下表是利用 omnipeek 抓下約 3 秒鐘的無線包+ ~ ^* [% j0 U3 E5 @' K9 `
' ^- z u- }, T, `& n動作:
7 l4 P( A5 J0 n7 ~; a1) 啟動 Cisco AP,host 名為 Openplatform,2.4G Mac 地址為 00:19:07:58:9F:20,沒有加密,頻道為 9
9 |, Q% O9 R3 O3 Y2 _6 W& V2) 利用 Summit 無線卡,啟動 CCX,連上 Cisco AP, 2.4G Mac 地址為 00:17:23:0D:2C:7D2 [, U- ~. O* R; I2 C
) X- j# H# Z1 p% u2 d
** 登入論壇後資料顯示更整齊 ***) i! D9 j& Z- c2 z
6 k: v! S( }+ L# ?. p. iPacketSourceDestinationData RateRelative TimeProtocol8 B- L2 @# Y# p
100:19:07:58:9F:20Ethernet Broadcast10802.11 Beacon1 M% ^( W/ s$ s t; N6 O
200:19:07:58:9F:20Ethernet Broadcast10.102401802.11 Beacon
* e5 k/ J5 q" d' K3 `8 Y; t! f" Z, g300:19:07:58:9F:20Ethernet Broadcast10.204804802.11 Beacon0 @8 ?! k, ^3 s* U" ]# [: X
400:19:07:58:9F:20Ethernet Broadcast10.307203802.11 Beacon
8 n5 ^( @3 r& P9 l: ^500:19:07:58:9F:20Ethernet Broadcast10.409604802.11 Beacon( L0 D* U4 l% P
600:19:07:58:9F:20Ethernet Broadcast10.512005802.11 Beacon1 k# K4 V$ q6 Q2 c6 k
700:19:07:58:9F:20Ethernet Broadcast10.614406802.11 Beacon \& l8 u/ t% N# V
800:19:07:58:9F:20Ethernet Broadcast10.716807802.11 Beacon
; {6 O0 Q( K+ U+ n$ S2 C900:19:07:58:9F:20Ethernet Broadcast10.819208802.11 Beacon; d9 |1 w$ s* w1 P" V5 t4 S
1000:19:07:58:9F:20Ethernet Broadcast11.024009802.11 Beacon J$ b- \3 p+ T- a/ D
1100:19:07:58:9F:20Ethernet Broadcast11.12641802.11 Beacon8 M2 B% j4 w" L1 d/ J. F; I% [: }
1200:17:23:0D:2C:7DEthernet Broadcast11.175586802.11 Probe Req
9 D) l; @$ J' I o) q1300:17:23:0D:2C:7DEthernet Broadcast11.208822802.11 Probe Req
: Y) {- m* t4 {. V1400:19:07:58:9F:20Ethernet Broadcast11.228811802.11 Beacon1 y- x) a# y7 }% {. [4 p8 U
1500:19:07:58:9F:20Ethernet Broadcast11.331212802.11 Beacon
2 `8 s7 D: `9 H2 G1600:17:23:0D:2C:7DEthernet Broadcast11.385512802.11 Probe Req8 M w) a0 d' H" F5 \; E0 i$ m
17Ethernet Broadcast00:19:07:58:9F:2011.422788802.11 Ack
3 i: J/ z! n! X7 y" i1800:19:07:58:9F:20Ethernet Broadcast11.433613802.11 Beacon9 s2 g' X) s3 k. z: `+ t' T
1900:19:07:58:9F:2000:17:23:0D:2C:7D11.4586802.11 Probe Rsp
, P0 @# x& l1 {/ I4 M7 x2000:19:07:58:9F:2000:17:23:0D:2C:7D11.460278802.11 Probe Rsp" L, w4 z/ Q6 v/ _% K7 t
2100:17:23:0D:2C:7D00:19:07:58:9F:2011.460593802.11 Ack/ {" e; w3 g, Y# x5 p: g
2200:17:23:0D:2C:7D00:19:07:58:9F:2011.527452802.11 Auth
4 A% L; Y6 A1 g3 Q% h2300:19:07:58:9F:2000:17:23:0D:2C:7D11.527764802.11 Ack- f7 o* w/ N1 F0 m4 W
2400:19:07:58:9F:2000:17:23:0D:2C:7D111.528054802.11 Auth5 f0 `8 ?; N- p) G1 Y
2500:17:23:0D:2C:7D00:19:07:58:9F:2011.528362802.11 Ack
$ j5 K, W" v8 y; V8 R9 o2600:17:23:0D:2C:7D00:19:07:58:9F:2011.529416802.11 Assoc Req8 r8 ~8 C, I/ a" a: \- G0 c
2700:19:07:58:9F:2000:17:23:0D:2C:7D11.529731802.11 Ack
6 }! _& ~' i6 X) M2800:19:07:58:9F:2000:17:23:0D:2C:7D111.530343802.11 Assoc Rsp1 i6 O# M x1 R9 ]9 `7 T
2900:17:23:0D:2C:7D00:19:07:58:9F:2011.530655802.11 Ack4 }5 `8 m# T- z2 k3 z
30192.168.21.54224.0.0.1111.531262IGMP
* N! A, h0 _! V/ s+ E2 g$ ~31192.168.21.54224.0.0.1111.532943IGMP+ C4 v( w- I9 A, K5 x
3200:17:23:0D:2C:7D00:19:07:58:9F:20111.533059802.11 Ack, V$ R2 F+ u$ a% W: \! \$ E
3300:19:07:58:9F:2000:17:23:0D:2C:7D111.533673WLCCP: f5 f a( q* \8 f! A
3400:17:23:0D:2C:7D00:19:07:58:9F:20111.53379802.11 Ack$ X" N0 q2 E4 N" e# W3 ^5 b
3500:19:07:58:9F:20Ethernet Broadcast11.536016802.11 Beacon0 v# L; G" F8 [2 }, [2 ~. M& V
3600:19:07:58:9F:20Ethernet Broadcast11.638414802.11 Beacon
, |7 q' o2 l: J3 t3700:19:07:58:9F:20Ethernet Broadcast11.740816802.11 Beacon
) r; L- Q% \0 u3800:19:07:58:9F:20Ethernet Broadcast11.843218802.11 Beacon
, j: b& \# J8 `5 I2 J, [3900:19:07:58:9F:20Ethernet Broadcast11.945617802.11 Beacon) w) y( F) I d& C# w0 S
4000:19:07:58:9F:20Ethernet Broadcast12.048018802.11 Beacon# I2 s) {& p" j% d
4100:19:07:58:9F:20Ethernet Broadcast12.150419802.11 Beacon! z4 q8 x4 h! a6 i4 G2 T$ x3 @3 H" j7 Q
42192.168.21.54224.0.0.1112.172736IGMP3 h$ d; N9 K+ A) I4 S
4300:17:23:0D:2C:7D00:19:07:58:9F:20112.172852802.11 Ack
* @; q7 O, H; O& O1 s1 t, O* c% K4400:19:07:58:9F:20Ethernet Broadcast12.25282802.11 Beacon7 Z' ^1 v- G" H5 z [ |
4500:19:07:58:9F:20Ethernet Broadcast12.355221802.11 Beacon0 F# z/ e5 x, Q) u9 {' Z" C! x+ h
4600:19:07:58:9F:20Ethernet Broadcast12.457622802.11 Beacon, [: f) I& @+ W- b% Y9 k S" ^
t; i% L7 O0 U, T/ ]
$ B% F- j3 N1 f6 _- V9 K把一些無關痛癢的包不管,整個握手過程為包括 5 k m+ V- {5 ]" g- Q( q
Beacon4 D+ V R" v! C& | u4 z! n
802.11 Probe Req -> 802.11 Probe Rsp8 y: m+ O9 k4 d Q! B# |5 D5 g# ` O
802.11 Auth -> 802.11 Auth
1 J2 k. s2 R7 V7 c4 X' h802.11 Assoc Req -> 802.11 Assoc Rsp7 w2 H+ \% W% X" |, O5 z5 K) u
4 g: U+ W) {6 a" t# _ Q, e而每當Source 傳一個包給 Destination, Destionation 都會向 source 回應 802.11 Ack,這個暫不理,那麼我們把上表簡化為下表,跟著會詳細把每個包的重點提出來。
- x7 ?" N. y" q
: W' s0 ^' g$ H7 g [2 F' t8 g' q" y# R) z, k- i8 u
PacketSourceDestinationData RateRelative TimeProtocol6 L/ u/ x! d0 p$ X8 l7 V# W, |
100:19:07:58:9F:20Ethernet Broadcast10802.11 Beacon
3 Z; r9 E! Y' e3 y7 Y& Z v1600:17:23:0D:2C:7DEthernet Broadcast11.385512802.11 Probe Req) i1 p$ g" g4 T6 H
2000:19:07:58:9F:2000:17:23:0D:2C:7D11.460278802.11 Probe Rsp4 ]7 L7 A3 S5 s, H( Q2 ^
2200:17:23:0D:2C:7D00:19:07:58:9F:2011.527452802.11 Auth: G0 K% m& o& ]/ ]8 B2 O$ l/ `3 `
2400:19:07:58:9F:2000:17:23:0D:2C:7D111.528054802.11 Auth' v, i" n, U e& A" Z3 Q; R$ b
2600:17:23:0D:2C:7D00:19:07:58:9F:2011.529416802.11 Assoc Req5 C0 |" O& y2 A+ B& h: L" N: l
2800:19:07:58:9F:2000:17:23:0D:2C:7D111.530343802.11 Assoc Rsp x j+ Y2 t9 u2 ?/ z6 l |
