使用wireshark软件来分析802.11 WLAN报文的过滤方法总结如下:
发帖好像看不到表格形式。只能手打 每行左边是802.11报文类型(和子类型),右边为在wireshark中过滤方法,用于分析非常实用。
Management frame wlan.fc.type == 0
Control frame wlan.fc.type == 1
Data frame wlan.fc.type == 2
Association request wlan.fc.type_subtype == 0x00
Association response wlan.fc.type_subtype == 0x01
Reassociation request wlan.fc.type_subtype == 0x02
Reassociation response wlan.fc.type_subtype == 0x03
Probe request wlan.fc.type_subtype == 0x04
Probe response wlan.fc.type_subtype == 0x05
Beacon wlan.fc.type_subtype == 0x08
Disassociate wlan.fc.type_subtype == 0x0A
Authentication wlan.fc.type_subtype == 0x0B
Deauthentication wlan.fc.type_subtype == 0x0C
Action frame wlan.fc.type_subtype == 0x0D
Block ACK requests wlan.fc.type_subtype == 0x18
Block ACK wlan.fc.type_subtype == 0x19
Power save poll wlan.fc.type_subtype == 0x1A
Request to send wlan.fc.type_subtype == 0x1B
Clear to send wlan.fc.type_subtype == 0x1C
ACK wlan.fc.type_subtype == 0x1D
Contention free period end wlan.fc.type_subtype == 0x1E
NULL data wlan.fc.type_subtype == 0x24
QoS data wlan.fc.type_subtype == 0x28
Null QoS data wlan.fc.type_subtype == 0x2C