802.11 标头不匹配 - pcap
我正在捕获无线帧,我使用的第一个结构是
struct mgmt_header_t {
u_int16_t fc;
u_int16_t duration;
u_int8_t da[6];
u_int8_t sa[6];
u_int8_t bssid[6];
u_int16_t seq_ctrl;
};
但此标头不匹配,因为我捕获的数据包以目标地址开头,后跟源地址?! 我想我使用的是 802.11g,有什么区别吗? 上述结构遵循 tcpdump 和 ieee802.11-2007 标准
-- 更新 -- 看了一下wireshark后它说 [框架中的协议:eth:ip:tcp:http] 并按此顺序测试这些结构有效 但我仍在寻找分析 802.11 帧
I'm capturing wirless frames the first structure i'm using is
struct mgmt_header_t {
u_int16_t fc;
u_int16_t duration;
u_int8_t da[6];
u_int8_t sa[6];
u_int8_t bssid[6];
u_int16_t seq_ctrl;
};
but this header mismatch , because my captured packet start with destination address followed by source address ?!
I think i'm on 802.11g is there a difference ?
the above structure following tcpdump and ieee802.11-2007 standard
-- UPDATE --
After taking a look at wireshark it says
[Protocols in frame : eth:ip:tcp:http ]
and testing these structures in this order worked
but I'm still looking for analyzing 802.11 frame
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
“帧中的协议:eth:ip:tcp:http”表示数据包具有以太网标头,而不是 802.11 标头。在大多数操作系统上,默认情况下,在 802.11 接口上捕获会为您提供以太网标头;您必须在捕获时显式选择 802.11 标头,方法是选择监控模式(在 BSD 以外的操作系统上获取 802.11 标头的唯一方法是在监控模式下捕获)或选择 802.11 标头(您可以在 BSD 上执行此操作)当不在监控模式下捕获时)。在 Windows 上,WinPcap 目前根本不支持在监视器模式下捕获。
"Protocols in frame : eth:ip:tcp:http" means that the packets have Ethernet headers, not 802.11 headers. On most OSes, capturing on an 802.11 interface will, by default, give you Ethernet headers; you would have to explicitly select 802.11 headers when capturing, either by selecting monitor mode (the only way to get 802.11 headers on OSes other than the BSDs is by capturing in monitor mode) or by selecting 802.11 headers (which you can do on the BSDs when not capturing in monitor mode). On Windows, WinPcap doesn't currently support capturing in monitor mode at all.