下载中心  |  网站地图  |  站内搜索  |  加入收藏
*新更新
业界动态
产品信息
安恒动态
技术文章


安恒公司 / 技术文章 / 无线网络维护与测试 / 协议分析软件Ethereal实现对无线局域网的协议分析
协议分析软件Ethereal实现对无线局域网的协议分析
2005-09-20    安恒公司 刘世伟/王志军       阅读:

[安恒公司原创,转载请注明] Ethereal:A Network Packet Sniffing Tool

ethereal协议分析软件Ethereal是免费而且功能强大的网络调试和数据包协议分析软件。Ethereal 基本类似于tcpdump,但 Ethereal 还具有设计完美的 GUI 和众多分类信息及过滤选项。用户通过 Ethereal,同时将网卡设置成混合模式,可以查看到网络中发送的所有通信流量。目前,Ethereal在分析无线局域网时主要要注意的是“捕捉”网卡上传输数据时的设置。

Ethereal 应用于故障修复、分析、软件和协议开发以及教育领域。它具有用户对协议分析软件所期望的所有标准特征,并具有其它同类产品所不具备的有关特征。Ethereal*种开发源代码的许可软件,允许用户向其中添加改进方案。Ethereal 适用于当前所有较为流行的计算机系统,包括 Unix、Linux 和 Windows 。

在使用Ethereal捕捉数据包时系统可能会有两种方法来存储捕捉的数据:

  1. “真实”的802.11数据帧:捕捉硬件和驱动提供给了真实的无线局域网传输协议数据,它们是完整的802.11帧头,要注意这中间有大量的“无线电信息”,比如信号强度等等。
  2. “虚假”的以太帧:捕捉硬件和强度将802.11帧头转换成以太网帧头,由此整个数据包看起来象正常的以太网数据帧。但是,此时所有的802.11专有的管理和控制帧由于它们没有在标准以太网中的对应内容而被丢弃了。

所以在使用Ethereal捕捉无线局域网的数据包时,选择正确的无线网卡工作模式就是非常关键的了。下图是安恒公司无线网分析工程师在linux系统上使用Ethereal捕捉和分析安恒公司实验用无线局域网时的抓图,点击可以放大。

ethereal对无线局域网的协议分析

https://anheng.com.cn/news/html/wlan_test/Ethereal.html 

下表是Ethereal支持的无线局域网协议域的内容: 


IEEE 802.11 wireless LAN

Protocol field name: wlan
Versions: 0.9.0 to 0.10.12

Field name Type Description Versions
wlan.addr 6-byte Hardware (MAC) Address Source or Destination address 0.9.0 to 0.10.12
wlan.aid Unsigned 16-bit integer Association ID 0.9.0 to 0.10.12
wlan.bssid 6-byte Hardware (MAC) Address BSS Id 0.9.0 to 0.10.12
wlan.ccmp.extiv String CCMP Ext. Initialization Vector 0.10.5 to 0.10.12
wlan.channel Unsigned 8-bit integer Channel 0.9.4 to 0.10.12
wlan.da 6-byte Hardware (MAC) Address Destination address 0.9.0 to 0.10.12
wlan.data_rate Unsigned 8-bit integer Data Rate 0.9.4 to 0.10.12
wlan.duration Unsigned 16-bit integer Duration 0.9.0 to 0.10.12
wlan.fc Unsigned 16-bit integer Frame Control Field 0.9.0 to 0.10.12
wlan.fc.ds Unsigned 8-bit integer DS status 0.9.0 to 0.10.12
wlan.fc.frag Boolean More Fragments 0.9.0 to 0.10.12
wlan.fc.fromds Boolean From DS 0.9.0 to 0.10.12
wlan.fc.moredata Boolean More Data 0.9.0 to 0.10.12
wlan.fc.order Boolean Order flag 0.9.0 to 0.10.12
wlan.fc.pwrmgt Boolean PWR MGT 0.9.0 to 0.10.12
wlan.fc.retry Boolean Retry 0.9.0 to 0.10.12
wlan.fc.subtype Unsigned 8-bit integer Subtype 0.9.0 to 0.10.12
wlan.fc.tods Boolean To DS 0.9.0 to 0.10.12
wlan.fc.type Unsigned 8-bit integer Type 0.9.0 to 0.10.12
wlan.fc.type_subtype Unsigned 16-bit integer Type/Subtype 0.9.0 to 0.10.12
wlan.fc.version Unsigned 8-bit integer Version 0.9.0 to 0.10.12
wlan.fc.wep Boolean WEP flag 0.9.0 to 0.10.12
wlan.fcs Unsigned 32-bit integer Frame check sequence 0.9.0 to 0.10.12
wlan.flags Unsigned 8-bit integer Protocol Flags 0.9.0 to 0.10.12
wlan.frag Unsigned 16-bit integer Fragment number 0.9.0 to 0.10.12
wlan.fragment Frame number 802.11 Fragment 0.9.4 to 0.10.12
wlan.fragment.error Frame number Defragmentation error 0.9.4 to 0.10.12
wlan.fragment.multipletails Boolean Multiple tail fragments found 0.9.4 to 0.10.12
wlan.fragment.overlap Boolean Fragment overlap 0.9.4 to 0.10.12
wlan.fragment.overlap.conflict Boolean Conflicting data in fragment overlap 0.9.4 to 0.10.12
wlan.fragment.toolongfragment Boolean Fragment too long 0.9.4 to 0.10.12
wlan.fragments None 802.11 Fragments 0.9.4 to 0.10.12
wlan.qos.ack Unsigned 16-bit integer Ack Policy 0.10.5 to 0.10.12
wlan.qos.priority Unsigned 16-bit integer Priority 0.10.5 to 0.10.12
wlan.ra 6-byte Hardware (MAC) Address Receiver address 0.9.0 to 0.10.12
wlan.reassembled_in Frame number Reassembled 802.11 in frame 0.9.12 to 0.10.12
wlan.sa 6-byte Hardware (MAC) Address Source address 0.9.0 to 0.10.12
wlan.seq Unsigned 16-bit integer Sequence number 0.9.0 to 0.10.12
wlan.signal_strength Unsigned 8-bit integer Signal Strength 0.9.4 to 0.10.12
wlan.ta 6-byte Hardware (MAC) Address Transmitter address 0.9.0 to 0.10.12
wlan.tkip.extiv String TKIP Ext. Initialization Vector 0.10.5 to 0.10.12
wlan.wep.crc Unsigned 32-bit integer WEP CRC (not verified) 0.9.0 to 0.9.5
wlan.wep.icv Unsigned 32-bit integer WEP ICV 0.9.5 to 0.10.12
wlan.wep.iv Unsigned 24-bit integer Initialization Vector 0.9.0 to 0.10.12
wlan.wep.key Unsigned 8-bit integer Key 0.9.0 to 0.10.12
wlan.wep.weakiv Boolean Weak IV 0.10.9 to 0.10.12

https://anheng.com.cn/news/html/wlan_test/Ethereal.html 

附:Ethereal支持相当多的协议(号称700余种)

3COMXNS, 3GPP2 A11, 802.11 MGT, 802.11 Radiotap, 802.3 Slow protocols, 9P, AAL1, AAL3/4, AARP, ACAP, ACN, ACSE, ACtrace, ADP, AFP, AFS (RX), AH, AIM, AIM Administration, AIM Advertisements, AIM BOS, AIM Buddylist, AIM Chat, AIM ChatNav, AIM Directory, AIM Email, AIM Generic, AIM ICQ, AIM Invitation, AIM Location, AIM Messaging, AIM OFT, AIM Popup, AIM SSI, AIM SST, AIM Signon, AIM Stats, AIM Translate, AIM User Lookup, AJP13, ALC, ALCAP, AMR, ANS, ANSI BSMAP, ANSI DTAP, ANSI IS-637-A Teleservice, ANSI IS-637-A Transport, ANSI IS-683-A (OTA (Mobile)), ANSI IS-801 (Location Services (PLD)), ANSI MAP, AODV, AOE, ARCNET, ARP/RARP, ARTNET, ASAP, ASF, ASN1, ASP, ATM, ATM LANE, ATP, ATSVC, AVS WLANCAP, AX4000, AgentX, Armagetronad, Auto-RP, BACapp, BACnet, BEEP, BER, BFD Control, BGP, BICC, BOFL, BOOTP/DHCP, BOOTPARAMS, BOSSVR, BROWSER, BSSAP, BSSGP, BUDB, BUTC, BVLC, BitTorrent, Boardwalk, CAMEL, CAST, CBAPDev, CCSDS, CDP, CDS_CLERK, CFLOW, CGMP, CHDLC, CIP, CLDAP, CLEARCASE, CLNP, CLTP, CMIP, CMP, CMS, CONV, COPS, COSEVENTCOMM, COSNAMING, COTP, CPFI, CPHA, CRMF, CSM_ENCAPS, CUPS, CoSine, DAAP, DCCP, DCERPC, DCE_DFS, DCOM, DDP, DDTP, DEC_DNA, DEC_STP, DFS, DHCPFO, DHCPv6, DIS, DISTCC, DLSw, DLT User A, DLT User B, DLT User C, DLT User D, DNP 3.0, DNS, DNSSERVER, DOCSIS, DOCSIS BPKM-ATTR, DOCSIS BPKM-REQ, DOCSIS BPKM-RSP, DOCSIS DSA-ACK, DOCSIS DSA-REQ, DOCSIS DSA-RSP, DOCSIS DSC-ACK, DOCSIS DSC-REQ, DOCSIS DSC-RSP, DOCSIS DSD-REQ, DOCSIS DSD-RSP, DOCSIS INT-RNG-REQ, DOCSIS MAC MGMT, DOCSIS MAP, DOCSIS REG-ACK, DOCSIS REG-REQ, DOCSIS REG-RSP, DOCSIS RNG-REQ, DOCSIS RNG-RSP, DOCSIS TLVs, DOCSIS UCC-REQ, DOCSIS UCC-RSP, DOCSIS UCD, DOCSIS VSIF, DOCSIS type29ucd, DRSUAPI, DSI, DSSETUP, DTP, DTSPROVIDER, DTSSTIME_REQ, DUA, DVMRP, Data, Diameter, E.164, EAP, EAPOL, ECHO, EDONKEY, EFS, EIGRP, ENC, ENIP, ENRP, ENTTEC, EPM, EPMv4, ESIS, ESP, ESS, ETHERIC, ETHERIP, EVENTLOG, Ethernet, FC, FC ELS, FC FZS, FC-FCS, FC-SB3, FC-SP, FC-SWILS, FC-dNS, FCIP, FCP, FC_CT, FDDI, FIX, FLDB, FR, FRSAPI, FRSRPC, FTAM, FTP, FTP-DATA, FTSERVER, FW-1, Frame, G.723, GIF image, GIOP, GMRP, GNUTELLA, GPRS NS, GPRS-LLC, GRE, GSM BSSMAP, GSM DTAP, GSM RP, GSM SMS, GSM SMS UD, GSM_MAP, GSS-API, GTP, GVRP, Gryphon, H.261, H.263, H1, H225, H235, H248, HCLNFSD, HPEXT, HPSW, HSRP, HTTP, HyperSCSI, IAP, IAPP, IAX2, IB, ICAP, ICBAAccoCB, ICBAAccoCB2, ICBAAccoMgt, ICBAAccoMgt2, ICBAAccoServ, ICBAAccoServ2, ICBAAccoServSRT, ICBAAccoSync, ICBABrowse, ICBABrowse2, ICBAGErr, ICBAGErrEvent, ICBALDev, ICBALDev2, ICBAPDev, ICBAPDev2, ICBAPDevPC, ICBAPDevPCEvent, ICBAPersist, ICBAPersist2, ICBARTAuto, ICBARTAuto2, ICBAState, ICBAStateEvent, ICBASysProp, ICBATime, ICEP, ICL_RPC, ICMP, ICMPv6, ICP, ICQ, IDP, IDispatch, IEEE 802.11, IEEE802a, IGAP, IGMP, IGRP, ILMI, IMAP, INAP, INITSHUTDOWN, IOXIDResolver, IP, IP/IEEE1394, IPComp, IPDC, IPFC, IPMI, IPP, IPVS, IPX, IPX MSG, IPX RIP, IPX SAP, IPX WAN, IPv6, IRC, IRemUnknown, IRemUnknown2, ISAKMP, ISDN, ISIS, ISL, ISMP, ISUP, ISystemActivator, IUA, IrCOMM, IrLAP, IrLMP, JFIF (JPEG) image, JXTA, JXTA Framing, JXTA Message, JXTA UDP, JXTA Welcome, Jabber, Juniper, K12xx, KADM5, KINK, KLM, KRB4, KRB5, KRB5RPC, Kpasswd, L2TP, LANMAN, LAPB, LAPBETHER, LAPD, LDAP, LDP, LLAP, LLC, LMI, LMP, LOOP, LPD, LSA, LWAPP, LWAPP-CNTL, LWAPP-L3, LWRES, Laplink, Line-based text data, Log, LogotypeCertExtn, Lucent/Ascend, M2PA, M2TP, M2UA, M3UA, MACC, MAPI, MAP_DialoguePDU, MATE, MDS Header, MEGACO, MGCP, MGMT, MIME multipart, MIPv6, MMS, MMSE, MOUNT, MPEG1, MPLS, MPLS Echo, MQ, MQ PCF, MRDISC, MS Proxy, MSDP, MSMMS, MSNIP, MSNMS, MSRP, MTP2, MTP3, MTP3MG, Manolito, Media, Messenger, Mobile IP, Modbus/TCP, MySQL, NBDS, NBIPX, NBNS, NBP, NBSS, NCP, NDMP, NDPS, NFS, NFSACL, NFSAUTH, NIS+, NIS+ CB, NLM, NLSP, NMAS, NMPI, NNTP, NORM, NSIP, NSPI, NS_CERT_EXTS, NTLMSSP, NTP, NW_SERIAL, NetBIOS, Netsync, Null, OAM AAL, OCSP, OLSR, OPSI, OSPF, PAGP, PARLAY, PCLI, PCNFSD, PER, PFLOG, PFLOG-OLD, PGM, PGSQL, PIM, PKCS-1, PKIX Certificate, PKIX1EXPLICIT, PKIX1IMPLICIT, PKIXPROXY, PKIXQUALIFIED, PKIXTSP, PKInit, PKTC, PN-DCP, PN-RT, PNIO, PNP, POP, PPP, PPP BACP, PPP BAP, PPP CBCP, PPP CCP, PPP CDPCP, PPP CHAP, PPP Comp, PPP IPCP, PPP IPV6CP, PPP LCP, PPP MP, PPP MPLSCP, PPP OSICP, PPP PAP, PPP PPPMux, PPP PPPMuxCP, PPP VJ, PPP-HDLC, PPPoED, PPPoES, PPTP, PRES, PTP, Portmap, Prism, Q.2931, Q.931, Q.933, QLLC, QUAKE, QUAKE2, QUAKE3, QUAKEWORLD, R-STP, RADIUS, RANAP, RDM, RDT, REMACT, REP_PROC, RIP, RIPng, RLM, RMCP, RMI, RMP, RPC, RPC_BROWSER, RPC_NETLOGON, RPL, RQUOTA, RRAS, RSH, RSTAT, RSVP, RSYNC, RS_ACCT, RS_ATTR, RS_BIND, RS_PGO, RS_PLCY, RS_REPADM, RS_REPLIST, RS_UNIX, RTCP, RTMP, RTP, RTP Event, RTPS, RTSP, RTcfg, RTmac, RUDP, RWALL, RX, Raw, Raw_SIP, Raw_SigComp, Redback, Rlogin, SADMIND, SAMR, SAP, SCCP, SCCPMG, SCSI, SCTP, SDLC, SDP, SEBEK, SECIDMAP, SES, SGI MOUNT, SIGCOMP, SIP, SIPFRAG, SIR, SKINNY, SLARP, SLL, SM, SMB, SMB Mailslot, SMB Pipe, SMB_NETLOGON, SMPP, SMRSE, SMTP, SMUX, SNA, SNA XID, SNAETH, SNDCP, SNMP, SONMP, SPNEGO-KRB5, SPOOLSS, SPP, SPRAY, SPX, SRVLOC, SRVSVC, SSCF-NNI, SSCOP, SSH, SSL, STAT, STAT-CB, STP, STUN, SUA, SVCCTL, Serialization, SliMP3, Socks, SoulSeek, Spnego, Symantec, Synergy, Syslog, T.38, TACACS, TACACS+, TALI, TANGO, TAPI, TCAP, TCP, TDMA, TDS, TEI_MANAGEMENT, TELNET, TFTP, TIME, TKN4Int, TNS, TPCP, TPKT, TR MAC, TRKSVR, TSP, TTP, TUXEDO, TZSP, Teredo, Token-Ring, UBIKDISK, UBIKVOTE, UCP, UDP, UDPENCAP, UMA, V.120, V5UA, VLAN, VNC, VRRP, VTP, Vines ARP, Vines Echo, Vines FRP, Vines ICP, Vines IP, Vines IPC, Vines LLC, Vines RTP, Vines SPP, WAP SIR, WBXML, WCCP, WCP, WHDLC, WHO, WINREG, WKSSVC, WLANCERTEXTN, WSP, WTLS, WTP, X.25, X.29, X11, X509AF, X509CE, X509IF, X509SAT, XDMCP, XML, XOT, XYPLEX, YHOO, YMSG, YPBIND, YPPASSWD, YPSERV, YPXFR, ZEBRA, ZIP, cds_solicit, cprpc_server, dce_update, dicom, giFT, h221nonstd, h245, h450, iFCP, iSCSI, iSNS, isup_thin, llb, message/http, nettl, rdaclif, roverride, rpriv, rs_attr_schema, rs_misc, rs_prop_acct, rs_prop_acl, rs_prop_attr, rs_prop_pgo, rs_prop_plcy, rs_pwd_mgmt, rs_repmgr, rsec_login, sFlow,  

https://anheng.com.cn/news/html/wlan_test/Ethereal.html 

责任编辑: admin

相关文章
AirMagnet WiFi Analyzer无线网分析仪升*至9.5版 -阅: 275557
WiFi Analyzer 9.1版发布,艾尔麦升*无线网分析仪 -阅: 272273
ClearSight协议分析仪在“三网合*” 建设中对运营商的作用 -阅: 203501
如何下载升*艾尔麦AirMagnet无线网测试产品的授权文件? -阅: 262627
问:如何在艾尔麦无线网分析仪AirMagnet WiFi Analyzer的捕包过程中查看数据? -阅: 249698
艾尔麦无线网测试管理系统AME企业版9.0发布 -阅: 252144
艾尔麦无线网分析仪中文版升*,WiFi Analyzer Pro 9.0 B22188 -阅: 252807
Clearsight网络应用层协议分析仪系统简介 -阅: 219916
安恒公司与福禄克网络公司签署AirMagnet艾尔麦无线网测试产品分销总代理协议 -阅: 304307
安恒公司无线网测试方案在无线网络实验室的成功应用 -阅: 239850
AHQZ网络应用数据分析仪与协议分析仪的区别 -阅: 193120
AHQZ-1025应用数据分析仪与协议分析仪的主要区别 -阅: 190904
FLUKE OptiView PE协议分析仪专家软件对服务器连通性故障进行诊断的实战案例 -阅: 202508
美国艾尔麦公司(AirMagnet Inc.)推出基于UMPC的全功能手持式无线网测试仪,OQO Handheld -阅: 225113
为手持式无线网测试仪配备超大容量电池可以支持9小时持续测试工作 -阅: 301242
如何查找网络中的BT流量,使用协议分析仪PE的经验 -阅: 260682
安恒公司为信息安全检查机构提供定制的无线网测试设备 -阅: 316291
艾尔麦WLAN无线网分析器实现在Aruba移动平台上的运行 -阅: 272309
艾尔麦Laptop无线网分析仪v6.0版本新功能 -阅: 310548
艾尔麦发布无线网分析仪系列新版本6.0 -阅: 295068
相关产品
艾尔麦推荐无线网测试网卡-笔记本无线外接天线卡 -阅: 922063
无线网测试专用定向天线 Wi-Fi勘测定位工具 -阅: 1059894
手持式无线网测试仪ES-WLAN网络通无线网络测试仪 -阅: 1047049
AirMagnet Wi-Fi Analyzer 无线网络探测工具 便携式无线网分析仪(AirMagnet LapTop)--无线局域网分析仪 -阅: 1497870
无线网络探测工具 掌上型无线网分析仪Handheld WLT 7.0 -阅: 2137602
手持式无线网分析仪Fluke OPV-WNA -阅: 891194
OptiView PE协议分析专家软件 协议分析仪OPV-PE/PLUS -阅: 1596546
OptiView LA链路分析仪(协议分析仪)OptiView Link Analyzer|OPV-LA/HD -阅: 1661815

Email给朋友 打印本文
版权所有·安恒公司 Copyright © 2004   ethereal.anheng.com.cn   All Rights Reserved    
北京市海淀区*体南路9号 主语国际商务中心4号楼8层 (邮编100048) 电话:010-88018877