533673WLCCP8 q9 z) J4 k, `# E9 b+ z& a
3400:17:23:0D:2C:7D00:19:07:58:9F:20111.53379802.11 Ack
( P, I% a6 T$ V$ O0 _ M3500:19:07:58:9F:20Ethernet Broadcast11.536016802.11 Beacon0 v; L2 |! k5 O8 w) }2 R
3600:19:07:58:9F:20Ethernet Broadcast11.638414802.11 Beacon9 B/ q- y, a& \
3700:19:07:58:9F:20Ethernet Broadcast11.740816802.11 Beacon
' q d7 e) \/ o, ?. y+ J" H3800:19:07:58:9F:20Ethernet Broadcast11.843218802.11 Beacon
, e- X0 r; k- }% _5 m# M3900:19:07:58:9F:20Ethernet Broadcast11.945617802.11 Beacon
' C" C5 M. k. T4000:19:07:58:9F:20Ethernet Broadcast12.048018802.11 Beacon
" ~1 E7 g# p; w4100:19:07:58:9F:20Ethernet Broadcast12.150419802.11 Beacon* B. O8 s/ k- m1 A1 W
42192.168.21.54224.0.0.1112.172736IGMP7 o; I3 a' B+ g- x$ S
4300:17:23:0D:2C:7D00:19:07:58:9F:20112.172852802.11 Ack
* c4 f& C. p# p/ S5 C$ ^. S8 u4400:19:07:58:9F:20Ethernet Broadcast12.25282802.11 Beacon- O0 `4 m( S0 c, L/ w$ S
4500:19:07:58:9F:20Ethernet Broadcast12.355221802.11 Beacon9 t& f8 K* Z$ |7 z4 b) M
4600:19:07:58:9F:20Ethernet Broadcast12.457622802.11 Beacon
( ^% t* M2 t) a9 U+ {% c6 l; z( T U. p; d3 M
: V! p( G3 [8 D J6 Z把一些無關痛癢的包不管,整個握手過程為包括 y! U/ F' O3 K2 {5 o
Beacon
& N0 [9 a4 ?% m% ]802.11 Probe Req -> 802.11 Probe Rsp
- [1 f0 i9 j. H2 |1 Z/ y, D802.11 Auth -> 802.11 Auth , E$ M! X, O5 Z
802.11 Assoc Req -> 802.11 Assoc Rsp
1 N" X' v) F% F& T, A' c; Q0 b, e" }1 Z' g# i3 I0 Q5 z
而每當Source 傳一個包給 Destination, Destionation 都會向 source 回應 802.11 Ack,這個暫不理,那麼我們把上表簡化為下表,跟著會詳細把每個包的重點提出來。
; _! K, ^* }5 N$ U6 k! Z y: g E. e* d: r* ~/ v
" } [* S- {7 p+ b0 B: t- B. F8 fPacketSourceDestinationData RateRelative TimeProtocol
- i# a; g* w4 F, t9 o6 P0 w. H100:19:07:58:9F:20Ethernet Broadcast10802.11 Beacon
" [' N2 S4 `: `: b: \# p; k1 O7 m1600:17:23:0D:2C:7DEthernet Broadcast11.385512802.11 Probe Req% Y9 k% `2 H; X6 w* Z* `, X3 B
2000:19:07:58:9F:2000:17:23:0D:2C:7D11.460278802.11 Probe Rsp
* u; C1 N/ u5 T! N2200:17:23:0D:2C:7D00:19:07:58:9F:2011.527452802.11 Auth' Z0 I' F# \2 N: j% K
2400:19:07:58:9F:2000:17:23:0D:2C:7D111.528054802.11 Auth8 f! B Q' A3 N |3 T4 \
2600:17:23:0D:2C:7D00:19:07:58:9F:2011.529416802.11 Assoc Req
/ M k3 k# b% n' v0 q" T" N2800:19:07:58:9F:2000:17:23:0D:2C:7D111.530343802.11 Assoc Rsp
9 R1 G& s* x2 l7 v5 j. t6 | |
