協議分析軟件Ethereal實現對無線局域網的協議分析

2019-11-05 03:08:35

字體：大中小

來源：轉載

供稿：網友

Ethereal：A Network Packet Sniffing Tool

Ethereal是免費而且功能強大的網絡調試和數據包協議分析軟件。Ethereal 基本類似于tcpdump，但 Ethereal 還具有設計完美的 GUI 和眾多分類信息及過濾選項。用戶通過 Ethereal，同時將網卡設置成混合模式，可以查看到網絡中發送的所有通信流量。目前，Ethereal在分析無線局域網時主要要注重的是“捕捉”網卡上傳輸數據時的設置。

Ethereal 應用于故障修復、分析、軟件和協議開發以及教育領域。它具有用戶對協議分析軟件所期望的所有標準特征，并具有其它同類產品所不具備的有關特征。Ethereal 是一種開發源代碼的許可軟件，答應用戶向其中添加改進方案。Ethereal 適用于當前所有較為流行的計算機系統，包括 Unix、linux 和 Windows 。

在使用Ethereal捕捉數據包時系統可能會有兩種方法來存儲捕捉的數據：

“真實”的802.11數據幀：捕捉硬件和驅動提供給了真實的無線局域網傳輸協議數據，它們是完整的802.11幀頭，要注重這中間有大量的“無線電信息”，比如信號強度等等。
“虛假”的以太幀：捕捉硬件和強度將802.11幀頭轉換成以太網幀頭，由此整個數據包看起來象正常的以太網數據幀。但是，此時所有的802.11專有的治理和控制幀由于它們沒有在標準以太網中的對應內容而被丟棄了。

所以在使用Ethereal捕捉無線局域網的數據包時，選擇正確的無線網卡工作模式就是非常要害的了。

下表是Ethereal支持的無線局域網協議域的內容：

IEEE 802.11 wireless LAN

PRotocol field name: wlan
Versions: 0.9.0 to 0.10.12

Field nameTypeDescriptionVersionswlan.addr6-byte Hardware (MAC) AddressSource or Destination address0.9.0 to 0.10.12wlan.aidUnsigned 16-bit integerAssociation ID0.9.0 to 0.10.12wlan.bssid6-byte Hardware (MAC) AddressBSS Id0.9.0 to 0.10.12wlan.ccmp.extivStringCCMP Ext. Initialization Vector0.10.5 to 0.10.12wlan.channelUnsigned 8-bit integerChannel0.9.4 to 0.10.12wlan.da6-byte Hardware (MAC) AddressDestination address0.9.0 to 0.10.12wlan.data_rateUnsigned 8-bit integerData Rate0.9.4 to 0.10.12wlan.durationUnsigned 16-bit integerDuration0.9.0 to 0.10.12wlan.fcUnsigned 16-bit integerFrame Control Field0.9.0 to 0.10.12wlan.fc.dsUnsigned 8-bit integerDS status0.9.0 to 0.10.12wlan.fc.fragBooleanMore Fragments0.9.0 to 0.10.12wlan.fc.fromdsBooleanFrom DS0.9.0 to 0.10.12wlan.fc.moredataBooleanMore Data0.9.0 to 0.10.12wlan.fc.orderBooleanOrder flag0.9.0 to 0.10.12wlan.fc.pwrmgtBooleanPWR MGT0.9.0 to 0.10.12wlan.fc.retryBooleanRetry0.9.0 to 0.10.12wlan.fc.suBTypeUnsigned 8-bit integerSubtype0.9.0 to 0.10.12wlan.fc.todsBooleanTo DS0.9.0 to 0.10.12wlan.fc.typeUnsigned 8-bit integerType0.9.0 to 0.10.12wlan.fc.type_subtypeUnsigned 16-bit integerType/Subtype0.9.0 to 0.10.12wlan.fc.versionUnsigned 8-bit integerVersion0.9.0 to 0.10.12wlan.fc.wepBooleanWEP flag0.9.0 to 0.10.12wlan.fcsUnsigned 32-bit integerFrame check sequence0.9.0 to 0.10.12wlan.flagsUnsigned 8-bit integerProtocol Flags0.9.0 to 0.10.12wlan.fragUnsigned 16-bit integerFragment number0.9.0 to 0.10.12wlan.fragmentFrame number802.11 Fragment0.9.4 to 0.10.12wlan.fragment.errorFrame numberDefragmentation error0.9.4 to 0.10.12wlan.fragment.multipletailsBooleanMultiple tail fragments found0.9.4 to 0.10.12wlan.fragment.overlapBooleanFragment overlap0.9.4 to 0.10.12wlan.fragment.overlap.conflictBooleanConflicting data in fragment overlap0.9.4 to 0.10.12wlan.fragment.toolongfragmentBooleanFragment too long0.9.4 to 0.10.12wlan.fragmentsNone802.11 Fragments0.9.4 to 0.10.12wlan.qos.ackUnsigned 16-bit integerAck Policy0.10.5 to 0.10.12wlan.qos.priorityUnsigned 16-bit integerPriority0.10.5 to 0.10.12wlan.ra6-byte Hardware (MAC) AddressReceiver address0.9.0 to 0.10.12wlan.reassembled_inFrame numberReassembled 802.11 in frame0.9.12 to 0.10.12wlan.sa6-byte Hardware (MAC) AddressSource address0.9.0 to 0.10.12wlan.seqUnsigned 16-bit integerSequence number0.9.0 to 0.10.12wlan.signal_strengthUnsigned 8-bit integerSignal Strength0.9.4 to 0.10.12wlan.ta6-byte Hardware (MAC) AddressTransmitter address0.9.0 to 0.10.12wlan.tkip.extivStringTKIP Ext. Initialization Vector0.10.5 to 0.10.12wlan.wep.crcUnsigned 32-bit integerWEP CRC (not verified)0.9.0 to 0.9.5wlan.wep.icvUnsigned 32-bit integerWEP ICV0.9.5 to 0.10.12wlan.wep.ivUnsigned 24-bit integerInitialization Vector0.9.0 to 0.10.12wlan.wep.keyUnsigned 8-bit integerKey0.9.0 to 0.10.12wlan.wep.weakivBooleanWeak IV0.10.9 to 0.10.12

附：Ethereal支持相當多的協議（號稱700余種）

3COMXNS, 3GPP2 A11, 802.11 MGT, 802.11 Radiotap, 802.3 Slow protocols, 9P, AAL1, AAL3/4, AARP, ACAP, ACN, ACSE, ACtrace, ADP, AFP, AFS (RX), AH, AIM, AIM Administration, AIM Advertisements, AIM BOS, AIM Buddylist, AIM Chat, AIM ChatNav, AIM Directory, AIM Email, AIM Generic, AIM ICQ, AIM Invitation, AIM Location, AIM Messaging, AIM OFT, AIM Popup, AIM SSI, AIM SST, AIM Signon, AIM Stats, AIM Translate, AIM User Lookup, AJP13, ALC, ALCAP, AMR, ANS, ANSI BSMAP, ANSI DTAP, ANSI IS-637-A Teleservice, ANSI IS-637-A Transport, ANSI IS-683-A (OTA (Mobile)), ANSI IS-801 (Location Services (PLD)), ANSI MAP, AODV, AOE, ARCNET, ARP/RARP, ARTNET, ASAP, ASF, ASN1, asp, ATM, ATM LANE, ATP, ATSVC, AVS WLANCAP, AX4000, AgentX, Armagetronad, Auto-RP, BACapp, BACnet, BEEP, BER, BFD Control, BGP, BICC, BOFL, BOOTP/DHCP, BOOTPARAMS, BOSSVR, BROWSER, BSSAP, BSSGP, BUDB, BUTC, BVLC, BitTorrent, Boardwalk, CAMEL, CAST, CBAPDev, CCSDS, CDP, CDS_CLERK, CFLOW, CGMP, CHDLC, CIP, CLDAP, CLEARCASE, CLNP, CLTP, CMIP, CMP, CMS, CONV, COPS, COSEVENTCOMM, COSNAMING, COTP, CPFI, CPHA, CRMF, CSM_ENCAPS, CUPS, CoSine, DAAP, DCCP, DCERPC, DCE_DFS, DCOM, DDP, DDTP, DEC_DNA, DEC_STP, DFS, DHCPFO, DHCPv6, DIS, DISTCC, DLSw, DLT User A, DLT User B, DLT User C, DLT User D, DNP 3.0, DNS, DNSSERVER, DOCSIS, DOCSIS BPKM-ATTR, DOCSIS BPKM-REQ, DOCSIS BPKM-RSP, DOCSIS DSA-ACK, DOCSIS DSA-REQ, DOCSIS DSA-RSP, DOCSIS DSC-ACK, DOCSIS DSC-REQ, DOCSIS DSC-RSP, DOCSIS DSD-REQ, DOCSIS DSD-RSP, DOCSIS INT-RNG-REQ, DOCSIS MAC MGMT, DOCSIS MAP, DOCSIS REG-ACK, DOCSIS REG-REQ, DOCSIS REG-RSP, DOCSIS RNG-REQ, DOCSIS RNG-RSP, DOCSIS TLVs, DOCSIS UCC-REQ, DOCSIS UCC-RSP, DOCSIS UCD, DOCSIS VSIF, DOCSIS type29ucd, DRSUAPI, DSI, DSSETUP, DTP, DTSPROVIDER, DTSSTIME_REQ, DUA, DVMRP, Data, Diameter, E.164, EAP, EAPOL, ECHO, EDONKEY, EFS, EIGRP, ENC, ENIP, ENRP, ENTTEC, EPM, EPMv4, ESIS, ESP, ESS, ETHERIC, ETHERIP, EVENTLOG, Ethernet, FC, FC ELS, FC FZS, FC-FCS, FC-SB3, FC-SP, FC-SWILS, FC-dNS, FCIP, FCP, FC_CT, FDDI, FIX, FLDB, FR, FRSAPI, FRSRPC, FTAM, FTP, FTP-DATA, FTSERVER, FW-1, Frame, G.723, GIF image, GIOP, GMRP, GNUTELLA, GPRS NS, GPRS-LLC, GRE, GSM BSSMAP, GSM DTAP, GSM RP, GSM SMS, GSM SMS UD, GSM_MAP, GSS-API, GTP, GVRP, Gryphon, H.261, H.263, H1, H225, H235, H248, HCLNFSD, HPEXT, HPSW, HSRP, HTTP, HyperSCSI, IAP, IAPP, IAX2, IB, ICAP, ICBAAccoCB, ICBAAccoCB2, ICBAAccoMgt, ICBAAccoMgt2, ICBAAccoServ, ICBAAccoServ2, ICBAAccoServSRT, ICBAAccoSync, ICBABrowse, ICBABrowse2, ICBAGErr, ICBAGErrEvent, ICBALDev, ICBALDev2, ICBAPDev, ICBAPDev2, ICBAPDevPC, ICBAPDevPCEvent, ICBAPersist, ICBAPersist2, ICBARTAuto, ICBARTAuto2, ICBAState, ICBAStateEvent, ICBASysProp, ICBATime, ICEP, ICL_RPC, ICMP, ICMPv6, ICP, ICQ, IDP, IDispatch, IEEE 802.11, IEEE802a, IGAP, IGMP, IGRP, ILMI, IMAP, INAP, INITSHUTDOWN, IOXIDResolver, IP, IP/IEEE1394, IPComp, IPDC, IPFC, IPMI, IPP, IPVS, IPX, IPX MSG, IPX RIP, IPX SAP, IPX WAN, IPv6, IRC, IRemUnknown, IRemUnknown2, ISAKMP, ISDN, ISIS, ISL, ISMP, ISUP, ISystemActivator, IUA, IrCOMM, IrLAP, IrLMP, JFIF (JPEG) image, JXTA, JXTA Framing, JXTA Message, JXTA UDP, JXTA Welcome, Jabber, Juniper, K12xx, KADM5, KINK, KLM, KRB4, KRB5, KRB5RPC, Kpasswd, L2TP, LANMAN, LAPB, LAPBETHER, LAPD, LDAP, LDP, LLAP, LLC, LMI, LMP, LOOP, LPD, LSA, LWAPP, LWAPP-CNTL, LWAPP-L3, LWRES, Laplink, Line-based text data, Log, LogotypeCertExtn, Lucent/Ascend, M2PA, M2TP, M2UA, M3UA, MACC, MAPI, MAP_DialoguePDU, MATE, MDS Header, MEGACO, MGCP, MGMT, MIME multipart, MIPv6, MMS, MMSE, MOUNT, MPEG1, MPLS, MPLS Echo, MQ, MQ PCF, MRDISC, MS Proxy, MSDP, MSMMS, MSNIP, MSNMS, MSRP, MTP2, MTP3, MTP3MG, Manolito, Media, Messenger, Mobile IP, Modbus/TCP, MySQL, NBDS, NBIPX, NBNS, NBP, NBSS, NCP, NDMP, NDPS, NFS, NFSACL, NFSAUTH, NIS+, NIS+ CB, NLM, NLSP, NMAS, NMPI, NNTP, NORM, NSIP, NSPI, NS_CERT_EXTS, NTLMSSP, NTP, NW_SERIAL, NetBIOS, Netsync, Null, OAM AAL, OCSP, OLSR, OPSI, OSPF, PAGP, PARLAY, PCLI, PCNFSD, PER, PFLOG, PFLOG-OLD, PGM, PGSQL, PIM, PKCS-1, PKIX Certificate, PKIX1EXPLICIT, PKIX1IMPLICIT, PKIXPROXY, PKIXQUALIFIED, PKIXTSP, PKInit, PKTC, PN-DCP, PN-RT, PNIO, PNP, POP, PPP, PPP BACP, PPP BAP, PPP CBCP, PPP CCP, PPP CDPCP, PPP CHAP, PPP Comp, PPP IPCP, PPP IPV6CP, PPP LCP, PPP MP, PPP MPLSCP, PPP OSICP, PPP PAP, PPP PPPMux, PPP PPPMuxCP, PPP VJ, PPP-HDLC, PPPoED, PPPoES, PPTP, PRES, PTP, Portmap, Prism, Q.2931, Q.931, Q.933, QLLC, QUAKE, QUAKE2, QUAKE3, QUAKEWORLD, R-STP, RADIUS, RANAP, RDM, RDT, REMACT, REP_PROC, RIP, RIPng, RLM, RMCP, RMI, RMP, RPC, RPC_BROWSER, RPC_NETLOGON, RPL, RQUOTA, RRAS, RSH, RSTAT, RSVP, RSYNC, RS_ACCT, RS_ATTR, RS_BIND, RS_PGO, RS_PLCY, RS_REPADM, RS_REPLIST, RS_UNIX, RTCP, RTMP, RTP, RTP Event, RTPS, RTSP, RTcfg, RTmac, RUDP, RWALL, RX, Raw, Raw_SIP, Raw_SigComp, Redback, Rlogin, SADMIND, SAMR, SAP, SCCP, SCCPMG, SCSI, SCTP, SDLC, SDP, SEBEK, SECIDMAP, SES, SGI MOUNT, SIGCOMP, SIP, SIPFRAG, SIR, SKINNY, SLARP, SLL, SM, SMB, SMB Mailslot, SMB Pipe, SMB_NETLOGON, SMPP, SMRSE, SMTP, SMUX, SNA, SNA XID, SNAETH, SNDCP, SNMP, SONMP, SPNEGO-KRB5, SPOOLSS, SPP, SPRAY, SPX, SRVLOC, SRVSVC, SSCF-NNI, SSCOP, SSH, SSL, STAT, STAT-CB, STP, STUN, SUA, SVCCTL, Serialization, Slimp3, Socks, SoulSeek, Spnego, Symantec, Synergy, Syslog, T.38, TACACS, TACACS+, TALI, TANGO, TAPI, TCAP, TCP, TDMA, TDS, TEI_MANAGEMENT, TELNET, TFTP, TIME, TKN4Int, TNS, TPCP, TPKT, TR MAC, TRKSVR, TSP, TTP, TUXEDO, TZSP, Teredo, Token-Ring, UBIKDISK, UBIKVOTE, UCP, UDP, UDPENCAP, UMA, V.120, V5UA, VLAN, VNC, VRRP, VTP, Vines ARP, Vines Echo, Vines FRP, Vines ICP, Vines IP, Vines IPC, Vines LLC, Vines RTP, Vines SPP, WAP SIR, WBxml, WCCP, WCP, WHDLC, WHO, WINREG, WKSSVC, WLANCERTEXTN, WSP, WTLS, WTP, X.25, X.29, X11, X509AF, X509CE, X509IF, X509SAT, XDMCP, XML, XOT, XYPLEX, YHOO, YMSG, YPBIND, YPPASSWD, YPSERV, YPXFR, ZEBRA, ZIP, cds_solicit, cprpc_server, dce_update, dicom, giFT, h221nonstd, h245, h450, iFCP, iSCSI, iSNS, isup_thin, llb, message/http, nettl, rdaclif, roverride, rpriv, rs_attr_schema, rs_misc, rs_prop_acct, rs_prop_acl, rs_prop_attr, rs_prop_pgo, rs_prop_plcy, rs_pwd_mgmt, rs_repmgr, rsec_login, sFlow,

上一篇：外出使用無線局域網的十點無線網安全建議

下一篇：無繩電話會影響無線局域網的通訊嗎?