[sniffer]过滤类型帧

原创已于 2025-04-10 14:25:11 修改 · 2.6k 阅读

18 ·

CC 4.0 BY-SA版权

文章标签：

#wireshark #网络 #测试工具

于 2023-01-28 14:43:50 首次发布

sniffer 专栏收录该内容

8 篇文章

订阅专栏

本文介绍如何通过Wi-Fi协议中的源地址(wlan.sa)和目的地址(wlan.da)来筛选特定MAC地址的数据帧。此外，还详细列举了各种类型的Wi-Fi帧，包括管理帧(如Beacon和Association请求/响应)、控制帧(如Block ACK请求/响应)及数据帧(如QoS数据帧)等。

链接: [link]

管理帧

(http://www.360doc.com/content/22/1129/08/77981587_1058036902.shtml)
1.搜索由源或目的mac地址发送或接收的帧数据
wlan.sa == 11.11.11.11.11.11
wlan.da

2,搜索wifi不同类型帧数据
Management frame
wlan.fc.type == 0
Control frame
wlan.fc.type == 1
Data frame
wlan.fc.type == 2
Association request
wlan.fc.type _ subtype == 0x00
Association response
wlan.fc.type _ subtype == 0x01
Reassociation request
wlan.fc.type _ subtype == 0x02
Reassociation response
wlan.fc.type _ subtype == 0x03
Probe request
wlan.fc.type _ subtype == 0x04
Probe response
wlan.fc.type _ subtype == 0x05
Beacon
wlan.fc.type _ subtype == 0x08
Disassociate
wlan.fc.type _ subtype == 0x0A
Authentication
wlan.fc.type _ subtype == 0x0B
Deauthentication
wlan.fc.type _ subtype == 0x0C
Action frame
wlan.fc.type _ subtype == 0x0D
Block ACK requests
wlan.fc.type _ subtype == 0x18
Block ACK
wlan.fc.type _ subtype == 0x19
Power save poll
wlan.fc.type _ subtype == 0x1A
Request to send
wlan.fc.type _ subtype == 0x1B
Clear to send
wlan.fc.type _ subtype == 0x1C
ACK
wlan.fc.type _ subtype == 0x1D
Contention free period end
wlan.fc.type _ subtype == 0x1E
NULL data
wlan.fc.type _ subtype == 0x24
QoS data
wlan.fc.type _ subtype == 0x28
Null QoS data
wlan.fc.type _ subtype == 0x2C