- Kali Linux Wireless Penetration Testing:Beginner's Guide
- Vivek Ramachandran Cameron Buchanan
- 374字
- 2021-07-23 19:45:30
Time for action – viewing management, control, and data frames
Now we will learn how to apply filters in Wireshark to look at Management, Control and Data Frames.
Please follow the below instructions step by step:
- To view all the Management frames in the packets being captured, enter the filter
wlan.fc.type == 0
into the filter window and clickApply
. You can stop the packet capture if you want to prevent the packets from scrolling down too fast. - To view Control Frames, modify the filter expression to read wlan.fc.type == 1.
- To view data frames, modify the filter expression to wlan.fc.type == 2.
- To additionally select a sub-type, use the
wlan.fc.subtype filter
. For example, to view all the Beacon frames among all Management frames, use the following filter:(wlan.fc.type == 0) && (wlan.fc.subtype == 8).
- Alternately, you can right-click on any of the header fields in the middle window and then select Apply as Filter | Selected to add it as a filter.
- This will automatically add the correct filter expression for you in the
Filter
field.
What just happened?
We just learned how to filter packets in Wireshark using various filter expressions. This helps us monitor selected packets from devices we are interested in, instead of trying to analyze all the packets in the air.
Also, we can see that the packet headers of Management, Control and Data frames are in plain text and are not encrypted. Anyone who can sniff the packets can read these headers. It is also important to note that it is also possible for a hacker to modify any of these packets and re-transmit them. As there is no integrity or replay attack mitigation in the protocol, this is very easy to do. We will look at some of these attacks in later chapters.
Have a go hero – playing with filters
You can consult Wireshark's manual to know more about available filter expressions and how to use them. Try playing around with various filter combinations till you are confident that you can drill down to any level of detail, even in a very large packet trace.
In the next exercise, we will look at how to sniff data packets transferred between our access point and wireless client.
- 深入核心的敏捷開發:ThoughtWorks五大關鍵實踐
- 精通API架構:設計、運維與演進
- 21天學通C++(第6版)
- SharePoint Development with the SharePoint Framework
- Linux:Embedded Development
- 青少年信息學競賽
- PHP編程基礎與實例教程
- 持續輕量級Java EE開發:編寫可測試的代碼
- Quantum Computing and Blockchain in Business
- Scratch3.0趣味編程動手玩:比賽訓練營
- PHP與MySQL權威指南
- Android Studio開發實戰:從零基礎到App上線 (移動開發叢書)
- 優化驅動的設計方法
- Python數據科學實戰
- Web應用程序設計:ASP