linux ubuntu libpcap抓wlan数据包问题

LinuxMan 2013-01-04 09:38:28

RT

现在困扰的是不懂抓到的为什么是以太网数据帧结构

success: device: eth1
EN10MB
Ethernet
id: 1
Packet length: 54
Number of bytes: 54
Recieved time: Fri Jan 4 09:35:03 2013
e0 05 c5 60 3a d4 c4 17 fe 75 d9 7c 08 00 45 00
00 28 1e 4e 40 00 40 06 8f 74 c0 a8 01 70 4a 7d
80 78 c9 b5 00 50 ea bb 8e 29 c6 1d bf c2 50 11
02 45 8d 28 00 00

id: 2
Packet length: 54
Number of bytes: 54
Recieved time: Fri Jan 4 09:35:03 2013
c4 17 fe 75 d9 7c e0 05 c5 60 3a d4 08 00 45 00
00 28 ad a3 00 00 2d 06 53 1f 4a 7d 80 78 c0 a8
01 70 00 50 c9 b5 c6 1d bf c2 ea bb 8e 2a 50 11
03 ea 56 0f 00 00

id: 3
Packet length: 54
Number of bytes: 54
Recieved time: Fri Jan 4 09:35:03 2013
e0 05 c5 60 3a d4 c4 17 fe 75 d9 7c 08 00 45 00
00 28 1e 4f 40 00 40 06 8f 73 c0 a8 01 70 4a 7d
80 78 c9 b5 00 50 ea bb 8e 2a c6 1d bf c3 50 10
02 45 8d 28 00 00

id: 4
Packet length: 54
Number of bytes: 54
Recieved time: Fri Jan 4 09:35:04 2013
e0 05 c5 60 3a d4 c4 17 fe 75 d9 7c 08 00 45 00
00 28 e6 f7 40 00 40 06 e8 64 c0 a8 01 70 72 70
36 eb 90 fd 00 50 5a 5f 74 b0 e4 ad e9 ba 50 11
01 f0 6b 8e 00 00

id: 5
Packet length: 54
Number of bytes: 54
Recieved time: Fri Jan 4 09:35:04 2013
e0 05 c5 60 3a d4 c4 17 fe 75 d9 7c 08 00 45 00
00 28 19 1f 40 00 40 06 b6 3d c0 a8 01 70 72 70
36 eb 90 f8 00 50 a3 55 99 27 78 41 6c 0a 50 11
02 16 6b 8e 00 00

id: 6
Packet length: 66
Number of bytes: 66
Recieved time: Fri Jan 4 09:35:04 2013
e0 05 c5 60 3a d4 c4 17 fe 75 d9 7c 08 00 45 00
00 34 f0 32 40 00 40 06 df 1d c0 a8 01 70 72 70
36 eb 91 03 00 50 e5 77 68 d1 5b 7c 64 9b 80 11
04 9d 6b 9a 00 00 01 01 08 0a 00 00 07 fb 22 6e
28 20

id: 7
Packet length: 66
Number of bytes: 66
Recieved time: Fri Jan 4 09:35:04 2013
e0 05 c5 60 3a d4 c4 17 fe 75 d9 7c 08 00 45 00
00 34 98 5e 40 00 40 06 36 f2 c0 a8 01 70 72 70
36 eb 91 06 00 50 97 7a 11 4c 4b 22 dc 84 80 11
02 7e 6b 9a 00 00 01 01 08 0a 00 00 07 fb 22 6e
27 62

如此

...全文

256 12 打赏收藏转发到动态举报

写回复

用AI写文章

12 条回复

切换为时间正序

请发表友善的回复…

发表回复

mhyeagle 2014-04-14

打赏
举报

可以使用 sudo ifconfig eth0 down 把第一个网卡禁用，就可以使用wlan捕捉数据包了

Wenxy1 2013-01-08

打赏
举报

楼主，Wireshark捕捉到的数据包当然是帧，链路层的。

Wenxy1 2013-01-08

打赏
举报

引用 5 楼 stone548534 的回复:

引用 3 楼 stone548534 的回复: eth1是笔记本的无线网卡，wlan数据如何抓？

把混杂模式的勾去掉，无线网卡一般不支持混杂模式，支持的很贵。

LinuxMan 2013-01-08

打赏
举报

引用 9 楼 wenxy1 的回复:

引用 5 楼 stone548534 的回复:引用 3 楼 stone548534 的回复: eth1是笔记本的无线网卡，wlan数据如何抓？把混杂模式的勾去掉，无线网卡一般不支持混杂模式，支持的很贵。

引用 10 楼 wenxy1 的回复:

楼主，Wireshark捕捉到的数据包当然是帧，链路层的。

感谢你的回答，目前我抓到的数据是通过笔记本自带的无线网卡在Linux（ubuntu）下查资料说是打开网卡监听模式就能够捕获到wlan的数据包，但网卡不支持。目前想通过Airpcap+winpcap在window上抓，但是好贵。问还有什么方法可以抓到wlan的数据？

LinuxMan 2013-01-04

打赏
举报

引用 7 楼 stone548534 的回复:

引用 6 楼 ido158 的回复:wireshark我很久没用了，你试试 capture options的 link-layer header type的选项，有没有其它类型 Ethernet/DOCSIS

liul@ubuntu:~/code/test_3$ sudo iwconfig eth1 eth1 IEEE 802.11bg ESSID:"xxxx" Mode:Managed Frequency:2.442 GHz Access Point: E0:05:C5:60:3A:D4 Bit Rate=48 Mb/s Tx-Power:24 dBm Retry min limit:7 RTS thr:off Fragment thr:off Power Management:off Link Quality=4/5 Signal level=-60 dBm Noise level=-57 dBm Rx invalid nwid:0 Rx invalid crypt:7494 Rx invalid frag:0 Tx excessive retries:35 Invalid misc:0 Missed beacon:0

LinuxMan 2013-01-04

打赏
举报

引用 6 楼 ido158 的回复:

wireshark我很久没用了，你试试 capture options的 link-layer header type的选项，有没有其它类型

Ethernet/DOCSIS

犇犇犇程序猿 2013-01-04

打赏
举报

wireshark我很久没用了，你试试 capture options的 link-layer header type的选项，有没有其它类型

LinuxMan 2013-01-04

打赏
举报

引用 3 楼 stone548534 的回复:

eth1是笔记本的无线网卡，wlan数据如何抓？

犇犇犇程序猿 2013-01-04

打赏
举报

目测eth1是以太网接口

LinuxMan 2013-01-04

打赏
举报

LinuxMan 2013-01-04

打赏
举报

liul@ubuntu:~/code/test_3$ ifconfig eth0 Link encap:以太网硬件地址 00:26:b9:23:44:cb UP BROADCAST MULTICAST MTU:1500 跃点数:1 接收数据包:0 错误:0 丢弃:0 过载:0 帧数:0 发送数据包:0 错误:0 丢弃:0 过载:0 载波:0 碰撞:0 发送队列长度:1000 接收字节:0 (0.0 B) 发送字节:0 (0.0 B) 中断:41 基本地址:0x6000 eth1 Link encap:以太网硬件地址 c4:17:fe:75:d9:7c inet 地址:192.168.1.112 广播:192.168.1.255 掩码:255.255.255.0 inet6 地址: fe80::c617:feff:fe75:d97c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 跃点数:1 接收数据包:4800 错误:0 丢弃:0 过载:0 帧数:95982 发送数据包:5391 错误:6 丢弃:0 过载:0 载波:0 碰撞:0 发送队列长度:1000 接收字节:4441089 (4.4 MB) 发送字节:1036173 (1.0 MB) 中断:17 lo Link encap:本地环回 inet 地址:127.0.0.1 掩码:255.0.0.0 inet6 地址: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 跃点数:1 接收数据包:0 错误:0 丢弃:0 过载:0 帧数:0 发送数据包:0 错误:0 丢弃:0 过载:0 载波:0 碰撞:0 发送队列长度:0 接收字节:0 (0.0 B) 发送字节:0 (0.0 B) liul@ubuntu:~/code/test_3$ iwconfig lo no wireless extensions. eth0 no wireless extensions. eth1 IEEE 802.11 Access Point: Not-Associated Link Quality:4 Signal level:194 Noise level:199 Rx invalid nwid:0 invalid crypt:0 invalid misc:0 liul@ubuntu:~/code/test_3$

LinuxMan 2013-01-04

打赏
举报

配置：Linux ubuntu 3.0.0-29-generic #46-Ubuntu SMP Tue Dec 4 12:16:46 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux DELL 1564 liul@ubuntu:~/code/test_3$ lspci 00:00.0 Host bridge: Intel Corporation Core Processor DRAM Controller (rev 12) 00:01.0 PCI bridge: Intel Corporation Core Processor PCI Express x16 Root Port (rev 12) 00:16.0 Communication controller: Intel Corporation 5 Series/3400 Series Chipset HECI Controller (rev 06) 00:1a.0 USB Controller: Intel Corporation 5 Series/3400 Series Chipset USB2 Enhanced Host Controller (rev 06) 00:1b.0 Audio device: Intel Corporation 5 Series/3400 Series Chipset High Definition Audio (rev 06) 00:1c.0 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 1 (rev 06) 00:1c.1 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 2 (rev 06) 00:1c.5 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 6 (rev 06) 00:1d.0 USB Controller: Intel Corporation 5 Series/3400 Series Chipset USB2 Enhanced Host Controller (rev 06) 00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev a6) 00:1f.0 ISA bridge: Intel Corporation Mobile 5 Series Chipset LPC Interface Controller (rev 06) 00:1f.2 IDE interface: Intel Corporation 5 Series/3400 Series Chipset 4 port SATA IDE Controller (rev 06) 00:1f.3 SMBus: Intel Corporation 5 Series/3400 Series Chipset SMBus Controller (rev 06) 00:1f.5 IDE interface: Intel Corporation 5 Series/3400 Series Chipset 2 port SATA IDE Controller (rev 06) 02:00.0 VGA compatible controller: ATI Technologies Inc M92 LP [Mobility Radeon HD 4300 Series] 02:00.1 Audio device: ATI Technologies Inc RV710/730 04:00.0 Network controller: Broadcom Corporation BCM4312 802.11b/g LP-PHY (rev 01) 05:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8101E/RTL8102E PCI Express Fast Ethernet controller (rev 02) ff:00.0 Host bridge: Intel Corporation Core Processor QuickPath Architecture Generic Non-core Registers (rev 02) ff:00.1 Host bridge: Intel Corporation Core Processor QuickPath Architecture System Address Decoder (rev 02) ff:02.0 Host bridge: Intel Corporation Core Processor QPI Link 0 (rev 02) ff:02.1 Host bridge: Intel Corporation Core Processor QPI Physical 0 (rev 02) ff:02.2 Host bridge: Intel Corporation Core Processor Reserved (rev 02) ff:02.3 Host bridge: Intel Corporation Core Processor Reserved (rev 02) liul@ubuntu:~/code/test_3$