下表是利用 omnipeek 抓下約 3 秒鐘的無線包4 l4 m7 a, Q: S3 p" O' K4 w
, I/ ?# S9 g5 \7 A
動作:3 c) g& s/ J. t0 d( ^
1) 啟動 Cisco AP,host 名為 Openplatform,2.4G Mac 地址為 00:19:07:58:9F:20,沒有加密,頻道為 9
* Q" Q. u9 c* `& u9 a2) 利用 Summit 無線卡,啟動 CCX,連上 Cisco AP, 2.4G Mac 地址為 00:17:23:0D:2C:7D) D0 y, q8 a: s2 l3 I4 E0 k9 |
+ Q5 e. q! x% I
** 登入論壇後資料顯示更整齊 ***4 m3 M, P+ ?8 |1 G1 |$ {
8 R- R: i( D- W0 x9 gPacketSourceDestinationData RateRelative TimeProtocol7 a" b- [/ U2 B* ~9 I- J6 N6 d
100:19:07:58:9F:20Ethernet Broadcast10802.11 Beacon
' G, a" e+ Y* r2 V200:19:07:58:9F:20Ethernet Broadcast10.102401802.11 Beacon* y6 k; N4 D# Z
300:19:07:58:9F:20Ethernet Broadcast10.204804802.11 Beacon
1 T; ?, O3 M" |# P N400:19:07:58:9F:20Ethernet Broadcast10.307203802.11 Beacon
) V$ c S/ _) }, |5 f! c3 H# d) e500:19:07:58:9F:20Ethernet Broadcast10.409604802.11 Beacon4 M6 ]8 j* \( Z* j6 X
600:19:07:58:9F:20Ethernet Broadcast10.512005802.11 Beacon
7 }. f' `2 @# j# {7 X% r- k( z700:19:07:58:9F:20Ethernet Broadcast10.614406802.11 Beacon
! z' i, C# r0 O! @4 L/ [800:19:07:58:9F:20Ethernet Broadcast10.716807802.11 Beacon
& p; ]" h2 n8 T" | X( m900:19:07:58:9F:20Ethernet Broadcast10.819208802.11 Beacon% F2 i! U" }: Z' h
1000:19:07:58:9F:20Ethernet Broadcast11.024009802.11 Beacon, z3 \ Q- ~! L$ c6 N7 b1 {6 k. Y3 _
1100:19:07:58:9F:20Ethernet Broadcast11.12641802.11 Beacon
: w* o, U& {; x2 {9 N1200:17:23:0D:2C:7DEthernet Broadcast11.175586802.11 Probe Req
|1 U* w* x' F5 @1 D& H1300:17:23:0D:2C:7DEthernet Broadcast11.208822802.11 Probe Req
8 N6 l7 ~, H ]# ~1400:19:07:58:9F:20Ethernet Broadcast11.228811802.11 Beacon
) v$ b' p4 U+ }6 t1500:19:07:58:9F:20Ethernet Broadcast11.331212802.11 Beacon
5 S# m6 b1 n# J* P2 j1600:17:23:0D:2C:7DEthernet Broadcast11.385512802.11 Probe Req
6 r5 s4 Y& o3 C7 V1 }. R& x0 ?% [. F17Ethernet Broadcast00:19:07:58:9F:2011.422788802.11 Ack
0 t2 o, |" g, n0 N0 A- n1800:19:07:58:9F:20Ethernet Broadcast11.433613802.11 Beacon
( z, z0 o0 Z. l9 [1900:19:07:58:9F:2000:17:23:0D:2C:7D11.4586802.11 Probe Rsp
* ~+ M& }- _: W2000:19:07:58:9F:2000:17:23:0D:2C:7D11.460278802.11 Probe Rsp
- z& r$ f* r1 K& \* E: O2 _2100:17:23:0D:2C:7D00:19:07:58:9F:2011.460593802.11 Ack. j1 h( X* h, A( P7 k% i* s
2200:17:23:0D:2C:7D00:19:07:58:9F:2011.527452802.11 Auth: u4 X$ z8 D7 T) n
2300:19:07:58:9F:2000:17:23:0D:2C:7D11.527764802.11 Ack4 `! N- c) k5 i
2400:19:07:58:9F:2000:17:23:0D:2C:7D111.528054802.11 Auth* n" [- H# G: H% V3 i
2500:17:23:0D:2C:7D00:19:07:58:9F:2011.528362802.11 Ack8 i1 |2 n" B, `( ^1 U
2600:17:23:0D:2C:7D00:19:07:58:9F:2011.529416802.11 Assoc Req
3 D% R8 z/ O7 p5 ^( n: a2700:19:07:58:9F:2000:17:23:0D:2C:7D11.529731802.11 Ack9 c* o4 U; ?5 |3 x7 I
2800:19:07:58:9F:2000:17:23:0D:2C:7D111.530343802.11 Assoc Rsp
3 o; d2 p6 s9 L: U5 G2900:17:23:0D:2C:7D00:19:07:58:9F:2011.530655802.11 Ack
0 B! P2 f& ]' m) {6 {# W5 u30192.168.21.54224.0.0.1111.531262IGMP& V7 y1 _6 y. S* c7 a$ ^
31192.168.21.54224.0.0.1111.532943IGMP
4 [: |) s- X0 p T( ]3200:17:23:0D:2C:7D00:19:07:58:9F:20111.533059802.11 Ack0 t, y' v; M \3 n, q
3300:19:07:58:9F:2000:17:23:0D:2C:7D111.533673WLCCP1 v' e+ f1 j+ ~( @7 t
3400:17:23:0D:2C:7D00:19:07:58:9F:20111.53379802.11 Ack
$ ^$ t; Y r$ X% T; g3500:19:07:58:9F:20Ethernet Broadcast11.536016802.11 Beacon
8 i* b1 a1 f4 w, ]* E3600:19:07:58:9F:20Ethernet Broadcast11.638414802.11 Beacon. q8 |) B6 z) T- N9 } S& w
3700:19:07:58:9F:20Ethernet Broadcast11.740816802.11 Beacon
/ W+ G6 j% w8 ?- b s! W, p3800:19:07:58:9F:20Ethernet Broadcast11.843218802.11 Beacon
}# z* S3 Y) d+ c/ U3900:19:07:58:9F:20Ethernet Broadcast11.945617802.11 Beacon
! ?: F8 u9 V) H7 {4000:19:07:58:9F:20Ethernet Broadcast12.048018802.11 Beacon
* D5 f8 t, I4 {; d8 q' v+ F4100:19:07:58:9F:20Ethernet Broadcast12.150419802.11 Beacon
0 V( j5 o$ A# d8 v: Y9 d* H! Q B$ T42192.168.21.54224.0.0.1112.172736IGMP
) i- P- I' e/ V+ w7 h( Y2 Z; j9 u4300:17:23:0D:2C:7D00:19:07:58:9F:20112.172852802.11 Ack7 k) f! ~$ Z0 D% l, \
4400:19:07:58:9F:20Ethernet Broadcast12.25282802.11 Beacon( S" }( P* a# W7 F6 ?# [
4500:19:07:58:9F:20Ethernet Broadcast12.355221802.11 Beacon/ v' c+ }* p) q+ p# `" g& L
4600:19:07:58:9F:20Ethernet Broadcast12.457622802.11 Beacon: M5 o/ I: e. k1 ]/ B, r' M- u5 `4 h
! W4 a% w" G J! E
把一些無關痛癢的包不管,整個握手過程為包括 % h* q; r9 Z. @& [3 v8 f
Beacon! m- A: x2 J- ?. p
802.11 Probe Req -> 802.11 Probe Rsp
. ]) t4 b" ~1 m9 c& K802.11 Auth -> 802.11 Auth
+ Y' ]4 g) U! g* R2 J. M' n802.11 Assoc Req -> 802.11 Assoc Rsp
- K- ^. G5 l4 h- l+ Z! o: P3 p! l! i% M1 x' Y+ w
而每當Source 傳一個包給 Destination, Destionation 都會向 source 回應 802.11 Ack,這個暫不理,那麼我們把上表簡化為下表,跟著會詳細把每個包的重點提出來。
# E) x5 Q1 F0 k0 L6 s3 Z% d+ |8 f! P+ D
) ^ w. C F8 F. ?5 _9 q7 S& A
PacketSourceDestinationData RateRelative TimeProtocol4 c! E- m, W% y: D* \
100:19:07:58:9F:20Ethernet Broadcast10802.11 Beacon
. F. f4 m$ [( \" i1 a# G1600:17:23:0D:2C:7DEthernet Broadcast11.385512802.11 Probe Req
8 q; C, _4 ?% Z9 m% m2000:19:07:58:9F:2000:17:23:0D:2C:7D11.460278802.11 Probe Rsp
/ j& U3 v3 W) Y1 D1 d2200:17:23:0D:2C:7D00:19:07:58:9F:2011.527452802.11 Auth) M1 O: ? F0 b9 n2 j" k
2400:19:07:58:9F:2000:17:23:0D:2C:7D111.528054802.11 Auth! [. `: n. k# o2 H/ v% U
2600:17:23:0D:2C:7D00:19:07:58:9F:2011.529416802.11 Assoc Req) p. [# M( K6 ]) L
2800:19:07:58:9F:2000:17:23:0D:2C:7D111.530343802.11 Assoc Rsp4 O+ S, G+ ?' F7 W4 ]" d |
