协议分析软件Ethereal实现对无线局域网的协议分析

2019-11-05 03:08:35

字体：大中小

来源：转载

供稿：网友

Ethereal：A Network Packet Sniffing Tool

Ethereal是免费而且功能强大的网络调试和数据包协议分析软件。Ethereal 基本类似于tcpdump，但 Ethereal 还具有设计完美的 GUI 和众多分类信息及过滤选项。用户通过 Ethereal，同时将网卡设置成混合模式，可以查看到网络中发送的所有通信流量。目前，Ethereal在分析无线局域网时主要要注重的是“捕捉”网卡上传输数据时的设置。

Ethereal 应用于故障修复、分析、软件和协议开发以及教育领域。它具有用户对协议分析软件所期望的所有标准特征，并具有其它同类产品所不具备的有关特征。Ethereal 是一种开发源代码的许可软件，答应用户向其中添加改进方案。Ethereal 适用于当前所有较为流行的计算机系统，包括 Unix、linux 和 Windows 。

在使用Ethereal捕捉数据包时系统可能会有两种方法来存储捕捉的数据：

“真实”的802.11数据帧：捕捉硬件和驱动提供给了真实的无线局域网传输协议数据，它们是完整的802.11帧头，要注重这中间有大量的“无线电信息”，比如信号强度等等。
“虚假”的以太帧：捕捉硬件和强度将802.11帧头转换成以太网帧头，由此整个数据包看起来象正常的以太网数据帧。但是，此时所有的802.11专有的治理和控制帧由于它们没有在标准以太网中的对应内容而被丢弃了。

所以在使用Ethereal捕捉无线局域网的数据包时，选择正确的无线网卡工作模式就是非常要害的了。

下表是Ethereal支持的无线局域网协议域的内容：

IEEE 802.11 wireless LAN

PRotocol field name: wlan
Versions: 0.9.0 to 0.10.12

Field nameTypeDescriptionVersionswlan.addr6-byte Hardware (MAC) AddressSource or Destination address0.9.0 to 0.10.12wlan.aidUnsigned 16-bit integerAssociation ID0.9.0 to 0.10.12wlan.bssid6-byte Hardware (MAC) AddressBSS Id0.9.0 to 0.10.12wlan.ccmp.extivStringCCMP Ext. Initialization Vector0.10.5 to 0.10.12wlan.channelUnsigned 8-bit integerChannel0.9.4 to 0.10.12wlan.da6-byte Hardware (MAC) AddressDestination address0.9.0 to 0.10.12wlan.data_rateUnsigned 8-bit integerData Rate0.9.4 to 0.10.12wlan.durationUnsigned 16-bit integerDuration0.9.0 to 0.10.12wlan.fcUnsigned 16-bit integerFrame Control Field0.9.0 to 0.10.12wlan.fc.dsUnsigned 8-bit integerDS status0.9.0 to 0.10.12wlan.fc.fragBooleanMore Fragments0.9.0 to 0.10.12wlan.fc.fromdsBooleanFrom DS0.9.0 to 0.10.12wlan.fc.moredataBooleanMore Data0.9.0 to 0.10.12wlan.fc.orderBooleanOrder flag0.9.0 to 0.10.12wlan.fc.pwrmgtBooleanPWR MGT0.9.0 to 0.10.12wlan.fc.retryBooleanRetry0.9.0 to 0.10.12wlan.fc.suBTypeUnsigned 8-bit integerSubtype0.9.0 to 0.10.12wlan.fc.todsBooleanTo DS0.9.0 to 0.10.12wlan.fc.typeUnsigned 8-bit integerType0.9.0 to 0.10.12wlan.fc.type_subtypeUnsigned 16-bit integerType/Subtype0.9.0 to 0.10.12wlan.fc.versionUnsigned 8-bit integerVersion0.9.0 to 0.10.12wlan.fc.wepBooleanWEP flag0.9.0 to 0.10.12wlan.fcsUnsigned 32-bit integerFrame check sequence0.9.0 to 0.10.12wlan.flagsUnsigned 8-bit integerProtocol Flags0.9.0 to 0.10.12wlan.fragUnsigned 16-bit integerFragment number0.9.0 to 0.10.12wlan.fragmentFrame number802.11 Fragment0.9.4 to 0.10.12wlan.fragment.errorFrame numberDefragmentation error0.9.4 to 0.10.12wlan.fragment.multipletailsBooleanMultiple tail fragments found0.9.4 to 0.10.12wlan.fragment.overlapBooleanFragment overlap0.9.4 to 0.10.12wlan.fragment.overlap.conflictBooleanConflicting data in fragment overlap0.9.4 to 0.10.12wlan.fragment.toolongfragmentBooleanFragment too long0.9.4 to 0.10.12wlan.fragmentsNone802.11 Fragments0.9.4 to 0.10.12wlan.qos.ackUnsigned 16-bit integerAck Policy0.10.5 to 0.10.12wlan.qos.priorityUnsigned 16-bit integerPriority0.10.5 to 0.10.12wlan.ra6-byte Hardware (MAC) AddressReceiver address0.9.0 to 0.10.12wlan.reassembled_inFrame numberReassembled 802.11 in frame0.9.12 to 0.10.12wlan.sa6-byte Hardware (MAC) AddressSource address0.9.0 to 0.10.12wlan.seqUnsigned 16-bit integerSequence number0.9.0 to 0.10.12wlan.signal_strengthUnsigned 8-bit integerSignal Strength0.9.4 to 0.10.12wlan.ta6-byte Hardware (MAC) AddressTransmitter address0.9.0 to 0.10.12wlan.tkip.extivStringTKIP Ext. Initialization Vector0.10.5 to 0.10.12wlan.wep.crcUnsigned 32-bit integerWEP CRC (not verified)0.9.0 to 0.9.5wlan.wep.icvUnsigned 32-bit integerWEP ICV0.9.5 to 0.10.12wlan.wep.ivUnsigned 24-bit integerInitialization Vector0.9.0 to 0.10.12wlan.wep.keyUnsigned 8-bit integerKey0.9.0 to 0.10.12wlan.wep.weakivBooleanWeak IV0.10.9 to 0.10.12

附：Ethereal支持相当多的协议（号称700余种）

3COMXNS, 3GPP2 A11, 802.11 MGT, 802.11 Radiotap, 802.3 Slow protocols, 9P, AAL1, AAL3/4, AARP, ACAP, ACN, ACSE, ACtrace, ADP, AFP, AFS (RX), AH, AIM, AIM Administration, AIM Advertisements, AIM BOS, AIM Buddylist, AIM Chat, AIM ChatNav, AIM Directory, AIM Email, AIM Generic, AIM ICQ, AIM Invitation, AIM Location, AIM Messaging, AIM OFT, AIM Popup, AIM SSI, AIM SST, AIM Signon, AIM Stats, AIM Translate, AIM User Lookup, AJP13, ALC, ALCAP, AMR, ANS, ANSI BSMAP, ANSI DTAP, ANSI IS-637-A Teleservice, ANSI IS-637-A Transport, ANSI IS-683-A (OTA (Mobile)), ANSI IS-801 (Location Services (PLD)), ANSI MAP, AODV, AOE, ARCNET, ARP/RARP, ARTNET, ASAP, ASF, ASN1, asp, ATM, ATM LANE, ATP, ATSVC, AVS WLANCAP, AX4000, AgentX, Armagetronad, Auto-RP, BACapp, BACnet, BEEP, BER, BFD Control, BGP, BICC, BOFL, BOOTP/DHCP, BOOTPARAMS, BOSSVR, BROWSER, BSSAP, BSSGP, BUDB, BUTC, BVLC, BitTorrent, Boardwalk, CAMEL, CAST, CBAPDev, CCSDS, CDP, CDS_CLERK, CFLOW, CGMP, CHDLC, CIP, CLDAP, CLEARCASE, CLNP, CLTP, CMIP, CMP, CMS, CONV, COPS, COSEVENTCOMM, COSNAMING, COTP, CPFI, CPHA, CRMF, CSM_ENCAPS, CUPS, CoSine, DAAP, DCCP, DCERPC, DCE_DFS, DCOM, DDP, DDTP, DEC_DNA, DEC_STP, DFS, DHCPFO, DHCPv6, DIS, DISTCC, DLSw, DLT User A, DLT User B, DLT User C, DLT User D, DNP 3.0, DNS, DNSSERVER, DOCSIS, DOCSIS BPKM-ATTR, DOCSIS BPKM-REQ, DOCSIS BPKM-RSP, DOCSIS DSA-ACK, DOCSIS DSA-REQ, DOCSIS DSA-RSP, DOCSIS DSC-ACK, DOCSIS DSC-REQ, DOCSIS DSC-RSP, DOCSIS DSD-REQ, DOCSIS DSD-RSP, DOCSIS INT-RNG-REQ, DOCSIS MAC MGMT, DOCSIS MAP, DOCSIS REG-ACK, DOCSIS REG-REQ, DOCSIS REG-RSP, DOCSIS RNG-REQ, DOCSIS RNG-RSP, DOCSIS TLVs, DOCSIS UCC-REQ, DOCSIS UCC-RSP, DOCSIS UCD, DOCSIS VSIF, DOCSIS type29ucd, DRSUAPI, DSI, DSSETUP, DTP, DTSPROVIDER, DTSSTIME_REQ, DUA, DVMRP, Data, Diameter, E.164, EAP, EAPOL, ECHO, EDONKEY, EFS, EIGRP, ENC, ENIP, ENRP, ENTTEC, EPM, EPMv4, ESIS, ESP, ESS, ETHERIC, ETHERIP, EVENTLOG, Ethernet, FC, FC ELS, FC FZS, FC-FCS, FC-SB3, FC-SP, FC-SWILS, FC-dNS, FCIP, FCP, FC_CT, FDDI, FIX, FLDB, FR, FRSAPI, FRSRPC, FTAM, FTP, FTP-DATA, FTSERVER, FW-1, Frame, G.723, GIF image, GIOP, GMRP, GNUTELLA, GPRS NS, GPRS-LLC, GRE, GSM BSSMAP, GSM DTAP, GSM RP, GSM SMS, GSM SMS UD, GSM_MAP, GSS-API, GTP, GVRP, Gryphon, H.261, H.263, H1, H225, H235, H248, HCLNFSD, HPEXT, HPSW, HSRP, HTTP, HyperSCSI, IAP, IAPP, IAX2, IB, ICAP, ICBAAccoCB, ICBAAccoCB2, ICBAAccoMgt, ICBAAccoMgt2, ICBAAccoServ, ICBAAccoServ2, ICBAAccoServSRT, ICBAAccoSync, ICBABrowse, ICBABrowse2, ICBAGErr, ICBAGErrEvent, ICBALDev, ICBALDev2, ICBAPDev, ICBAPDev2, ICBAPDevPC, ICBAPDevPCEvent, ICBAPersist, ICBAPersist2, ICBARTAuto, ICBARTAuto2, ICBAState, ICBAStateEvent, ICBASysProp, ICBATime, ICEP, ICL_RPC, ICMP, ICMPv6, ICP, ICQ, IDP, IDispatch, IEEE 802.11, IEEE802a, IGAP, IGMP, IGRP, ILMI, IMAP, INAP, INITSHUTDOWN, IOXIDResolver, IP, IP/IEEE1394, IPComp, IPDC, IPFC, IPMI, IPP, IPVS, IPX, IPX MSG, IPX RIP, IPX SAP, IPX WAN, IPv6, IRC, IRemUnknown, IRemUnknown2, ISAKMP, ISDN, ISIS, ISL, ISMP, ISUP, ISystemActivator, IUA, IrCOMM, IrLAP, IrLMP, JFIF (JPEG) image, JXTA, JXTA Framing, JXTA Message, JXTA UDP, JXTA Welcome, Jabber, Juniper, K12xx, KADM5, KINK, KLM, KRB4, KRB5, KRB5RPC, Kpasswd, L2TP, LANMAN, LAPB, LAPBETHER, LAPD, LDAP, LDP, LLAP, LLC, LMI, LMP, LOOP, LPD, LSA, LWAPP, LWAPP-CNTL, LWAPP-L3, LWRES, Laplink, Line-based text data, Log, LogotypeCertExtn, Lucent/Ascend, M2PA, M2TP, M2UA, M3UA, MACC, MAPI, MAP_DialoguePDU, MATE, MDS Header, MEGACO, MGCP, MGMT, MIME multipart, MIPv6, MMS, MMSE, MOUNT, MPEG1, MPLS, MPLS Echo, MQ, MQ PCF, MRDISC, MS Proxy, MSDP, MSMMS, MSNIP, MSNMS, MSRP, MTP2, MTP3, MTP3MG, Manolito, Media, Messenger, Mobile IP, Modbus/TCP, MySQL, NBDS, NBIPX, NBNS, NBP, NBSS, NCP, NDMP, NDPS, NFS, NFSACL, NFSAUTH, NIS+, NIS+ CB, NLM, NLSP, NMAS, NMPI, NNTP, NORM, NSIP, NSPI, NS_CERT_EXTS, NTLMSSP, NTP, NW_SERIAL, NetBIOS, Netsync, Null, OAM AAL, OCSP, OLSR, OPSI, OSPF, PAGP, PARLAY, PCLI, PCNFSD, PER, PFLOG, PFLOG-OLD, PGM, PGSQL, PIM, PKCS-1, PKIX Certificate, PKIX1EXPLICIT, PKIX1IMPLICIT, PKIXPROXY, PKIXQUALIFIED, PKIXTSP, PKInit, PKTC, PN-DCP, PN-RT, PNIO, PNP, POP, PPP, PPP BACP, PPP BAP, PPP CBCP, PPP CCP, PPP CDPCP, PPP CHAP, PPP Comp, PPP IPCP, PPP IPV6CP, PPP LCP, PPP MP, PPP MPLSCP, PPP OSICP, PPP PAP, PPP PPPMux, PPP PPPMuxCP, PPP VJ, PPP-HDLC, PPPoED, PPPoES, PPTP, PRES, PTP, Portmap, Prism, Q.2931, Q.931, Q.933, QLLC, QUAKE, QUAKE2, QUAKE3, QUAKEWORLD, R-STP, RADIUS, RANAP, RDM, RDT, REMACT, REP_PROC, RIP, RIPng, RLM, RMCP, RMI, RMP, RPC, RPC_BROWSER, RPC_NETLOGON, RPL, RQUOTA, RRAS, RSH, RSTAT, RSVP, RSYNC, RS_ACCT, RS_ATTR, RS_BIND, RS_PGO, RS_PLCY, RS_REPADM, RS_REPLIST, RS_UNIX, RTCP, RTMP, RTP, RTP Event, RTPS, RTSP, RTcfg, RTmac, RUDP, RWALL, RX, Raw, Raw_SIP, Raw_SigComp, Redback, Rlogin, SADMIND, SAMR, SAP, SCCP, SCCPMG, SCSI, SCTP, SDLC, SDP, SEBEK, SECIDMAP, SES, SGI MOUNT, SIGCOMP, SIP, SIPFRAG, SIR, SKINNY, SLARP, SLL, SM, SMB, SMB Mailslot, SMB Pipe, SMB_NETLOGON, SMPP, SMRSE, SMTP, SMUX, SNA, SNA XID, SNAETH, SNDCP, SNMP, SONMP, SPNEGO-KRB5, SPOOLSS, SPP, SPRAY, SPX, SRVLOC, SRVSVC, SSCF-NNI, SSCOP, SSH, SSL, STAT, STAT-CB, STP, STUN, SUA, SVCCTL, Serialization, Slimp3, Socks, SoulSeek, Spnego, Symantec, Synergy, Syslog, T.38, TACACS, TACACS+, TALI, TANGO, TAPI, TCAP, TCP, TDMA, TDS, TEI_MANAGEMENT, TELNET, TFTP, TIME, TKN4Int, TNS, TPCP, TPKT, TR MAC, TRKSVR, TSP, TTP, TUXEDO, TZSP, Teredo, Token-Ring, UBIKDISK, UBIKVOTE, UCP, UDP, UDPENCAP, UMA, V.120, V5UA, VLAN, VNC, VRRP, VTP, Vines ARP, Vines Echo, Vines FRP, Vines ICP, Vines IP, Vines IPC, Vines LLC, Vines RTP, Vines SPP, WAP SIR, WBxml, WCCP, WCP, WHDLC, WHO, WINREG, WKSSVC, WLANCERTEXTN, WSP, WTLS, WTP, X.25, X.29, X11, X509AF, X509CE, X509IF, X509SAT, XDMCP, XML, XOT, XYPLEX, YHOO, YMSG, YPBIND, YPPASSWD, YPSERV, YPXFR, ZEBRA, ZIP, cds_solicit, cprpc_server, dce_update, dicom, giFT, h221nonstd, h245, h450, iFCP, iSCSI, iSNS, isup_thin, llb, message/http, nettl, rdaclif, roverride, rpriv, rs_attr_schema, rs_misc, rs_prop_acct, rs_prop_acl, rs_prop_attr, rs_prop_pgo, rs_prop_plcy, rs_pwd_mgmt, rs_repmgr, rsec_login, sFlow,

上一篇：外出使用无线局域网的十点无线网安全建议

下一篇：无绳电话会影响无线局域网的通讯吗?