本文介绍如何通过Wi-Fi协议中的源地址(wlan.sa)和目的地址(wlan.da)来筛选特定MAC地址的数据帧。此外,还详细列举了各种类型的Wi-Fi帧,包括管理帧(如Beacon和Association请求/响应)、控制帧(如Block ACK请求/响应)及数据帧(如QoS数据帧)等。
链接: [link]
管理帧
(http://www.360doc.com/content/22/1129/08/77981587_1058036902.shtml)
1.搜索由源或目的mac地址发送或接收的帧数据
wlan.sa == 11.11.11.11.11.11
wlan.da
2,搜索wifi不同类型帧数据
Management frame
wlan.fc.type == 0
Control frame
wlan.fc.type == 1
Data frame
wlan.fc.type == 2
Association request
wlan.fc.type _ subtype == 0x00
Association response
wlan.fc.type _ subtype == 0x01
Reassociation request
wlan.fc.type _ subtype == 0x02
Reassociation response
wlan.fc.type _ subtype == 0x03
Probe request
wlan.fc.type _ subtype == 0x04
Probe response
wlan.fc.type _ subtype == 0x05
Beacon
wlan.fc.type _ subtype == 0x08
Disassociate
wlan.fc.type _ subtype == 0x0A
Authentication
wlan.fc.type _ subtype == 0x0B
Deauthentication
wlan.fc.type _ subtype == 0x0C
Action frame
wlan.fc.type _ subtype == 0x0D
Block ACK requests
wlan.fc.type _ subtype == 0x18
Block ACK
wlan.fc.type _ subtype == 0x19
Power save poll
wlan.fc.type _ subtype == 0x1A
Request to send
wlan.fc.type _ subtype == 0x1B
Clear to send
wlan.fc.type _ subtype == 0x1C
ACK
wlan.fc.type _ subtype == 0x1D
Contention free period end
wlan.fc.type _ subtype == 0x1E
NULL data
wlan.fc.type _ subtype == 0x24
QoS data
wlan.fc.type _ subtype == 0x28
Null QoS data
wlan.fc.type _ subtype == 0x2C
数据帧
过滤端口是1234的tcp数据
tcp.port == 1234
扫一扫
2119
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
