下表是利用 omnipeek 抓下約 3 秒鐘的無線包" Y5 ~* ?, e0 p9 u9 ^
* ?; Z/ L( e; T4 v# c% c) M0 m6 l, d動作:1 U. H- k2 p! M5 o2 c/ b" e
1) 啟動 Cisco AP,host 名為 Openplatform,2.4G Mac 地址為 00:19:07:58:9F:20,沒有加密,頻道為 9
6 B X) Z8 v+ X6 G# S: \3 L2) 利用 Summit 無線卡,啟動 CCX,連上 Cisco AP, 2.4G Mac 地址為 00:17:23:0D:2C:7D7 f! H* ]8 [: I. r6 E
5 v, D3 E$ \$ ?" X9 Z$ j6 {0 {
** 登入論壇後資料顯示更整齊 ***
% H! G5 c* M% s. s+ o- \0 m# T9 L, X7 V5 F: {* ], ]2 JPacketSourceDestinationData RateRelative TimeProtocol* M6 y* F% L$ |
100:19:07:58:9F:20Ethernet Broadcast10802.11 Beacon% I6 G% c# _* H6 v
200:19:07:58:9F:20Ethernet Broadcast10.102401802.11 Beacon% ]( I7 |. G8 T5 j
300:19:07:58:9F:20Ethernet Broadcast10.204804802.11 Beacon
+ B4 ]7 @$ C; u8 A' E400:19:07:58:9F:20Ethernet Broadcast10.307203802.11 Beacon' p: ~$ S- y8 U5 k
500:19:07:58:9F:20Ethernet Broadcast10.409604802.11 Beacon/ q) J* V- M/ ]+ S+ ]- N
600:19:07:58:9F:20Ethernet Broadcast10.512005802.11 Beacon
3 c! G+ ]8 |2 N0 a+ C* P4 R- l700:19:07:58:9F:20Ethernet Broadcast10.614406802.11 Beacon' d Y: w' y' B$ e5 V
800:19:07:58:9F:20Ethernet Broadcast10.716807802.11 Beacon. m; t9 j V3 U; c0 H' H
900:19:07:58:9F:20Ethernet Broadcast10.819208802.11 Beacon: g9 z: k I$ f' w& Y
1000:19:07:58:9F:20Ethernet Broadcast11.024009802.11 Beacon
: P [, A& G3 z/ e8 P) K1100:19:07:58:9F:20Ethernet Broadcast11.12641802.11 Beacon, B7 C# ^0 l1 p) Q
1200:17:23:0D:2C:7DEthernet Broadcast11.175586802.11 Probe Req& s* h% I& T' V' V8 Y
1300:17:23:0D:2C:7DEthernet Broadcast11.208822802.11 Probe Req
' A& u- }& S& |( @' K% t1400:19:07:58:9F:20Ethernet Broadcast11.228811802.11 Beacon
z o2 ?# ?, `/ r% k( S1500:19:07:58:9F:20Ethernet Broadcast11.331212802.11 Beacon
2 S/ e s# b5 p3 E8 X# E) H' v1600:17:23:0D:2C:7DEthernet Broadcast11.385512802.11 Probe Req
+ c- p' S5 {, W& \6 G4 @17Ethernet Broadcast00:19:07:58:9F:2011.422788802.11 Ack- X" T( m# ^9 r$ O
1800:19:07:58:9F:20Ethernet Broadcast11.433613802.11 Beacon
% g8 S; c; d( E- D( e. F1 p1900:19:07:58:9F:2000:17:23:0D:2C:7D11.4586802.11 Probe Rsp$ ?" F9 @. O, F: `" t/ ~& f4 N8 K
2000:19:07:58:9F:2000:17:23:0D:2C:7D11.460278802.11 Probe Rsp" r) O+ z. {1 T8 T
2100:17:23:0D:2C:7D00:19:07:58:9F:2011.460593802.11 Ack
9 d, U* |" n* K2 M' I' q2200:17:23:0D:2C:7D00:19:07:58:9F:2011.527452802.11 Auth
, a1 k- [/ w6 |+ V7 q/ v) g2300:19:07:58:9F:2000:17:23:0D:2C:7D11.527764802.11 Ack* m: }8 l4 x7 E/ _+ ]+ b) X
2400:19:07:58:9F:2000:17:23:0D:2C:7D111.528054802.11 Auth
6 b4 y+ s3 y H7 J+ }8 \. U# b2500:17:23:0D:2C:7D00:19:07:58:9F:2011.528362802.11 Ack! C) g7 g( P- c2 Q( h, B5 ?
2600:17:23:0D:2C:7D00:19:07:58:9F:2011.529416802.11 Assoc Req
) C" p, f1 h& @' K2700:19:07:58:9F:2000:17:23:0D:2C:7D11.529731802.11 Ack
% g, v. G3 m: z+ T6 t2800:19:07:58:9F:2000:17:23:0D:2C:7D111.530343802.11 Assoc Rsp+ n" s3 q1 D; u# S2 j
2900:17:23:0D:2C:7D00:19:07:58:9F:2011.530655802.11 Ack6 `; I9 ]3 G I
30192.168.21.54224.0.0.1111.531262IGMP
) _) I% A3 z" Z7 e* @) Y31192.168.21.54224.0.0.1111.532943IGMP
/ c5 H8 B) k: u7 n; T( B3200:17:23:0D:2C:7D00:19:07:58:9F:20111.533059802.11 Ack0 U/ B9 `7 @7 v5 ?
3300:19:07:58:9F:2000:17:23:0D:2C:7D111.533673WLCCP
: J! B; E ~- ]: E( Z" }" V3400:17:23:0D:2C:7D00:19:07:58:9F:20111.53379802.11 Ack
# v$ H3 F( o9 l% X7 |3500:19:07:58:9F:20Ethernet Broadcast11.536016802.11 Beacon) u4 B% j, ?- @/ z
3600:19:07:58:9F:20Ethernet Broadcast11.638414802.11 Beacon
/ g/ \0 V: f8 D6 K+ ?, W+ _, ]3700:19:07:58:9F:20Ethernet Broadcast11.740816802.11 Beacon
- c) o7 a: {% j# ~3800:19:07:58:9F:20Ethernet Broadcast11.843218802.11 Beacon
! q+ N- e5 J `; i3900:19:07:58:9F:20Ethernet Broadcast11.945617802.11 Beacon
" X$ ^# I8 i2 P+ S4000:19:07:58:9F:20Ethernet Broadcast12.048018802.11 Beacon {6 N% P& E8 H9 ~9 ~) \, H
4100:19:07:58:9F:20Ethernet Broadcast12.150419802.11 Beacon
" p! X4 m1 n7 T! t1 v42192.168.21.54224.0.0.1112.172736IGMP
) D$ Y9 t9 x8 H* a- F- n0 j# z. d2 I4300:17:23:0D:2C:7D00:19:07:58:9F:20112.172852802.11 Ack
3 N5 e/ S: u% j1 |: V# O( |$ s4400:19:07:58:9F:20Ethernet Broadcast12.25282802.11 Beacon
+ N ^/ f0 x5 H/ n( ]4500:19:07:58:9F:20Ethernet Broadcast12.355221802.11 Beacon( @" Z4 Z7 S, K. z& b, g. |" m5 d) H
4600:19:07:58:9F:20Ethernet Broadcast12.457622802.11 Beacon# W Q+ c4 l( ]; _. m+ @+ }/ {0 W9 o( a# d8 k4 D
+ `* i8 F- o6 T0 x+ P6 U- Y
把一些無關痛癢的包不管,整個握手過程為包括
* }/ Z5 z( N5 m* |% w" b- ZBeacon; W% q5 l: p% E' t0 J9 n2 i
802.11 Probe Req -> 802.11 Probe Rsp3 o, c2 R0 }) U# r J
802.11 Auth -> 802.11 Auth z$ E* Q: D8 i. h; Y* C4 t' U$ \
802.11 Assoc Req -> 802.11 Assoc Rsp
+ ^' B; Q4 R# S
2 ?# B2 l: Q8 P, {; G! S$ [而每當Source 傳一個包給 Destination, Destionation 都會向 source 回應 802.11 Ack,這個暫不理,那麼我們把上表簡化為下表,跟著會詳細把每個包的重點提出來。4 V* O- t* z! }. n, r
9 s+ @) k4 M7 `4 x
0 A( C- h" U$ a
PacketSourceDestinationData RateRelative TimeProtocol; t& {6 E- r% B# B. a
100:19:07:58:9F:20Ethernet Broadcast10802.11 Beacon% D4 L# `4 _& o; N: N) I' ] p c7 O
1600:17:23:0D:2C:7DEthernet Broadcast11.385512802.11 Probe Req6 W6 I( _! O/ f; H, S6 a5 b# v1 W
2000:19:07:58:9F:2000:17:23:0D:2C:7D11.460278802.11 Probe Rsp
% D7 a6 |0 l C) `( F' [* @, h' z) V2200:17:23:0D:2C:7D00:19:07:58:9F:2011.527452802.11 Auth
0 \' X: E3 R P7 ^" R* k* ^2400:19:07:58:9F:2000:17:23:0D:2C:7D111.528054802.11 Auth' \, `4 Z0 j9 Q- k, s8 Z; N
2600:17:23:0D:2C:7D00:19:07:58:9F:2011.529416802.11 Assoc Req: u: d2 m$ t. t# |; g3 C4 b- K
2800:19:07:58:9F:2000:17:23:0D:2C:7D111.530343802.11 Assoc Rsp
% a8 P3 {+ m+ `0 `5 b |
