Wireshark 802.11过滤规则

整理常用过滤规则。抓包参考:

一些比较常用的条件表达式

wlan.da - Destination address (Destination Hardware Address)
wlan.sa - Source address (Source Hardware Address)
wlan.addr - Source or Destination address (Source or Destination Hardware Address)
wlan.ra - Recevier address (Receiving Station Hardware Address)
wlan.ta - Transmitter address (Transmitting Hardware Address)
wlan.bssid - BSS id (Basic Service Set ID)
wlan_mgt.ssid - SSID (Indicates the identity of an ESS or IBSS)
wlan.fc.type_subtype - Type/Subtype (Type and subtype combined (first type: type, second type:subtype))
帧类型过滤器语法
Management framewlan.fc.type == 0
Control framewlan.fc.type == 1
Data framewlan.fc.type == 2
Association requestwlan.fc.type_subtype == 0x00
Association responsewlan.fc.type_subtype == 0x01
Reassociation requestwlan.fc.type_subtype == 0x02
Reassociation responsewlan.fc.type_subtype == 0x03
Probe requestwlan.fc.type_subtype == 0x04
Probe responsewlan.fc.type_subtype == 0x05
Beaconwlan.fc.type_subtype == 0x08
Disassociatewlan.fc.type_subtype == 0x0A
Authenticationwlan.fc.type_subtype == 0x0B
Deauthenticationwlan.fc.type_subtype == 0x0C
Action framewlan.fc.type_subtype == 0x0D
Block ACK requestswlan.fc.type_subtype == 0x18
Block ACKwlan.fc.type_subtype == 0x19
Power save pollwlan.fc.type_subtype == 0x1A
Request to sendwlan.fc.type_subtype == 0x1B
Clear to sendwlan.fc.type_subtype == 0x1C
ACKwlan.fc.type_subtype == 0x1D
Contention free period endwlan.fc.type_subtype == 0x1E
NULL datawlan.fc.type_subtype == 0x24
QoS datawlan.fc.type_subtype == 0x28
Null QoS datawlan.fc.type_subtype == 0x2C

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注