下表是利用 omnipeek 抓下約 3 秒鐘的無線包5 x; m4 I/ e! Q, t8 S: Z# @4 R6 e ^8 S- K
2 i y* }: C6 a g$ P' |動作:3 s% R7 l2 o* D1 A+ F. T! _7 V4 g9 i
1) 啟動 Cisco AP,host 名為 Openplatform,2.4G Mac 地址為 00:19:07:58:9F:20,沒有加密,頻道為 9
5 W) x" F$ U7 m5 O7 {2) 利用 Summit 無線卡,啟動 CCX,連上 Cisco AP, 2.4G Mac 地址為 00:17:23:0D:2C:7D3 @# k0 l# j# T* U( Y8 [8 G
' V" e: o" g, o4 g+ |3 \( i** 登入論壇後資料顯示更整齊 ***
# k) \0 N1 d4 G0 L G8 v; O! P$ T3 R [& t2 r
PacketSourceDestinationData RateRelative TimeProtocol
8 Q* X6 G. x d' o100:19:07:58:9F:20Ethernet Broadcast10802.11 Beacon
0 Q/ E# j+ {5 h) @: h! c200:19:07:58:9F:20Ethernet Broadcast10.102401802.11 Beacon
4 y7 c, b3 O' N3 }) Y$ w300:19:07:58:9F:20Ethernet Broadcast10.204804802.11 Beacon
- p- X+ R X+ a7 Q400:19:07:58:9F:20Ethernet Broadcast10.307203802.11 Beacon w1 D' Z/ c3 U. \" R
500:19:07:58:9F:20Ethernet Broadcast10.409604802.11 Beacon& K' t( z. s/ c' }! }" E2 C
600:19:07:58:9F:20Ethernet Broadcast10.512005802.11 Beacon
* v& R1 u" L2 t6 ~0 C, g& n% c700:19:07:58:9F:20Ethernet Broadcast10.614406802.11 Beacon
; u) N3 T$ t& Y) T8 p* l800:19:07:58:9F:20Ethernet Broadcast10.716807802.11 Beacon& X( G. ]) u6 f" u, x* E
900:19:07:58:9F:20Ethernet Broadcast10.819208802.11 Beacon% h" a3 ^, p' v! C: n: d- w
1000:19:07:58:9F:20Ethernet Broadcast11.024009802.11 Beacon: E3 e/ j i* \7 Z$ j n3 _# z/ ~
1100:19:07:58:9F:20Ethernet Broadcast11.12641802.11 Beacon3 |( O. Q2 f! X# w) n% w
1200:17:23:0D:2C:7DEthernet Broadcast11.175586802.11 Probe Req! c# Z' q% U* Y5 ]( r, Z( }9 x2 J
1300:17:23:0D:2C:7DEthernet Broadcast11.208822802.11 Probe Req
! |" V! N# D# a1400:19:07:58:9F:20Ethernet Broadcast11.228811802.11 Beacon
5 G: k& ~# t+ t0 e1500:19:07:58:9F:20Ethernet Broadcast11.331212802.11 Beacon* T7 {2 x- v$ C0 Z4 T7 _
1600:17:23:0D:2C:7DEthernet Broadcast11.385512802.11 Probe Req% }9 n0 Z; q; {
17Ethernet Broadcast00:19:07:58:9F:2011.422788802.11 Ack' @5 _# S' k7 E. L0 \' l
1800:19:07:58:9F:20Ethernet Broadcast11.433613802.11 Beacon
2 V+ u( G( z( o- o" G6 k1900:19:07:58:9F:2000:17:23:0D:2C:7D11.4586802.11 Probe Rsp$ {, @+ I1 f3 t: I
2000:19:07:58:9F:2000:17:23:0D:2C:7D11.460278802.11 Probe Rsp: N9 b; `9 [, v
2100:17:23:0D:2C:7D00:19:07:58:9F:2011.460593802.11 Ack
& g1 V- M" y5 b( O* z2 E2200:17:23:0D:2C:7D00:19:07:58:9F:2011.527452802.11 Auth
) \9 j) i' n& ?. `0 T6 O; N' U0 ^2300:19:07:58:9F:2000:17:23:0D:2C:7D11.527764802.11 Ack) N* h, u4 v) q: v$ \) M* `6 k
2400:19:07:58:9F:2000:17:23:0D:2C:7D111.528054802.11 Auth
2 |4 f# ^/ W" A3 ]6 {' t \1 p8 h2500:17:23:0D:2C:7D00:19:07:58:9F:2011.528362802.11 Ack; [; v" Z! ~; g# |
2600:17:23:0D:2C:7D00:19:07:58:9F:2011.529416802.11 Assoc Req( d* `: d# m( P, d) I
2700:19:07:58:9F:2000:17:23:0D:2C:7D11.529731802.11 Ack
* t; E4 |' V$ D" v5 |2800:19:07:58:9F:2000:17:23:0D:2C:7D111.530343802.11 Assoc Rsp
. U: C+ a b) w2900:17:23:0D:2C:7D00:19:07:58:9F:2011.530655802.11 Ack
9 j7 n. r( ?1 Q u+ O30192.168.21.54224.0.0.1111.531262IGMP" Z* f" X* M5 r- d/ D: v
31192.168.21.54224.0.0.1111.532943IGMP, |; I) [$ D/ C& ?" Z8 V! G
3200:17:23:0D:2C:7D00:19:07:58:9F:20111.533059802.11 Ack U d0 y( K" g* _0 w
3300:19:07:58:9F:2000:17:23:0D:2C:7D111.533673WLCCP
' m& d( E9 _$ C2 j' {/ Y) ~# w) B N3400:17:23:0D:2C:7D00:19:07:58:9F:20111.53379802.11 Ack
" |2 I) O) {$ W$ D2 K3500:19:07:58:9F:20Ethernet Broadcast11.536016802.11 Beacon
# S7 D t$ N! {+ l3600:19:07:58:9F:20Ethernet Broadcast11.638414802.11 Beacon
) {# G0 P6 @/ M$ l3 E1 `3700:19:07:58:9F:20Ethernet Broadcast11.740816802.11 Beacon1 m( c1 n9 D2 w+ n" S* A
3800:19:07:58:9F:20Ethernet Broadcast11.843218802.11 Beacon
! ]) u* z3 t* N5 F3900:19:07:58:9F:20Ethernet Broadcast11.945617802.11 Beacon
! m$ F% o% ~0 L* S8 m# r, l4000:19:07:58:9F:20Ethernet Broadcast12.048018802.11 Beacon i* D9 {! E8 e+ \& ]) S
4100:19:07:58:9F:20Ethernet Broadcast12.150419802.11 Beacon
2 p0 x }# J3 b- V1 x42192.168.21.54224.0.0.1112.172736IGMP
, ~" m# \9 d' x, ~* o4300:17:23:0D:2C:7D00:19:07:58:9F:20112.172852802.11 Ack5 b/ N$ M& N5 M3 [/ B9 I2 c x
4400:19:07:58:9F:20Ethernet Broadcast12.25282802.11 Beacon
, C b, d$ Q ]5 |, S4500:19:07:58:9F:20Ethernet Broadcast12.355221802.11 Beacon9 h* ]! z/ `* S) Z6 u) \$ w
4600:19:07:58:9F:20Ethernet Broadcast12.457622802.11 Beacon3 p9 R1 l$ p+ y+ j* t
3 N% l& L! G/ b+ Z5 S0 ~+ C0 M8 ?. I8 A! r! \7 H- t3 V
把一些無關痛癢的包不管,整個握手過程為包括 ! w, U+ l7 n; S+ N7 c6 ~
Beacon8 I' i; m/ ~* G/ k. x& B
802.11 Probe Req -> 802.11 Probe Rsp8 d3 e6 ^+ |- i* b2 K
802.11 Auth -> 802.11 Auth * [, V: @' s& I8 }
802.11 Assoc Req -> 802.11 Assoc Rsp
: x, x$ ? ^, }* @. L
/ |0 X+ I: O( ]! [而每當Source 傳一個包給 Destination, Destionation 都會向 source 回應 802.11 Ack,這個暫不理,那麼我們把上表簡化為下表,跟著會詳細把每個包的重點提出來。7 V0 _! X$ \6 U, R
/ B# f2 P4 ~3 g! O" T! j: t* \6 F; W+ c: ` n* w' C0 r' XPacketSourceDestinationData RateRelative TimeProtocol% k8 @2 }& k$ l- H
100:19:07:58:9F:20Ethernet Broadcast10802.11 Beacon! i' ~ y0 c8 z7 H
1600:17:23:0D:2C:7DEthernet Broadcast11.385512802.11 Probe Req
# W4 c) V: s: U2000:19:07:58:9F:2000:17:23:0D:2C:7D11.460278802.11 Probe Rsp
' T/ Q# A, e! Q- J2200:17:23:0D:2C:7D00:19:07:58:9F:2011.527452802.11 Auth
- J; e" g; B7 O5 J" e8 P2400:19:07:58:9F:2000:17:23:0D:2C:7D111.528054802.11 Auth+ ?/ u6 E- T2 {2 h
2600:17:23:0D:2C:7D00:19:07:58:9F:2011.529416802.11 Assoc Req, B# p6 h- G5 o2 c, h7 h
2800:19:07:58:9F:2000:17:23:0D:2C:7D111.530343802.11 Assoc Rsp1 l( h5 s! m/ s- X |
