我有一個保存wireshark捕獲,我已經應用篩選器的結果,只顯示一個特定設備的通信。 我已啓用解密,並且解密密鑰以格式密鑰:SSID存儲爲wpa-pwd。試圖破譯捕獲的wireshark數據包
我不完全理解如何解釋我可以得到的結果。我在S/O和谷歌上進行了大量搜索。
我想從結果中「感興趣」的數據包將是來自源設備的數據包,傳出到路由器,所有數據包都標有802.11協議。
我公司目前已篩選出的結果通過目的地有序,有
- 3「請求 - 發送」的結果
- 接着是「802.11分組確認」,
- 8「請求 - 「發送」結果,
- 後面跟着另一個「802.11 Block Ack」
- 3「請求發送」結果。
我會按照這個順序放置結果,但是我只包括第一個請求發送的摘要和兩個802.11塊ack數據包,因爲請求摘要發送數據包都基本相同。
作爲一個問題,有沒有什麼辦法可以直接解釋這些結果來理解這些數據包包含/爲什麼?
分組1(請求允許發送)簡要 5131 27.713095 Apple_88:85:55(TA)Actionte_30:F4:B6(18:1B:EB:30:F4:B6)(RA)802.11 45請求允許發送,標誌=。。。P ....ç
分組1十六進制+ ASCII
0000 00 00 19 00 6f 08 00 00 57 11 bb 47 00 00 00 00 ....o...W..G....
0010 12 30 85 09 80 04 c3 a0 00 b4 10 9e 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 a4 ff c8 cc 0..,....U....
分組2六角+ ASCII
0000 00 00 19 00 6f 08 00 00 c1 b7 77 48 00 00 00 00 ....o.....wH....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a6 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 69 3a 25 10 0..,....Ui:%.
分組3六角+ ASCII
0000 00 00 19 00 6f 08 00 00 de 05 78 48 00 00 00 00 ....o.....xH....
0010 12 30 85 09 80 04 c5 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
分組4,802.11塊確認摘要 6829 40.120666 Apple_88:85:55(TA)Actionte_30:F4:B6(18:1B:EB: 30:f4:b6)(RA)802.11 57 802.11 Block Ack,Flags = ........Ç
分組4六角+ ASCII
0000 00 00 19 00 6f 08 00 00 53 65 78 48 00 00 00 00 ....o...SexH....
0010 12 30 85 09 80 04 c6 9e 00 94 00 00 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 05 00 b0 3c 01 00 00 0..,....U...<...
0030 00 00 00 00 00 5d c0 d4 c7 .....]...
分組5六角+ ASCII
0000 00 00 19 00 6f 08 00 00 02 6f 78 48 00 00 00 00 ....o....oxH....
0010 12 30 85 09 80 04 c5 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
分組6六角+ ASCII
0000 00 00 19 00 6f 08 00 00 ea 77 78 48 00 00 00 00 ....o....wxH....
0010 12 30 85 09 80 04 c5 9e 00 b4 00 be 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 33 18 ce 45 0..,....U3..E
分組7六角+ ASCII
0000 00 00 19 00 6f 08 00 00 c3 ca 78 48 00 00 00 00 ....o.....xH....
0010 12 30 85 09 80 04 c5 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
分組8六角+ ASCII
0000 00 00 19 00 6f 08 00 00 f8 d4 78 48 00 00 00 00 ....o.....xH....
0010 12 30 85 09 80 04 c5 9e 00 b4 00 ce 01 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 f3 72 37 72 0..,....U.r7r
分組9六角+ ASCII
0000 00 00 19 00 6f 08 00 00 24 68 7a 48 00 00 00 00 ....o...$hzH....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
包10進制+ ASCII
0000 00 00 19 00 6f 08 00 00 7e ed 7b 48 00 00 00 00 ....o...~.{H....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a6 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 69 3a 25 10 0..,....Ui:%.
分組11六角+ ASCII
0000 00 00 19 00 6f 08 00 00 e3 3c 7c 48 00 00 00 00 ....o....<|H....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
包12進制+ ASCII
0000 00 00 19 00 6f 08 00 00 3c 52 7c 48 00 00 00 00 ....o...<R|H....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 0e 01 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 e0 6a fd b0 0..,....U.j..
分組13(塊確認)簡要 6978 40.406195 Apple_88:85 :55(TA)Actionte_30:f4:b6(18:1b:eb:30:f4:b6)(RA)802.11 57 802.11 B鎖Ack時,標誌= ........Ç
包13進制+ ASCII
0000 00 00 19 00 6f 08 00 00 94 bf 7c 48 00 00 00 00 ....o.....|H....
0010 12 30 85 09 80 04 c6 9e 00 94 00 00 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 05 00 40 3d 03 00 00 0..,[email protected]=...
0030 00 00 00 00 00 fa 5f c6 82 ......_..
分組14六角+ ASCII
0000 00 00 19 00 6f 08 00 00 54 cd 7c 48 00 00 00 00 ....o...T.|H....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
包15進制+ ASCII
0000 00 00 19 00 6f 08 00 00 1a f7 7c 48 00 00 00 00 ....o.....|H....
0010 12 30 85 09 80 04 c2 9e 00 b4 00 be 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 33 18 ce 45 0..,....U3..E
包16進制ASCII +
0000 00 00 19 00 6f 08 00 00 6f 4a 7d 48 00 00 00 00 ....o...oJ}H....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
所以,我正在尋找一個說明如何解釋這些和未來的結果,有點像「趕頭魚,然後告訴我怎麼做吧。「
我知道我讀過一些有關的分組右鍵單擊,然後將「跟隨」和「流」,但這種做法是不是在保存捕捉獲得,如果有人想提什麼具體功能確實,它也不勝感激。
如果我的理解正確,這意味着這些數據包不包含任何實際數據(比如說,發送到特定服務的信息),但僅僅是WiFi的「衝突避免」數據包,作爲CSMA的一部分/ CA進程? –
這也是我的理解 – Ray