協(xié)議分析軟件Ethereal實(shí)現(xiàn)對(duì)無(wú)線局域網(wǎng)的協(xié)議分析

2019-11-05 03:08:35

字體：大中小

供稿：網(wǎng)友

Ethereal：A Network Packet Sniffing Tool

Ethereal是免費(fèi)而且功能強(qiáng)大的網(wǎng)絡(luò)調(diào)試和數(shù)據(jù)包協(xié)議分析軟件。Ethereal 基本類似于tcpdump，但 Ethereal 還具有設(shè)計(jì)完美的 GUI 和眾多分類信息及過濾選項(xiàng)。用戶通過 Ethereal，同時(shí)將網(wǎng)卡設(shè)置成混合模式，可以查看到網(wǎng)絡(luò)中發(fā)送的所有通信流量。目前，Ethereal在分析無(wú)線局域網(wǎng)時(shí)主要要注重的是“捕捉”網(wǎng)卡上傳輸數(shù)據(jù)時(shí)的設(shè)置。

Ethereal 應(yīng)用于故障修復(fù)、分析、軟件和協(xié)議開發(fā)以及教育領(lǐng)域。它具有用戶對(duì)協(xié)議分析軟件所期望的所有標(biāo)準(zhǔn)特征，并具有其它同類產(chǎn)品所不具備的有關(guān)特征。Ethereal 是一種開發(fā)源代碼的許可軟件，答應(yīng)用戶向其中添加改進(jìn)方案。Ethereal 適用于當(dāng)前所有較為流行的計(jì)算機(jī)系統(tǒng)，包括 Unix、linux 和 Windows 。

在使用Ethereal捕捉數(shù)據(jù)包時(shí)系統(tǒng)可能會(huì)有兩種方法來存儲(chǔ)捕捉的數(shù)據(jù)：

“真實(shí)”的802.11數(shù)據(jù)幀：捕捉硬件和驅(qū)動(dòng)提供給了真實(shí)的無(wú)線局域網(wǎng)傳輸協(xié)議數(shù)據(jù)，它們是完整的802.11幀頭，要注重這中間有大量的“無(wú)線電信息”，比如信號(hào)強(qiáng)度等等。
“虛假”的以太幀：捕捉硬件和強(qiáng)度將802.11幀頭轉(zhuǎn)換成以太網(wǎng)幀頭，由此整個(gè)數(shù)據(jù)包看起來象正常的以太網(wǎng)數(shù)據(jù)幀。但是，此時(shí)所有的802.11專有的治理和控制幀由于它們沒有在標(biāo)準(zhǔn)以太網(wǎng)中的對(duì)應(yīng)內(nèi)容而被丟棄了。

所以在使用Ethereal捕捉無(wú)線局域網(wǎng)的數(shù)據(jù)包時(shí)，選擇正確的無(wú)線網(wǎng)卡工作模式就是非常要害的了。

下表是Ethereal支持的無(wú)線局域網(wǎng)協(xié)議域的內(nèi)容：

IEEE 802.11 wireless LAN

PRotocol field name: wlan
Versions: 0.9.0 to 0.10.12

Field nameTypeDescriptionVersionswlan.addr6-byte Hardware (MAC) AddressSource or Destination address0.9.0 to 0.10.12wlan.aidUnsigned 16-bit integerAssociation ID0.9.0 to 0.10.12wlan.bssid6-byte Hardware (MAC) AddressBSS Id0.9.0 to 0.10.12wlan.ccmp.extivStringCCMP Ext. Initialization Vector0.10.5 to 0.10.12wlan.channelUnsigned 8-bit integerChannel0.9.4 to 0.10.12wlan.da6-byte Hardware (MAC) AddressDestination address0.9.0 to 0.10.12wlan.data_rateUnsigned 8-bit integerData Rate0.9.4 to 0.10.12wlan.durationUnsigned 16-bit integerDuration0.9.0 to 0.10.12wlan.fcUnsigned 16-bit integerFrame Control Field0.9.0 to 0.10.12wlan.fc.dsUnsigned 8-bit integerDS status0.9.0 to 0.10.12wlan.fc.fragBooleanMore Fragments0.9.0 to 0.10.12wlan.fc.fromdsBooleanFrom DS0.9.0 to 0.10.12wlan.fc.moredataBooleanMore Data0.9.0 to 0.10.12wlan.fc.orderBooleanOrder flag0.9.0 to 0.10.12wlan.fc.pwrmgtBooleanPWR MGT0.9.0 to 0.10.12wlan.fc.retryBooleanRetry0.9.0 to 0.10.12wlan.fc.suBTypeUnsigned 8-bit integerSubtype0.9.0 to 0.10.12wlan.fc.todsBooleanTo DS0.9.0 to 0.10.12wlan.fc.typeUnsigned 8-bit integerType0.9.0 to 0.10.12wlan.fc.type_subtypeUnsigned 16-bit integerType/Subtype0.9.0 to 0.10.12wlan.fc.versionUnsigned 8-bit integerVersion0.9.0 to 0.10.12wlan.fc.wepBooleanWEP flag0.9.0 to 0.10.12wlan.fcsUnsigned 32-bit integerFrame check sequence0.9.0 to 0.10.12wlan.flagsUnsigned 8-bit integerProtocol Flags0.9.0 to 0.10.12wlan.fragUnsigned 16-bit integerFragment number0.9.0 to 0.10.12wlan.fragmentFrame number802.11 Fragment0.9.4 to 0.10.12wlan.fragment.errorFrame numberDefragmentation error0.9.4 to 0.10.12wlan.fragment.multipletailsBooleanMultiple tail fragments found0.9.4 to 0.10.12wlan.fragment.overlapBooleanFragment overlap0.9.4 to 0.10.12wlan.fragment.overlap.conflictBooleanConflicting data in fragment overlap0.9.4 to 0.10.12wlan.fragment.toolongfragmentBooleanFragment too long0.9.4 to 0.10.12wlan.fragmentsNone802.11 Fragments0.9.4 to 0.10.12wlan.qos.ackUnsigned 16-bit integerAck Policy0.10.5 to 0.10.12wlan.qos.priorityUnsigned 16-bit integerPriority0.10.5 to 0.10.12wlan.ra6-byte Hardware (MAC) AddressReceiver address0.9.0 to 0.10.12wlan.reassembled_inFrame numberReassembled 802.11 in frame0.9.12 to 0.10.12wlan.sa6-byte Hardware (MAC) AddressSource address0.9.0 to 0.10.12wlan.seqUnsigned 16-bit integerSequence number0.9.0 to 0.10.12wlan.signal_strengthUnsigned 8-bit integerSignal Strength0.9.4 to 0.10.12wlan.ta6-byte Hardware (MAC) AddressTransmitter address0.9.0 to 0.10.12wlan.tkip.extivStringTKIP Ext. Initialization Vector0.10.5 to 0.10.12wlan.wep.crcUnsigned 32-bit integerWEP CRC (not verified)0.9.0 to 0.9.5wlan.wep.icvUnsigned 32-bit integerWEP ICV0.9.5 to 0.10.12wlan.wep.ivUnsigned 24-bit integerInitialization Vector0.9.0 to 0.10.12wlan.wep.keyUnsigned 8-bit integerKey0.9.0 to 0.10.12wlan.wep.weakivBooleanWeak IV0.10.9 to 0.10.12

附：Ethereal支持相當(dāng)多的協(xié)議（號(hào)稱700余種）

3COMXNS, 3GPP2 A11, 802.11 MGT, 802.11 Radiotap, 802.3 Slow protocols, 9P, AAL1, AAL3/4, AARP, ACAP, ACN, ACSE, ACtrace, ADP, AFP, AFS (RX), AH, AIM, AIM Administration, AIM Advertisements, AIM BOS, AIM Buddylist, AIM Chat, AIM ChatNav, AIM Directory, AIM Email, AIM Generic, AIM ICQ, AIM Invitation, AIM Location, AIM Messaging, AIM OFT, AIM Popup, AIM SSI, AIM SST, AIM Signon, AIM Stats, AIM Translate, AIM User Lookup, AJP13, ALC, ALCAP, AMR, ANS, ANSI BSMAP, ANSI DTAP, ANSI IS-637-A Teleservice, ANSI IS-637-A Transport, ANSI IS-683-A (OTA (Mobile)), ANSI IS-801 (Location Services (PLD)), ANSI MAP, AODV, AOE, ARCNET, ARP/RARP, ARTNET, ASAP, ASF, ASN1, asp, ATM, ATM LANE, ATP, ATSVC, AVS WLANCAP, AX4000, AgentX, Armagetronad, Auto-RP, BACapp, BACnet, BEEP, BER, BFD Control, BGP, BICC, BOFL, BOOTP/DHCP, BOOTPARAMS, BOSSVR, BROWSER, BSSAP, BSSGP, BUDB, BUTC, BVLC, BitTorrent, Boardwalk, CAMEL, CAST, CBAPDev, CCSDS, CDP, CDS_CLERK, CFLOW, CGMP, CHDLC, CIP, CLDAP, CLEARCASE, CLNP, CLTP, CMIP, CMP, CMS, CONV, COPS, COSEVENTCOMM, COSNAMING, COTP, CPFI, CPHA, CRMF, CSM_ENCAPS, CUPS, CoSine, DAAP, DCCP, DCERPC, DCE_DFS, DCOM, DDP, DDTP, DEC_DNA, DEC_STP, DFS, DHCPFO, DHCPv6, DIS, DISTCC, DLSw, DLT User A, DLT User B, DLT User C, DLT User D, DNP 3.0, DNS, DNSSERVER, DOCSIS, DOCSIS BPKM-ATTR, DOCSIS BPKM-REQ, DOCSIS BPKM-RSP, DOCSIS DSA-ACK, DOCSIS DSA-REQ, DOCSIS DSA-RSP, DOCSIS DSC-ACK, DOCSIS DSC-REQ, DOCSIS DSC-RSP, DOCSIS DSD-REQ, DOCSIS DSD-RSP, DOCSIS INT-RNG-REQ, DOCSIS MAC MGMT, DOCSIS MAP, DOCSIS REG-ACK, DOCSIS REG-REQ, DOCSIS REG-RSP, DOCSIS RNG-REQ, DOCSIS RNG-RSP, DOCSIS TLVs, DOCSIS UCC-REQ, DOCSIS UCC-RSP, DOCSIS UCD, DOCSIS VSIF, DOCSIS type29ucd, DRSUAPI, DSI, DSSETUP, DTP, DTSPROVIDER, DTSSTIME_REQ, DUA, DVMRP, Data, Diameter, E.164, EAP, EAPOL, ECHO, EDONKEY, EFS, EIGRP, ENC, ENIP, ENRP, ENTTEC, EPM, EPMv4, ESIS, ESP, ESS, ETHERIC, ETHERIP, EVENTLOG, Ethernet, FC, FC ELS, FC FZS, FC-FCS, FC-SB3, FC-SP, FC-SWILS, FC-dNS, FCIP, FCP, FC_CT, FDDI, FIX, FLDB, FR, FRSAPI, FRSRPC, FTAM, FTP, FTP-DATA, FTSERVER, FW-1, Frame, G.723, GIF image, GIOP, GMRP, GNUTELLA, GPRS NS, GPRS-LLC, GRE, GSM BSSMAP, GSM DTAP, GSM RP, GSM SMS, GSM SMS UD, GSM_MAP, GSS-API, GTP, GVRP, Gryphon, H.261, H.263, H1, H225, H235, H248, HCLNFSD, HPEXT, HPSW, HSRP, HTTP, HyperSCSI, IAP, IAPP, IAX2, IB, ICAP, ICBAAccoCB, ICBAAccoCB2, ICBAAccoMgt, ICBAAccoMgt2, ICBAAccoServ, ICBAAccoServ2, ICBAAccoServSRT, ICBAAccoSync, ICBABrowse, ICBABrowse2, ICBAGErr, ICBAGErrEvent, ICBALDev, ICBALDev2, ICBAPDev, ICBAPDev2, ICBAPDevPC, ICBAPDevPCEvent, ICBAPersist, ICBAPersist2, ICBARTAuto, ICBARTAuto2, ICBAState, ICBAStateEvent, ICBASysProp, ICBATime, ICEP, ICL_RPC, ICMP, ICMPv6, ICP, ICQ, IDP, IDispatch, IEEE 802.11, IEEE802a, IGAP, IGMP, IGRP, ILMI, IMAP, INAP, INITSHUTDOWN, IOXIDResolver, IP, IP/IEEE1394, IPComp, IPDC, IPFC, IPMI, IPP, IPVS, IPX, IPX MSG, IPX RIP, IPX SAP, IPX WAN, IPv6, IRC, IRemUnknown, IRemUnknown2, ISAKMP, ISDN, ISIS, ISL, ISMP, ISUP, ISystemActivator, IUA, IrCOMM, IrLAP, IrLMP, JFIF (JPEG) image, JXTA, JXTA Framing, JXTA Message, JXTA UDP, JXTA Welcome, Jabber, Juniper, K12xx, KADM5, KINK, KLM, KRB4, KRB5, KRB5RPC, Kpasswd, L2TP, LANMAN, LAPB, LAPBETHER, LAPD, LDAP, LDP, LLAP, LLC, LMI, LMP, LOOP, LPD, LSA, LWAPP, LWAPP-CNTL, LWAPP-L3, LWRES, Laplink, Line-based text data, Log, LogotypeCertExtn, Lucent/Ascend, M2PA, M2TP, M2UA, M3UA, MACC, MAPI, MAP_DialoguePDU, MATE, MDS Header, MEGACO, MGCP, MGMT, MIME multipart, MIPv6, MMS, MMSE, MOUNT, MPEG1, MPLS, MPLS Echo, MQ, MQ PCF, MRDISC, MS Proxy, MSDP, MSMMS, MSNIP, MSNMS, MSRP, MTP2, MTP3, MTP3MG, Manolito, Media, Messenger, Mobile IP, Modbus/TCP, MySQL, NBDS, NBIPX, NBNS, NBP, NBSS, NCP, NDMP, NDPS, NFS, NFSACL, NFSAUTH, NIS+, NIS+ CB, NLM, NLSP, NMAS, NMPI, NNTP, NORM, NSIP, NSPI, NS_CERT_EXTS, NTLMSSP, NTP, NW_SERIAL, NetBIOS, Netsync, Null, OAM AAL, OCSP, OLSR, OPSI, OSPF, PAGP, PARLAY, PCLI, PCNFSD, PER, PFLOG, PFLOG-OLD, PGM, PGSQL, PIM, PKCS-1, PKIX Certificate, PKIX1EXPLICIT, PKIX1IMPLICIT, PKIXPROXY, PKIXQUALIFIED, PKIXTSP, PKInit, PKTC, PN-DCP, PN-RT, PNIO, PNP, POP, PPP, PPP BACP, PPP BAP, PPP CBCP, PPP CCP, PPP CDPCP, PPP CHAP, PPP Comp, PPP IPCP, PPP IPV6CP, PPP LCP, PPP MP, PPP MPLSCP, PPP OSICP, PPP PAP, PPP PPPMux, PPP PPPMuxCP, PPP VJ, PPP-HDLC, PPPoED, PPPoES, PPTP, PRES, PTP, Portmap, Prism, Q.2931, Q.931, Q.933, QLLC, QUAKE, QUAKE2, QUAKE3, QUAKEWORLD, R-STP, RADIUS, RANAP, RDM, RDT, REMACT, REP_PROC, RIP, RIPng, RLM, RMCP, RMI, RMP, RPC, RPC_BROWSER, RPC_NETLOGON, RPL, RQUOTA, RRAS, RSH, RSTAT, RSVP, RSYNC, RS_ACCT, RS_ATTR, RS_BIND, RS_PGO, RS_PLCY, RS_REPADM, RS_REPLIST, RS_UNIX, RTCP, RTMP, RTP, RTP Event, RTPS, RTSP, RTcfg, RTmac, RUDP, RWALL, RX, Raw, Raw_SIP, Raw_SigComp, Redback, Rlogin, SADMIND, SAMR, SAP, SCCP, SCCPMG, SCSI, SCTP, SDLC, SDP, SEBEK, SECIDMAP, SES, SGI MOUNT, SIGCOMP, SIP, SIPFRAG, SIR, SKINNY, SLARP, SLL, SM, SMB, SMB Mailslot, SMB Pipe, SMB_NETLOGON, SMPP, SMRSE, SMTP, SMUX, SNA, SNA XID, SNAETH, SNDCP, SNMP, SONMP, SPNEGO-KRB5, SPOOLSS, SPP, SPRAY, SPX, SRVLOC, SRVSVC, SSCF-NNI, SSCOP, SSH, SSL, STAT, STAT-CB, STP, STUN, SUA, SVCCTL, Serialization, Slimp3, Socks, SoulSeek, Spnego, Symantec, Synergy, Syslog, T.38, TACACS, TACACS+, TALI, TANGO, TAPI, TCAP, TCP, TDMA, TDS, TEI_MANAGEMENT, TELNET, TFTP, TIME, TKN4Int, TNS, TPCP, TPKT, TR MAC, TRKSVR, TSP, TTP, TUXEDO, TZSP, Teredo, Token-Ring, UBIKDISK, UBIKVOTE, UCP, UDP, UDPENCAP, UMA, V.120, V5UA, VLAN, VNC, VRRP, VTP, Vines ARP, Vines Echo, Vines FRP, Vines ICP, Vines IP, Vines IPC, Vines LLC, Vines RTP, Vines SPP, WAP SIR, WBxml, WCCP, WCP, WHDLC, WHO, WINREG, WKSSVC, WLANCERTEXTN, WSP, WTLS, WTP, X.25, X.29, X11, X509AF, X509CE, X509IF, X509SAT, XDMCP, XML, XOT, XYPLEX, YHOO, YMSG, YPBIND, YPPASSWD, YPSERV, YPXFR, ZEBRA, ZIP, cds_solicit, cprpc_server, dce_update, dicom, giFT, h221nonstd, h245, h450, iFCP, iSCSI, iSNS, isup_thin, llb, message/http, nettl, rdaclif, roverride, rpriv, rs_attr_schema, rs_misc, rs_prop_acct, rs_prop_acl, rs_prop_attr, rs_prop_pgo, rs_prop_plcy, rs_pwd_mgmt, rs_repmgr, rsec_login, sFlow,

上一篇：外出使用無(wú)線局域網(wǎng)的十點(diǎn)無(wú)線網(wǎng)安全建議

下一篇：無(wú)繩電話會(huì)影響無(wú)線局域網(wǎng)的通訊嗎?