我有一个保存wireshark捕获,我已经应用筛选器的结果,只显示一个特定设备的通信。 我已启用解密,并且解密密钥以格式密钥:SSID存储为wpa-pwd。试图破译捕获的wireshark数据包
我不完全理解如何解释我可以得到的结果。我在S/O和谷歌上进行了大量搜索。
我想从结果中“感兴趣”的数据包将是来自源设备的数据包,传出到路由器,所有数据包都标有802.11协议。
我公司目前已筛选出的结果通过目的地有序,有
- 3“请求 - 发送”的结果
- 接着是“802.11分组确认”,
- 8“请求 - “发送”结果,
- 后面跟着另一个“802.11 Block Ack”
- 3“请求发送”结果。
我会按照这个顺序放置结果,但是我只包括第一个请求发送的摘要和两个802.11块ack数据包,因为请求摘要发送数据包都基本相同。
作为一个问题,有没有什么办法可以直接解释这些结果来理解这些数据包包含/为什么?
分组1(请求允许发送)简要 5131 27.713095 Apple_88:85:55(TA)Actionte_30:F4:B6(18:1B:EB:30:F4:B6)(RA)802.11 45请求允许发送,标志=。。。P ....ç
分组1十六进制+ ASCII
0000 00 00 19 00 6f 08 00 00 57 11 bb 47 00 00 00 00 ....o...W..G....
0010 12 30 85 09 80 04 c3 a0 00 b4 10 9e 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 a4 ff c8 cc 0..,....U....
分组2六角+ ASCII
0000 00 00 19 00 6f 08 00 00 c1 b7 77 48 00 00 00 00 ....o.....wH....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a6 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 69 3a 25 10 0..,....Ui:%.
分组3六角+ ASCII
0000 00 00 19 00 6f 08 00 00 de 05 78 48 00 00 00 00 ....o.....xH....
0010 12 30 85 09 80 04 c5 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
分组4,802.11块确认摘要 6829 40.120666 Apple_88:85:55(TA)Actionte_30:F4:B6(18:1B:EB: 30:f4:b6)(RA)802.11 57 802.11 Block Ack,Flags = ........Ç
分组4六角+ ASCII
0000 00 00 19 00 6f 08 00 00 53 65 78 48 00 00 00 00 ....o...SexH....
0010 12 30 85 09 80 04 c6 9e 00 94 00 00 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 05 00 b0 3c 01 00 00 0..,....U...<...
0030 00 00 00 00 00 5d c0 d4 c7 .....]...
分组5六角+ ASCII
0000 00 00 19 00 6f 08 00 00 02 6f 78 48 00 00 00 00 ....o....oxH....
0010 12 30 85 09 80 04 c5 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
分组6六角+ ASCII
0000 00 00 19 00 6f 08 00 00 ea 77 78 48 00 00 00 00 ....o....wxH....
0010 12 30 85 09 80 04 c5 9e 00 b4 00 be 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 33 18 ce 45 0..,....U3..E
分组7六角+ ASCII
0000 00 00 19 00 6f 08 00 00 c3 ca 78 48 00 00 00 00 ....o.....xH....
0010 12 30 85 09 80 04 c5 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
分组8六角+ ASCII
0000 00 00 19 00 6f 08 00 00 f8 d4 78 48 00 00 00 00 ....o.....xH....
0010 12 30 85 09 80 04 c5 9e 00 b4 00 ce 01 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 f3 72 37 72 0..,....U.r7r
分组9六角+ ASCII
0000 00 00 19 00 6f 08 00 00 24 68 7a 48 00 00 00 00 ....o...$hzH....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
包10进制+ ASCII
0000 00 00 19 00 6f 08 00 00 7e ed 7b 48 00 00 00 00 ....o...~.{H....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a6 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 69 3a 25 10 0..,....Ui:%.
分组11六角+ ASCII
0000 00 00 19 00 6f 08 00 00 e3 3c 7c 48 00 00 00 00 ....o....<|H....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
包12进制+ ASCII
0000 00 00 19 00 6f 08 00 00 3c 52 7c 48 00 00 00 00 ....o...<R|H....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 0e 01 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 e0 6a fd b0 0..,....U.j..
分组13(块确认)简要 6978 40.406195 Apple_88:85 :55(TA)Actionte_30:f4:b6(18:1b:eb:30:f4:b6)(RA)802.11 57 802.11 B锁Ack时,标志= ........Ç
包13进制+ ASCII
0000 00 00 19 00 6f 08 00 00 94 bf 7c 48 00 00 00 00 ....o.....|H....
0010 12 30 85 09 80 04 c6 9e 00 94 00 00 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 05 00 40 3d 03 00 00 0..,[email protected]=...
0030 00 00 00 00 00 fa 5f c6 82 ......_..
分组14六角+ ASCII
0000 00 00 19 00 6f 08 00 00 54 cd 7c 48 00 00 00 00 ....o...T.|H....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
包15进制+ ASCII
0000 00 00 19 00 6f 08 00 00 1a f7 7c 48 00 00 00 00 ....o.....|H....
0010 12 30 85 09 80 04 c2 9e 00 b4 00 be 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 33 18 ce 45 0..,....U3..E
包16进制ASCII +
0000 00 00 19 00 6f 08 00 00 6f 4a 7d 48 00 00 00 00 ....o...oJ}H....
0010 12 30 85 09 80 04 c6 9e 00 b4 00 a2 00 18 1b eb .0..............
0020 30 f4 b6 2c f0 a2 88 85 55 72 b5 89 09 0..,....Ur...
所以,我正在寻找一个说明如何解释这些和未来的结果,有点像“赶头鱼,然后告诉我怎么做吧。“
我知道我读过一些有关的分组右键单击,然后将“跟随”和“流”,但这种做法是不是在保存捕捉获得,如果有人想提什么具体功能确实,它也不胜感激。
如果我的理解正确,这意味着这些数据包不包含任何实际数据(比如说,发送到特定服务的信息),但仅仅是WiFi的“冲突避免”数据包,作为CSMA的一部分/ CA进程? –
这也是我的理解 – Ray