AP 在连接过程的哪个阶段(探测?)“告诉”主机它的安全协议?(例如“我正在使用 WEP、WPA 等)
我已经使用 Wireshark 嗅探了一个数据包,但我在其中找不到任何安全信息(探测数据包),此外,我猜测在关联请求期间我应该已经在某处看到密码本身(散列),不是吗?
Frame 1087: 243 bytes on wire (1944 bits), 243 bytes captured (1944 bits) on interface 0
Interface id: 0 (\\.\airpcap00)
Encapsulation type: IEEE 802.11 plus radiotap radio header (23)
Arrival Time: Mar 18, 2014 21:32:34.530912000 Jerusalem Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1395171154.530912000 seconds
[Time delta from previous captured frame: 0.002115000 seconds]
[Time delta from previous displayed frame: 0.052362000 seconds]
[Time since reference or first frame: 16.649345000 seconds]
Frame Number: 1087
Frame Length: 243 bytes (1944 bits)
Capture Length: 243 bytes (1944 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: radiotap:wlan_radio:wlan]
Radiotap Header v0, Length 20
Header revision: 0
Header pad: 0
Header length: 20
Present flags
Present flags word: 0x000018ee
Flags: 0x10
.... ...0 = CFP: False
.... ..0. = Preamble: Long
.... .0.. = WEP: False
.... 0... = Fragmentation: False
...1 .... = FCS at end: True
..0. .... = Data Pad: False
.0.. .... = Bad FCS: False
0... .... = Short GI: False
Data Rate: 1.0 Mb/s
Channel frequency: 2412 [BG 1]
Channel flags: 0x00a0, Complementary Code Keying (CCK), 2 GHz spectrum
Antenna signal: -71dBm
Antenna noise: -100dBm
Signal Quality: 76
Antenna: 0
dB antenna signal: 29dB
802.11 radio information
PHY type: 802.11b (4)
Short preamble: False
Data rate: 1.0 Mb/s
Channel: 1
Frequency: 2412MHz
Signal strength (dBm): -71dBm
Noise level (dBm): -100dBm
[Duration: 1976µs]
IEEE 802.11 Probe Response, Flags: ........C
Type/Subtype: Probe Response (0x0005)
Frame Control Field: 0x5000
.... ..00 = Version: 0
.... 00.. = Type: Management frame (0)
0101 .... = Subtype: 5
Flags: 0x00
.000 0001 0011 1010 = Duration: 314 microseconds
Receiver address: Apple_b5:b8:13 (bc:3b:af:b5:b8:13)
Destination address: Apple_b5:b8:13 (bc:3b:af:b5:b8:13)
Transmitter address: Sagemcom_fb:5d:9d (00:78:9e:fb:5d:9d)
Source address: Sagemcom_fb:5d:9d (00:78:9e:fb:5d:9d)
BSS Id: Sagemcom_fb:5d:9d (00:78:9e:fb:5d:9d)
.... .... .... 0000 = Fragment number: 0
0011 0011 0000 .... = Sequence number: 816
Frame check sequence: 0xd381a870 [correct]
[FCS Status: Good]
IEEE 802.11 wireless LAN
Fixed parameters (12 bytes)
Timestamp: 0x0000008df3014db9
Beacon Interval: 0.102400 [Seconds]
Capabilities Information: 0x0411
.... .... .... ...1 = ESS capabilities: Transmitter is an AP
.... .... .... ..0. = IBSS status: Transmitter belongs to a BSS
.... ..0. .... 00.. = CFP participation capabilities: No point coordinator at AP (0x00)
.... .... ...1 .... = Privacy: AP/STA can support WEP
.... .... ..0. .... = Short Preamble: Not Allowed
.... .... .0.. .... = PBCC: Not Allowed
.... .... 0... .... = Channel Agility: Not in use
.... ...0 .... .... = Spectrum Management: Not Implemented
.... .1.. .... .... = Short Slot Time: In use
.... 0... .... .... = Automatic Power Save Delivery: Not Implemented
...0 .... .... .... = Radio Measurement: Not Implemented
..0. .... .... .... = DSSS-OFDM: Not Allowed
.0.. .... .... .... = Delayed Block Ack: Not Implemented
0... .... .... .... = Immediate Block Ack: Not Implemented
Tagged parameters (183 bytes)
Tag: SSID parameter set: HOTBOX-9810
Tag Number: SSID parameter set (0)
Tag length: 11
SSID: HOTBOX-9810
Tag: Supported Rates 1(B), 2(B), 5.5(B), 11(B), 18, 24, 36, 54, [Mbit/sec]
Tag Number: Supported Rates (1)
Tag length: 8
Supported Rates: 1(B) (0x82)
Supported Rates: 2(B) (0x84)
Supported Rates: 5.5(B) (0x8b)
Supported Rates: 11(B) (0x96)
Supported Rates: 18 (0x24)
Supported Rates: 24 (0x30)
Supported Rates: 36 (0x48)
Supported Rates: 54 (0x6c)
Tag: DS Parameter set: Current Channel: 1
Tag Number: DS Parameter set (3)
Tag length: 1
Current Channel: 1
Tag: ERP Information
Tag Number: ERP Information (42)
Tag length: 1
ERP Information: 0x00
Tag: ERP Information
Tag Number: ERP Information (47)
Tag length: 1
ERP Information: 0x00
Tag: RSN Information
Tag Number: RSN Information (48)
Tag length: 24
RSN Version: 1
Group Cipher Suite: 00:0f:ac (Ieee 802.11) TKIP
Pairwise Cipher Suite Count: 2
Pairwise Cipher Suite List 00:0f:ac (Ieee 802.11) AES (CCM) 00:0f:ac (Ieee 802.11) TKIP
Auth Key Management (AKM) Suite Count: 1
Auth Key Management (AKM) List 00:0f:ac (Ieee 802.11) PSK
RSN Capabilities: 0x000c
Tag: Extended Supported Rates 6, 9, 12, 48, [Mbit/sec]
Tag Number: Extended Supported Rates (50)
Tag length: 4
Extended Supported Rates: 6 (0x0c)
Extended Supported Rates: 9 (0x12)
Extended Supported Rates: 12 (0x18)
Extended Supported Rates: 48 (0x60)
Tag: HT Capabilities (802.11n D1.10)
Tag Number: HT Capabilities (802.11n D1.10) (45)
Tag length: 26
HT Capabilities Info: 0x18fc
.... .... .... ...0 = HT LDPC coding capability: Transmitter does not support receiving LDPC coded packets
.... .... .... ..0. = HT Support channel width: Transmitter only supports 20MHz operation
.... .... .... 11.. = HT SM Power Save: SM Power Save disabled (0x3)
.... .... ...1 .... = HT Green Field: Transmitter is able to receive PPDUs with Green Field (GF) preamble
.... .... ..1. .... = HT Short GI for 20MHz: Supported
.... .... .1.. .... = HT Short GI for 40MHz: Supported
.... .... 1... .... = HT Tx STBC: Supported
.... ..00 .... .... = HT Rx STBC: No Rx STBC support (0x0)
.... .0.. .... .... = HT Delayed Block ACK: Transmitter does not support HT-Delayed BlockAck
.... 1... .... .... = HT Max A-MSDU length: 7935 bytes
...1 .... .... .... = HT DSSS/CCK mode in 40MHz: Will/Can use DSSS/CCK in 40 MHz
..0. .... .... .... = HT PSMP Support: Won't/Can't support PSMP operation
.0.. .... .... .... = HT Forty MHz Intolerant: Use of 40 MHz transmissions unrestricted/allowed
0... .... .... .... = HT L-SIG TXOP Protection support: Not supported
A-MPDU Parameters: 0x1b
Rx Supported Modulation and Coding Scheme Set: MCS Set
HT Extended Capabilities: 0x0000
Transmit Beam Forming (TxBF) Capabilities: 0x00000000
Antenna Selection (ASEL) Capabilities: 0x00
Tag: HT Information (802.11n D1.10)
Tag Number: HT Information (802.11n D1.10) (61)
Tag length: 22
Primary Channel: 1
HT Information Subset (1 of 3): 0x08
HT Information Subset (2 of 3): 0x0004
HT Information Subset (3 of 3): 0x0000
Rx Supported Modulation and Coding Scheme Set: Basic MCS Set
Tag: Vendor Specific: Broadcom
Tag Number: Vendor Specific (221)
Tag length: 9
OUI: 00:10:18 (Broadcom)
Vendor Specific OUI Type: 2
Vendor Specific Data: 0202f02c0000
Tag: Vendor Specific: Microsoft Corp.: WPA Information Element
Tag Number: Vendor Specific (221)
Tag length: 28
OUI: 00:50:f2 (Microsoft Corp.)
Vendor Specific OUI Type: 1
Type: WPA Information Element (0x01)
WPA Version: 1
Multicast Cipher Suite: 00:50:f2 (Microsoft Corp.) TKIP
Unicast Cipher Suite Count: 2
Unicast Cipher Suite List 00:50:f2 (Microsoft Corp.) AES (CCM) 00:50:f2 (Microsoft Corp.) TKIP
Auth Key Management (AKM) Suite Count: 1
Auth Key Management (AKM) List 00:50:f2 (Microsoft Corp.) PSK
Tag: Vendor Specific: Microsoft Corp.: WMM/WME: Parameter Element
Tag Number: Vendor Specific (221)
Tag length: 24
OUI: 00:50:f2 (Microsoft Corp.)
Vendor Specific OUI Type: 2
Type: WMM/WME (0x02)
WME Subtype: Parameter Element (1)
WME Version: 1
WME QoS Info: 0x80
Reserved: 00
Ac Parameters ACI 0 (Best Effort), ACM no, AIFSN 3, ECWmin/max 4/10 (CWmin/max 15/1023), TXOP 0
Ac Parameters ACI 1 (Background), ACM no, AIFSN 7, ECWmin/max 4/10 (CWmin/max 15/1023), TXOP 0
Ac Parameters ACI 2 (Video), ACM no, AIFSN 2, ECWmin/max 3/4 (CWmin/max 7/15), TXOP 94
Ac Parameters ACI 3 (Voice), ACM no, AIFSN 2, ECWmin/max 2/3 (CWmin/max 3/7), TXOP 47
这是关联请求:
Frame 731: 210 bytes on wire (1680 bits), 210 bytes captured (1680 bits) on interface 0
Interface id: 0 (\\.\airpcap00)
Encapsulation type: IEEE 802.11 plus radiotap radio header (23)
Arrival Time: Mar 18, 2014 21:32:33.235805000 Jerusalem Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1395171153.235805000 seconds
[Time delta from previous captured frame: 0.001751000 seconds]
[Time delta from previous displayed frame: 3.447067000 seconds]
[Time since reference or first frame: 15.354238000 seconds]
Frame Number: 731
Frame Length: 210 bytes (1680 bits)
Capture Length: 210 bytes (1680 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: radiotap:wlan_radio:wlan]
Radiotap Header v0, Length 20
Header revision: 0
Header pad: 0
Header length: 20
Present flags
Present flags word: 0x000018ee
Flags: 0x10
.... ...0 = CFP: False
.... ..0. = Preamble: Long
.... .0.. = WEP: False
.... 0... = Fragmentation: False
...1 .... = FCS at end: True
..0. .... = Data Pad: False
.0.. .... = Bad FCS: False
0... .... = Short GI: False
Data Rate: 1.0 Mb/s
Channel frequency: 2412 [BG 1]
Channel flags: 0x00a0, Complementary Code Keying (CCK), 2 GHz spectrum
Antenna signal: -44dBm
Antenna noise: -100dBm
Signal Quality: 100
Antenna: 0
dB antenna signal: 56dB
802.11 radio information
PHY type: 802.11b (4)
Short preamble: False
Data rate: 1.0 Mb/s
Channel: 1
Frequency: 2412MHz
Signal strength (dBm): -44dBm
Noise level (dBm): -100dBm
[Duration: 1712µs]
IEEE 802.11 Association Request, Flags: ........C
Type/Subtype: Association Request (0x0000)
Frame Control Field: 0x0000
.... ..00 = Version: 0
.... 00.. = Type: Management frame (0)
0000 .... = Subtype: 0
Flags: 0x00
.000 0001 0011 1010 = Duration: 314 microseconds
Receiver address: Sagemcom_fb:5d:9d (00:78:9e:fb:5d:9d)
Destination address: Sagemcom_fb:5d:9d (00:78:9e:fb:5d:9d)
Transmitter address: SamsungE_74:b9:f9 (d0:22:be:74:b9:f9)
Source address: SamsungE_74:b9:f9 (d0:22:be:74:b9:f9)
BSS Id: Sagemcom_fb:5d:9d (00:78:9e:fb:5d:9d)
.... .... .... 0000 = Fragment number: 0
0011 0011 1000 .... = Sequence number: 824
Frame check sequence: 0xa7de824d [correct]
[FCS Status: Good]
IEEE 802.11 wireless LAN
Fixed parameters (4 bytes)
Capabilities Information: 0x0431
.... .... .... ...1 = ESS capabilities: Transmitter is an AP
.... .... .... ..0. = IBSS status: Transmitter belongs to a BSS
.... ..0. .... 00.. = CFP participation capabilities: No point coordinator at AP (0x00)
.... .... ...1 .... = Privacy: AP/STA can support WEP
.... .... ..1. .... = Short Preamble: Allowed
.... .... .0.. .... = PBCC: Not Allowed
.... .... 0... .... = Channel Agility: Not in use
.... ...0 .... .... = Spectrum Management: Not Implemented
.... .1.. .... .... = Short Slot Time: In use
.... 0... .... .... = Automatic Power Save Delivery: Not Implemented
...0 .... .... .... = Radio Measurement: Not Implemented
..0. .... .... .... = DSSS-OFDM: Not Allowed
.0.. .... .... .... = Delayed Block Ack: Not Implemented
0... .... .... .... = Immediate Block Ack: Not Implemented
Listen Interval: 0x000a
Tagged parameters (158 bytes)
Tag: SSID parameter set: HOTBOX-9810
Tag Number: SSID parameter set (0)
Tag length: 11
SSID: HOTBOX-9810
Tag: Supported Rates 1(B), 2(B), 5.5(B), 11(B), 18, 24, 36, 54, [Mbit/sec]
Tag Number: Supported Rates (1)
Tag length: 8
Supported Rates: 1(B) (0x82)
Supported Rates: 2(B) (0x84)
Supported Rates: 5.5(B) (0x8b)
Supported Rates: 11(B) (0x96)
Supported Rates: 18 (0x24)
Supported Rates: 24 (0x30)
Supported Rates: 36 (0x48)
Supported Rates: 54 (0x6c)
Tag: Power Capability Min: 8, Max: 18
Tag Number: Power Capability (33)
Tag length: 2
Minimum Transmit Power: 8
Maximum Transmit Power: 18
Tag: Supported Channels
Tag Number: Supported Channels (36)
Tag length: 2
Supported Channels Set #1 First: 1, Range: 13
Tag: RSN Information
Tag Number: RSN Information (48)
Tag length: 20
RSN Version: 1
Group Cipher Suite: 00:0f:ac (Ieee 802.11) TKIP
Pairwise Cipher Suite Count: 1
Pairwise Cipher Suite List 00:0f:ac (Ieee 802.11) AES (CCM)
Auth Key Management (AKM) Suite Count: 1
Auth Key Management (AKM) List 00:0f:ac (Ieee 802.11) PSK
RSN Capabilities: 0x0000
Tag: Extended Supported Rates 6, 9, 12, 48, [Mbit/sec]
Tag Number: Extended Supported Rates (50)
Tag length: 4
Extended Supported Rates: 6 (0x0c)
Extended Supported Rates: 9 (0x12)
Extended Supported Rates: 12 (0x18)
Extended Supported Rates: 48 (0x60)
Tag: HT Capabilities (802.11n D1.10)
Tag Number: HT Capabilities (802.11n D1.10) (45)
Tag length: 26
HT Capabilities Info: 0x112d
.... .... .... ...1 = HT LDPC coding capability: Transmitter supports receiving LDPC coded packets
.... .... .... ..0. = HT Support channel width: Transmitter only supports 20MHz operation
.... .... .... 11.. = HT SM Power Save: SM Power Save disabled (0x3)
.... .... ...0 .... = HT Green Field: Transmitter is not able to receive PPDUs with Green Field (GF) preamble
.... .... ..1. .... = HT Short GI for 20MHz: Supported
.... .... .0.. .... = HT Short GI for 40MHz: Not supported
.... .... 0... .... = HT Tx STBC: Not supported
.... ..01 .... .... = HT Rx STBC: Rx support of one spatial stream (0x1)
.... .0.. .... .... = HT Delayed Block ACK: Transmitter does not support HT-Delayed BlockAck
.... 0... .... .... = HT Max A-MSDU length: 3839 bytes
...1 .... .... .... = HT DSSS/CCK mode in 40MHz: Will/Can use DSSS/CCK in 40 MHz
..0. .... .... .... = HT PSMP Support: Won't/Can't support PSMP operation
.0.. .... .... .... = HT Forty MHz Intolerant: Use of 40 MHz transmissions unrestricted/allowed
0... .... .... .... = HT L-SIG TXOP Protection support: Not supported
A-MPDU Parameters: 0x17
Rx Supported Modulation and Coding Scheme Set: MCS Set
HT Extended Capabilities: 0x0000
Transmit Beam Forming (TxBF) Capabilities: 0x00000000
Antenna Selection (ASEL) Capabilities: 0x00
Tag: Vendor Specific: Broadcom
Tag Number: Vendor Specific (221)
Tag length: 9
OUI: 00:10:18 (Broadcom)
Vendor Specific OUI Type: 2
Vendor Specific Data: 020000100000
Tag: Vendor Specific: Epigram, Inc.: HT Capabilities (802.11n D1.10)
Tag Number: Vendor Specific (221)
Tag length: 30
OUI: 00:90:4c (Epigram, Inc.)
Vendor Specific OUI Type: 51
802.11n (Pre) Type: HT Capabilities (802.11n D1.10) (51)
HT Capabilities Info (VS): 0x112d
.... .... .... ...1 = HT LDPC coding capability: Transmitter supports receiving LDPC coded packets
.... .... .... ..0. = HT Support channel width: Transmitter only supports 20MHz operation
.... .... .... 11.. = HT SM Power Save: SM Power Save disabled (0x3)
.... .... ...0 .... = HT Green Field: Transmitter is not able to receive PPDUs with Green Field (GF) preamble
.... .... ..1. .... = HT Short GI for 20MHz: Supported
.... .... .0.. .... = HT Short GI for 40MHz: Not supported
.... .... 0... .... = HT Tx STBC: Not supported
.... ..01 .... .... = HT Rx STBC: Rx support of one spatial stream (0x1)
.... .0.. .... .... = HT Delayed Block ACK: Transmitter does not support HT-Delayed BlockAck
.... 0... .... .... = HT Max A-MSDU length: 3839 bytes
...1 .... .... .... = HT DSSS/CCK mode in 40MHz: Will/Can use DSSS/CCK in 40 MHz
..0. .... .... .... = HT PSMP Support: Won't/Can't support PSMP operation
.0.. .... .... .... = HT Forty MHz Intolerant: Use of 40 MHz transmissions unrestricted/allowed
0... .... .... .... = HT L-SIG TXOP Protection support: Not supported
A-MPDU Parameters (VS): 0x17
Rx Supported Modulation and Coding Scheme Set (VS): MCS Set
HT Extended Capabilities (VS): 0x0000
Transmit Beam Forming (TxBF) Capabilities (VS): 0x00000000
Antenna Selection (ASEL) Capabilities (VS): 0x00
Tag: Vendor Specific: Microsoft Corp.: WMM/WME: Information Element
Tag Number: Vendor Specific (221)
Tag length: 7
OUI: 00:50:f2 (Microsoft Corp.)
Vendor Specific OUI Type: 2
Type: WMM/WME (0x02)
WME Subtype: Information Element (0)
WME Version: 1
WME QoS Info: 0x00
Tag: Vendor Specific: Epigram, Inc.
Tag Number: Vendor Specific (221)
Tag length: 17
OUI: 00:90:4c (Epigram, Inc.)
Vendor Specific OUI Type: 55
802.11n (Pre) Type: Unknown (55)
802.11n (Pre) Unknown Data: 00000000000000000000000000