整理常用过滤规则。抓包参考:
一些比较常用的条件表达式
wlan.da - Destination address (Destination Hardware Address) wlan.sa - Source address (Source Hardware Address) wlan.addr - Source or Destination address (Source or Destination Hardware Address) wlan.ra - Recevier address (Receiving Station Hardware Address) wlan.ta - Transmitter address (Transmitting Hardware Address) wlan.bssid - BSS id (Basic Service Set ID) wlan_mgt.ssid - SSID (Indicates the identity of an ESS or IBSS) wlan.fc.type_subtype - Type/Subtype (Type and subtype combined (first type: type, second type:subtype))
| 帧类型 | 过滤器语法 |
| Management frame | wlan.fc.type == 0 |
| Control frame | wlan.fc.type == 1 |
| Data frame | wlan.fc.type == 2 |
| Association request | wlan.fc.type_subtype == 0x00 |
| Association response | wlan.fc.type_subtype == 0x01 |
| Reassociation request | wlan.fc.type_subtype == 0x02 |
| Reassociation response | wlan.fc.type_subtype == 0x03 |
| Probe request | wlan.fc.type_subtype == 0x04 |
| Probe response | wlan.fc.type_subtype == 0x05 |
| Beacon | wlan.fc.type_subtype == 0x08 |
| Disassociate | wlan.fc.type_subtype == 0x0A |
| Authentication | wlan.fc.type_subtype == 0x0B |
| Deauthentication | wlan.fc.type_subtype == 0x0C |
| Action frame | wlan.fc.type_subtype == 0x0D |
| Block ACK requests | wlan.fc.type_subtype == 0x18 |
| Block ACK | wlan.fc.type_subtype == 0x19 |
| Power save poll | wlan.fc.type_subtype == 0x1A |
| Request to send | wlan.fc.type_subtype == 0x1B |
| Clear to send | wlan.fc.type_subtype == 0x1C |
| ACK | wlan.fc.type_subtype == 0x1D |
| Contention free period end | wlan.fc.type_subtype == 0x1E |
| NULL data | wlan.fc.type_subtype == 0x24 |
| QoS data | wlan.fc.type_subtype == 0x28 |
| Null QoS data | wlan.fc.type_subtype == 0x2C |