解析无线网络数据包(libpcap的) [英] Parsing WiFi Packets (libpcap)
问题描述
我一直在工作的方式有一个路由器的OpenWRT无线网络日志探测请求到MySQL数据库(它存储的MAC地址以及与其它路由器特定数据以及每个探查请求分组RSSI信息)。
I've been working on a way to have an OpenWRT router log WiFi probe requests to a MySQL db (it stores MAC address and RSSI info for each probe request packet along with other, router-specific data).
libpcap的研究颇有几分后,我已经能够凑齐一个基本的小程序,简单地嗅着使用过滤器前pression('WLAN亚型探头-REQ')显示器接口(MON0)的数据包然后打印出原始数据包十六进制。随着信息这对libpcap的可在网上这部分是相当简单的。
After researching libpcap quite a bit, I've been able to cobble together a basic little program that simply sniffs packets on a monitor interface (mon0) using a filter expression ('wlan subtype probe-req') and then prints out the raw packets in hex. With the info that's available online on libpcap this part was fairly straightforward.
现在这里的地方我卡住了:如何解析无线网络数据包来获取我正在寻找的信息(RSSI和源MAC地址)
Now here's where I'm stuck: How do I parse the WiFi packet to retrieve the info I'm looking for (RSSI and source MAC address)?
要清楚,我不要求为code做到这一点(虽然我不会抱怨,如果你想提供一些:D)。我只是在寻找一些指导,为了解哪些字节是 - 一个无线数据包路线图,如果你愿意
To be clear, I'm not asking for the code to do it (although I won't complain if you'd like to supply some :D). I'm just looking for some sort of guide for understanding which byte is which - a WiFi packet road map, if you will.
有几个很好的教程在那里解析的以太网进来的数据包,但我一直没能找到任何东西,以帮助spcifically相关的WiFi解析头。我认为这将是一个pretty简单的过程 - 只是抓住了RSSI和源MAC相关的字节 - 但是,我一直没能找到哪个字节是
There are a few good tutorials out there for parsing packets that come in over ethernet, but I haven't been able to find anything to help with parsing headers spcifically related to WiFi. I assume it will be a pretty simple process - just grabbing the relevant bytes for RSSI and source MAC - but again, I haven't been able to find any documentation on which byte is which.
我知道这已经做过,但我坦率地说,我完全失去了翻翻源$ C $ c表示tcpdump的时候
I know this has been done before but I'll be honest: I am completely lost when looking through the source code for tcpdump.
因此,没有人知道如何分析无线数据包一个很好的资源吗?
So, does anyone know of a good resource for how to parse WiFi packets?
干杯
编辑:更具体的答案
RSSI在RadioTap头(当然,在Linux上它是)发现的。拉RSSI出来的包是相当简单的使用 radiotap-parser.c它依赖于文件一起(在同一目录下,我联系到文件中)。的如果有人正与使用radiotap-parser.c功能随时取得联系,麻烦。的
RSSI is found in the RadioTap header (well, on Linux it is). Pulling the RSSI out of the packet is fairly straightforward using radiotap-parser.c along with the files it depends on (found in the same directory as the file I linked to). If anyone is having trouble with using the radiotap-parser.c functions feel free to get in touch.
拔出的源MAC地址由pretty由radiotap功能容易因为radiotap头结构包含radiotap头( it_len )的长度是可变的。由于我只解析探测请求,其中有一个固定长度(这里退房17页)它只是一个让指向指针的事包+ it_len + 10 (源MAC地址的MAC帧的开始之后开始10个字节,其中开始的位置radiotap头结尾)。即在启动该指针的6个字节是 ADDR2 在802.11帧(同样,参见第17页的这里)。
Pulling out the source MAC address is made pretty easy by the radiotap functions because the radiotap header struct contains the length of the radiotap header (it_len), which is variable. Since I am parsing only probe requests, which have a fixed length (check out page 17 here) it's just a matter of making a pointer that points to packet + it_len + 10 (the source MAC address starts 10 bytes after the beginning of the MAC frame, which begins where the radiotap header ends). The 6 bytes that start at that pointer are addr2 in the 802.11 frame (again, see page 17 here).
推荐答案
一个谷歌搜索802.11帧格式提供了一些有前途的联系,我相信。下面是勾画出一个包高度概述:的http://www.technologyuk.net/telecommunications/networks/wireless_networks.shtml.
A Google search for "802.11 frame format" provides some promising links I believe. Here's a high-level overview that lays out the packet: http://www.technologyuk.net/telecommunications/networks/wireless_networks.shtml.
这篇关于解析无线网络数据包(libpcap的)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
