下表是利用 omnipeek 抓下約 3 秒鐘的無線包
# _4 K. X4 b2 g7 _$ M7 @) ~: m0 o
) F3 N: v1 G M動作:! N8 h6 r, N& W6 T, B9 [
1) 啟動 Cisco AP,host 名為 Openplatform,2.4G Mac 地址為 00:19:07:58:9F:20,沒有加密,頻道為 9
3 l: @# k1 A8 Y% Y8 k2 M2) 利用 Summit 無線卡,啟動 CCX,連上 Cisco AP, 2.4G Mac 地址為 00:17:23:0D:2C:7D# M2 D' E0 N1 T. p' _# ~$ C% n& k
- ~ F. x% ]0 V( V' N** 登入論壇後資料顯示更整齊 ***
! X! O$ F9 u Z: ~! `' x& g9 z' I6 i6 y W/ y
PacketSourceDestinationData RateRelative TimeProtocol$ F! S2 e. X) A; s3 \/ [7 v
100:19:07:58:9F:20Ethernet Broadcast10802.11 Beacon$ Q/ W I4 k$ _$ B' \4 O( h4 T
200:19:07:58:9F:20Ethernet Broadcast10.102401802.11 Beacon
6 W$ U4 F! O4 ?$ C$ B3 |9 r3 f300:19:07:58:9F:20Ethernet Broadcast10.204804802.11 Beacon
& @5 Z( i/ i/ z) Q: N" H$ ^) S. T: B400:19:07:58:9F:20Ethernet Broadcast10.307203802.11 Beacon
5 y8 P) O0 |1 u! E; C ~/ a500:19:07:58:9F:20Ethernet Broadcast10.409604802.11 Beacon
+ i$ b$ h; V- f1 h) p600:19:07:58:9F:20Ethernet Broadcast10.512005802.11 Beacon+ w1 I8 x2 t9 |1 u8 h& m6 x1 n0 L
700:19:07:58:9F:20Ethernet Broadcast10.614406802.11 Beacon
! O) Y/ _9 {, C800:19:07:58:9F:20Ethernet Broadcast10.716807802.11 Beacon `( V/ C; b9 _4 t7 l7 g
900:19:07:58:9F:20Ethernet Broadcast10.819208802.11 Beacon
& H3 J, Q" E- |1 _: }1000:19:07:58:9F:20Ethernet Broadcast11.024009802.11 Beacon. ~" ^" f+ R2 F& X4 r
1100:19:07:58:9F:20Ethernet Broadcast11.12641802.11 Beacon
. j- \6 H( Z: d1200:17:23:0D:2C:7DEthernet Broadcast11.175586802.11 Probe Req
+ m* V7 I" y h: p% X- R1300:17:23:0D:2C:7DEthernet Broadcast11.208822802.11 Probe Req
# H: r" h9 F2 ~- q' K( b1400:19:07:58:9F:20Ethernet Broadcast11.228811802.11 Beacon
" H0 Q0 r$ {5 P9 C- _2 ^1500:19:07:58:9F:20Ethernet Broadcast11.331212802.11 Beacon
v# E+ X* Q! ?8 M' r1600:17:23:0D:2C:7DEthernet Broadcast11.385512802.11 Probe Req o- z2 M* W. T C) j
17Ethernet Broadcast00:19:07:58:9F:2011.422788802.11 Ack7 O" w7 a9 p& S! S6 ~& T- j7 E# S
1800:19:07:58:9F:20Ethernet Broadcast11.433613802.11 Beacon
x K4 B/ K' x5 V8 \) R" T+ O1900:19:07:58:9F:2000:17:23:0D:2C:7D11.4586802.11 Probe Rsp* ~$ a! t" C4 l; D2 v% a
2000:19:07:58:9F:2000:17:23:0D:2C:7D11.460278802.11 Probe Rsp
; J2 B, ^/ |4 u, a( {, ^: j2100:17:23:0D:2C:7D00:19:07:58:9F:2011.460593802.11 Ack9 @, M X/ O( h' I5 F. B
2200:17:23:0D:2C:7D00:19:07:58:9F:2011.527452802.11 Auth
+ l, s: F' N$ h$ @2300:19:07:58:9F:2000:17:23:0D:2C:7D11.527764802.11 Ack
# ^0 w; a X4 F0 @ i3 W2400:19:07:58:9F:2000:17:23:0D:2C:7D111.528054802.11 Auth
, j% c& G* v, M2500:17:23:0D:2C:7D00:19:07:58:9F:2011.528362802.11 Ack m {" Z8 E* r2 z$ w. X9 U) n
2600:17:23:0D:2C:7D00:19:07:58:9F:2011.529416802.11 Assoc Req8 p! V9 D% X. o7 s& i' ?
2700:19:07:58:9F:2000:17:23:0D:2C:7D11.529731802.11 Ack: O7 f4 F1 [) Y( R
2800:19:07:58:9F:2000:17:23:0D:2C:7D111.530343802.11 Assoc Rsp- \- a1 A% G+ [6 _+ C1 E2 X
2900:17:23:0D:2C:7D00:19:07:58:9F:2011.530655802.11 Ack
, q9 R4 L$ W) p( A0 y5 _/ I30192.168.21.54224.0.0.1111.531262IGMP8 h, J) d8 v3 X9 M7 g( q! p x! \
31192.168.21.54224.0.0.1111.532943IGMP \0 P& F( Z9 U4 |; o0 ~
3200:17:23:0D:2C:7D00:19:07:58:9F:20111.533059802.11 Ack+ X# L1 J5 T% Y) T
3300:19:07:58:9F:2000:17:23:0D:2C:7D111.533673WLCCP; T/ j# y% C* Y& c8 b
3400:17:23:0D:2C:7D00:19:07:58:9F:20111.53379802.11 Ack
' V2 _7 S' B9 w/ f/ }) o4 X! @3500:19:07:58:9F:20Ethernet Broadcast11.536016802.11 Beacon
- S8 ]' [8 h6 N) {$ ~, h3600:19:07:58:9F:20Ethernet Broadcast11.638414802.11 Beacon- [3 d2 P% _. i! P; E" }
3700:19:07:58:9F:20Ethernet Broadcast11.740816802.11 Beacon0 u1 C1 M$ p7 A9 @. W
3800:19:07:58:9F:20Ethernet Broadcast11.843218802.11 Beacon
) C0 y7 c+ M7 Q( v5 C3900:19:07:58:9F:20Ethernet Broadcast11.945617802.11 Beacon
% R; q1 X+ d7 {5 O {0 v4000:19:07:58:9F:20Ethernet Broadcast12.048018802.11 Beacon
5 N4 Q% k4 u, q# }5 |4100:19:07:58:9F:20Ethernet Broadcast12.150419802.11 Beacon
, T2 p6 |! _( q8 a42192.168.21.54224.0.0.1112.172736IGMP6 ?9 s$ p4 `% \- {5 \1 }' G
4300:17:23:0D:2C:7D00:19:07:58:9F:20112.172852802.11 Ack
8 `0 ^8 R/ }5 A" f' y4400:19:07:58:9F:20Ethernet Broadcast12.25282802.11 Beacon
' F' \, i8 J8 R( t4500:19:07:58:9F:20Ethernet Broadcast12.355221802.11 Beacon/ ~) s8 O% l7 k* U4 V2 d
4600:19:07:58:9F:20Ethernet Broadcast12.457622802.11 Beacon
) C* g9 _8 [3 R$ ^" d& c8 O
7 G1 u# f- c- A1 a
9 a$ u# S- C) h2 ?: x7 k1 C把一些無關痛癢的包不管,整個握手過程為包括 - G& o8 N+ }, G _, W8 N Q
Beacon
" Z6 Z" m, h' w/ f: x$ `9 v# k802.11 Probe Req -> 802.11 Probe Rsp9 D% E1 B4 }, l* X8 W& J0 Y
802.11 Auth -> 802.11 Auth
7 [) m/ E4 A! [802.11 Assoc Req -> 802.11 Assoc Rsp
) L& C4 p5 K/ D/ u" ^; a! h8 F' Q( `" o) Y# a. G/ e5 h
而每當Source 傳一個包給 Destination, Destionation 都會向 source 回應 802.11 Ack,這個暫不理,那麼我們把上表簡化為下表,跟著會詳細把每個包的重點提出來。
" t, ~/ m( l, K( f0 S0 h, b2 x6 E: r" ^
) y1 H# Y0 S& u8 C7 U) Y$ h
PacketSourceDestinationData RateRelative TimeProtocol9 n+ S/ F7 w9 d# m5 D2 t# d6 Z
100:19:07:58:9F:20Ethernet Broadcast10802.11 Beacon* E2 @3 H: E; L
1600:17:23:0D:2C:7DEthernet Broadcast11.385512802.11 Probe Req
3 B0 ?, W Q3 L0 V7 b2000:19:07:58:9F:2000:17:23:0D:2C:7D11.460278802.11 Probe Rsp
t) I( c* m, l8 W7 ~7 ~2200:17:23:0D:2C:7D00:19:07:58:9F:2011.527452802.11 Auth) N1 t K+ `3 ]
2400:19:07:58:9F:2000:17:23:0D:2C:7D111.528054802.11 Auth
: N6 C& n; {$ d! X7 q5 N, N2600:17:23:0D:2C:7D00:19:07:58:9F:2011.529416802.11 Assoc Req
' _3 c7 z* \2 c1 W1 ^2800:19:07:58:9F:2000:17:23:0D:2C:7D111.530343802.11 Assoc Rsp
* g; `$ Y8 j" _ |
