解析使用Wirehark捕获的数据包,以使用libpcap或类似库识别管理帧 [英] Parsing packets captured using wireshark for management frames identification using libpcap or similar library
问题描述
我想使用libpcap离线解析Wireshark捕获的数据包.我正在以监视方式从无线网络捕获数据包.我读过"libpcap"可用于捕获和解析在以太网中捕获的数据包.它也可以用于无线网络吗?如果是的话,有人可以建议我一些教程吗?如果没有,哪个库适合它以及如何使用它?
I want to parse packets captured by wireshark offline using libpcap. I am capturing packets from a wireless network in monitor mode. I have read that "libpcap" can be used to capture and parse packets captured in the ethernet. Can it be used for wireless networks too? If yes, can anyone suggest me some tutorial? and if No, which library is suitable for it and how to use it?
推荐答案
libpcap及其Windows端口WinPcap可用于捕获网络流量(实际上,它们是Wireshark用于捕获网络流量的对象)例如,以pcap格式(Wireshark现有发行版的默认格式)读取捕获文件,并在libpcap 1.1及更高版本中以pcap-ng格式(Wireshark当前开发版本的默认格式)读取一些捕获文件;写出libpcap 1.1及更高版本可以读取的文件.
libpcap, and its Windows port, WinPcap can be used to capture network traffic (in fact, they're what Wireshark uses to capture network traffic), as well as to read a capture file in pcap format (the default format for Wireshark's existing releases) and, in libpcap 1.1 and later, to read some capture files in pcap-ng format (the default format for the current development version of Wireshark; it should write out files that libpcap 1.1 and later can read).
他们可以处理多种网络类型,包括以太网和Wi-Fi.
They can handle a number of network types, including Ethernet and Wi-Fi.
但是,它们不支持解析 any 数据包类型.这就是使用它们的代码的工作,无论是tcpdump/WinDump,Wireshark还是其他一些应用程序.有一个名为 WiFiPcap 的图书馆,
They do not, however, support parsing any packet types; that's the job of the code that uses them, whether it's tcpdump/WinDump, Wireshark, or some other application. There's a library called WiFiPcap that is:
围绕libpcap的C ++包装器,用于解析802.11帧以及其中包含的最常见的第3层(IPv4,IPv6,ARP)和第4层协议(TCP,UDP,ICMP).也可以在没有链接层标题的情况下使用.在Linux和Windows中均可使用.
A C++ wrapper around libpcap that parses 802.11 frames, and the most common layer 3 (IPv4, IPv6, ARP) and layer 4 protocols (TCP, UDP, ICMP) contained within them. Also works without link-layer headers. Works in Linux and Windows.
(从其网页复制,但经过修改以修正协议层号以匹配 OSI模型).
(copied from its web page, but edited to fix the protocol layer numbers to match the OSI model).
我没有看过它,但是它可能会做您想要的.
I have not looked at it, but it might do what you want.
可能还有其他库可用于解析数据包.
There might also be other libraries that could be used to parse the packets.
这篇关于解析使用Wirehark捕获的数据包,以使用libpcap或类似库识别管理帧的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
