官术网_书友最值得收藏!

Time for action – viewing management, control, and data frames

Now we will learn how to apply filters in Wireshark to look at Management, Control and Data Frames.

Please follow the below instructions step by step:

  1. To view all the Management frames in the packets being captured, enter the filter wlan.fc.type == 0 into the filter window and click Apply. You can stop the packet capture if you want to prevent the packets from scrolling down too fast.
    Time for action – viewing management, control, and data frames
  2. To view Control Frames, modify the filter expression to read wlan.fc.type == 1.
    Time for action – viewing management, control, and data frames
  3. To view data frames, modify the filter expression to wlan.fc.type == 2.
    Time for action – viewing management, control, and data frames
  4. To additionally select a sub-type, use the wlan.fc.subtype filter. For example, to view all the Beacon frames among all Management frames, use the following filter:
    (wlan.fc.type == 0) && (wlan.fc.subtype == 8).
    Time for action – viewing management, control, and data frames
  5. Alternately, you can right-click on any of the header fields in the middle window and then select Apply as Filter | Selected to add it as a filter.
    Time for action – viewing management, control, and data frames
  6. This will automatically add the correct filter expression for you in the Filter field.

What just happened?

We just learned how to filter packets in Wireshark using various filter expressions. This helps us monitor selected packets from devices we are interested in, instead of trying to analyze all the packets in the air.

Also, we can see that the packet headers of Management, Control and Data frames are in plain text and are not encrypted. Anyone who can sniff the packets can read these headers. It is also important to note that it is also possible for a hacker to modify any of these packets and re-transmit them. As there is no integrity or replay attack mitigation in the protocol, this is very easy to do. We will look at some of these attacks in later chapters.

Have a go hero – playing with filters

You can consult Wireshark's manual to know more about available filter expressions and how to use them. Try playing around with various filter combinations till you are confident that you can drill down to any level of detail, even in a very large packet trace.

In the next exercise, we will look at how to sniff data packets transferred between our access point and wireless client.

主站蜘蛛池模板: 济南市| 大悟县| 惠州市| 西平县| 喜德县| 昌宁县| 大英县| 黔江区| 湘潭县| 东山县| 敖汉旗| 彭水| 马公市| 惠来县| 丹江口市| 景德镇市| 田林县| 土默特右旗| 恩平市| 台安县| 清远市| 大港区| 麻阳| 龙岩市| 怀化市| 鄂尔多斯市| 孝感市| 格尔木市| 鱼台县| 繁峙县| 哈尔滨市| 邵阳市| 什邡市| 卫辉市| 福贡县| 同心县| 乌什县| 西乡县| 中西区| 永靖县| 元谋县|