下表是利用 omnipeek 抓下約 3 秒鐘的無線包/ L8 n: [$ D1 P s
1 v/ S" L! r, `4 X e
動作:8 [% f1 ?: }6 C, Y% d1 J
1) 啟動 Cisco AP,host 名為 Openplatform,2.4G Mac 地址為 00:19:07:58:9F:20,沒有加密,頻道為 9
! o6 _; q' `5 Y* \ \5 i1 H9 v6 ~; a2) 利用 Summit 無線卡,啟動 CCX,連上 Cisco AP, 2.4G Mac 地址為 00:17:23:0D:2C:7D9 v5 b$ }; Q9 c: z, e
2 p6 e" X, P# @# \. f$ e
** 登入論壇後資料顯示更整齊 ***; u8 Z% l# Y) O# A2 t# l; i
U7 A- V0 [8 H0 oPacketSourceDestinationData RateRelative TimeProtocol4 w' r, |& F4 M3 H0 l' W9 u
100:19:07:58:9F:20Ethernet Broadcast10802.11 Beacon
" g7 C( g) O3 K; I0 k7 N200:19:07:58:9F:20Ethernet Broadcast10.102401802.11 Beacon2 `+ a5 X8 r2 T: G
300:19:07:58:9F:20Ethernet Broadcast10.204804802.11 Beacon
$ }- v, O% ^) e$ T9 @400:19:07:58:9F:20Ethernet Broadcast10.307203802.11 Beacon
. V3 k3 `) k, r* Y0 k500:19:07:58:9F:20Ethernet Broadcast10.409604802.11 Beacon, |' g b2 ~' [" v: M
600:19:07:58:9F:20Ethernet Broadcast10.512005802.11 Beacon! g9 D' n+ e* _ b/ J/ ^
700:19:07:58:9F:20Ethernet Broadcast10.614406802.11 Beacon
. ~3 M8 ]+ n6 H. V800:19:07:58:9F:20Ethernet Broadcast10.716807802.11 Beacon. s) t7 ~+ X9 S0 f% C }6 P7 e5 ^7 J
900:19:07:58:9F:20Ethernet Broadcast10.819208802.11 Beacon# i1 K' R4 _! Z
1000:19:07:58:9F:20Ethernet Broadcast11.024009802.11 Beacon
% X9 W4 f/ G' A2 d1100:19:07:58:9F:20Ethernet Broadcast11.12641802.11 Beacon
p0 O& D* k# H* |7 m0 Z1200:17:23:0D:2C:7DEthernet Broadcast11.175586802.11 Probe Req: N; n* {) g) O) z3 B( H$ i
1300:17:23:0D:2C:7DEthernet Broadcast11.208822802.11 Probe Req
8 O7 q. q: S- w5 R- b, a7 T+ o/ r( y1400:19:07:58:9F:20Ethernet Broadcast11.228811802.11 Beacon
6 P2 M0 G2 i/ C4 Q0 ^; q1500:19:07:58:9F:20Ethernet Broadcast11.331212802.11 Beacon
. j/ W' \, ]1 ]4 P( Q3 E% o" t1600:17:23:0D:2C:7DEthernet Broadcast11.385512802.11 Probe Req
, [3 ~1 b. ?3 m17Ethernet Broadcast00:19:07:58:9F:2011.422788802.11 Ack
+ y; v9 B5 `9 n, O' N4 @1 v$ D1800:19:07:58:9F:20Ethernet Broadcast11.433613802.11 Beacon
, q, p2 c# q a0 W1900:19:07:58:9F:2000:17:23:0D:2C:7D11.4586802.11 Probe Rsp
# h. S* r4 w* N/ Z# ~: V2000:19:07:58:9F:2000:17:23:0D:2C:7D11.460278802.11 Probe Rsp, B( }% c; R7 u' L S
2100:17:23:0D:2C:7D00:19:07:58:9F:2011.460593802.11 Ack$ R2 ~& P8 r' h
2200:17:23:0D:2C:7D00:19:07:58:9F:2011.527452802.11 Auth% A5 y B8 `. y
2300:19:07:58:9F:2000:17:23:0D:2C:7D11.527764802.11 Ack
& M2 Q# G) T% h8 |( t% P2400:19:07:58:9F:2000:17:23:0D:2C:7D111.528054802.11 Auth: H2 C1 v+ N& b; E) y1 c8 J! d: }
2500:17:23:0D:2C:7D00:19:07:58:9F:2011.528362802.11 Ack# i1 p; N& J* w) G! h) h
2600:17:23:0D:2C:7D00:19:07:58:9F:2011.529416802.11 Assoc Req# K# L0 \, M6 V! n# H
2700:19:07:58:9F:2000:17:23:0D:2C:7D11.529731802.11 Ack- g# H* j6 a P0 l: J
2800:19:07:58:9F:2000:17:23:0D:2C:7D111.530343802.11 Assoc Rsp$ e3 n7 N& y0 u6 |* Z H/ `$ {! K
2900:17:23:0D:2C:7D00:19:07:58:9F:2011.530655802.11 Ack
f2 y5 N- A6 z4 C' _30192.168.21.54224.0.0.1111.531262IGMP
& q% o0 ]9 E$ w- x& A31192.168.21.54224.0.0.1111.532943IGMP8 T) T7 r1 f" k: m/ V: Y' S! R
3200:17:23:0D:2C:7D00:19:07:58:9F:20111.533059802.11 Ack
/ e( F: l/ q y; p) d3300:19:07:58:9F:2000:17:23:0D:2C:7D111.533673WLCCP* M7 ^: t* X- U/ `# J
3400:17:23:0D:2C:7D00:19:07:58:9F:20111.53379802.11 Ack
) X- |& A9 v A {5 H: S3500:19:07:58:9F:20Ethernet Broadcast11.536016802.11 Beacon
% m" Q: m7 q# b5 ~3 O- }3600:19:07:58:9F:20Ethernet Broadcast11.638414802.11 Beacon4 p0 \, l0 K: N% `) I5 ^
3700:19:07:58:9F:20Ethernet Broadcast11.740816802.11 Beacon
% {$ J8 @- H0 x3800:19:07:58:9F:20Ethernet Broadcast11.843218802.11 Beacon
- C) v3 `/ a& Q7 F6 v% S$ e" `) F+ y3900:19:07:58:9F:20Ethernet Broadcast11.945617802.11 Beacon5 w. Q5 @5 P/ U( \, D, a7 Q& a
4000:19:07:58:9F:20Ethernet Broadcast12.048018802.11 Beacon" H/ C# ?5 h- l4 n6 ^
4100:19:07:58:9F:20Ethernet Broadcast12.150419802.11 Beacon; p+ `! W3 }6 \" h) u
42192.168.21.54224.0.0.1112.172736IGMP" h5 H1 m8 K0 X: c' G. p2 _
4300:17:23:0D:2C:7D00:19:07:58:9F:20112.172852802.11 Ack
7 w% z% q4 o& b7 g" r* `+ |4400:19:07:58:9F:20Ethernet Broadcast12.25282802.11 Beacon0 J. \% s! ^- o+ K# c
4500:19:07:58:9F:20Ethernet Broadcast12.355221802.11 Beacon7 T- Z, u' j! l" u0 z; [8 `6 @
4600:19:07:58:9F:20Ethernet Broadcast12.457622802.11 Beacon5 i1 A9 N6 l4 f5 R& X6 w( w- V0 i d2 E r/ ~( H+ M. a
; I; V9 \' t/ q/ \/ q' Q把一些無關痛癢的包不管,整個握手過程為包括
* w% a4 ]; X: ^Beacon1 e( h& C; y6 N
802.11 Probe Req -> 802.11 Probe Rsp
# i/ G$ `: G% K* Y3 c802.11 Auth -> 802.11 Auth 1 @6 {/ s! V5 R8 Z
802.11 Assoc Req -> 802.11 Assoc Rsp- B/ ?- d6 F! _+ f% k
! U. k% z: ]! {8 c9 V$ {而每當Source 傳一個包給 Destination, Destionation 都會向 source 回應 802.11 Ack,這個暫不理,那麼我們把上表簡化為下表,跟著會詳細把每個包的重點提出來。6 s, x! P0 H+ \4 X) Z
7 O# V6 S* R7 ?$ n! f( `. Z6 n. R) G \/ E6 x. L
PacketSourceDestinationData RateRelative TimeProtocol
5 k( f+ n4 T) s% O( i100:19:07:58:9F:20Ethernet Broadcast10802.11 Beacon4 h2 e! N9 Y8 k! E! o' K" j2 |
1600:17:23:0D:2C:7DEthernet Broadcast11.385512802.11 Probe Req
, ^9 `; H, I4 Y$ N2000:19:07:58:9F:2000:17:23:0D:2C:7D11.460278802.11 Probe Rsp
8 |9 b) D. `8 a2 k7 w2 s [' z3 V2200:17:23:0D:2C:7D00:19:07:58:9F:2011.527452802.11 Auth
: s+ e) ^6 C! z, I2 A5 a2400:19:07:58:9F:2000:17:23:0D:2C:7D111.528054802.11 Auth
0 {4 x: `' E# W! G) \4 x7 J, v, M2600:17:23:0D:2C:7D00:19:07:58:9F:2011.529416802.11 Assoc Req
0 J6 l' W/ j! y3 r, E8 T2800:19:07:58:9F:2000:17:23:0D:2C:7D111.530343802.11 Assoc Rsp; j( O0 ?7 m1 z/ P/ V- f9 O |
