带有WinPcap的原始WiFi数据包 [英] Raw WiFi Packets with WinPcap
问题描述
考虑简单的C代码以发送单个原始数据包, WinPcap.与构建包头相关的行以以下注释开头:
Consider the simple C code to send a single raw packet with WinPcap. The lines related with building the packet header starts with the following comment:
/*假设位于以太网上,请将mac destination设置为1:1:1:1:1:1 */
/* Supposing to be on ethernet, set mac destination to 1:1:1:1:1:1 */
因此,您可能会猜测,为了发送原始WiFi数据包,应相应地更改此代码块.
Therefore you might guess that, in order to send a Raw WiFi Packet, you should change this block of the code accordingly.
但是,事实并非如此.您可以发送原始WiFi数据包,而无需更改该代码的一行,而只需填充正确的MAC地址即可.当捕获数据包(而不是数据包的WiFi标头)时,情况也是如此有以太网头.
However, this is not the case. You can send a Raw WiFi Packet without changing one single line of that code, just filling the right MAC addresses. The same is true when capturing packets, instead of WiFi headers the packets will have Ethernet headers.
经过一些搜索后,似乎此问题与Windows将数据包传递到WinPcap时模拟伪以太网"有关.不幸的是我找不到更多的细节.
After some searching, it seems that this issue is related with Windows emulating a 'fake ethernet' when passing the packets to WinPcap. Unfortunately I couldn't find much more details about it.
第一期
这种假以太网"是如何工作的?是否可以绕过或禁用它?
1st Issue
How this 'fake ethernet' works? Is it possible to bypass it or disable it?
第二期
是否可以完全控制WiFi标头? (即使这需要WinPcap之外的其他东西)
2nd Issue
Is it possible to have full control over the WiFi headers? (even if this require something else than WinPcap)
推荐答案
这种假以太网"如何工作?
How this 'fake ethernet' works?
或者网络适配器本身使用伪造的以太网报头向主机提供数据包(将802.11 MAC,LLC和SNAP报头转换为以太网报头,对于某些数据包,LLC报头可能跟着SNAP报头),或者司机这样做.
Either the network adapter itself supplies packets to the host with fake Ethernet headers (transforming the 802.11 MAC, LLC, and SNAP headers into an Ethernet header and, for some packets, an LLC header possibly followed by a SNAP header), or the driver does so.
仅对数据帧执行此操作;在此模式下捕获时,管理和控制帧不会显示. 802.11标头的源和目标MAC地址成为以太网标头中的源和目标MAC地址; TA和RA字段被丢弃,帧控制和报头中的其他字段也被丢弃.如果帧的SNAP标头的OUI为全零,则表示"PID是以太网类型",则SNAP标头中的PID成为以太网标头的类型/长度字段中的值;否则,帧中数据的长度(包括LLC报头及其后的所有内容,但不包括FCS)将成为类型/长度字段中的值.在第一种情况下,SNAP标头之后的所有内容,在第二种情况下,MAC标头之后的所有内容都成为以太网有效负载.
This is only done for data frames; management and control frames are not shown when capturing in this mode. The source and destination MAC addresses of the 802.11 header become the source and destination MAC addresses in the Ethernet header; the TA and RA fields are discarded, as are the frame control and other fields in the header. If the frame has a SNAP header with an OUI of all zeroes, meaning "the PID is an Ethernet type", the PID in the SNAP header becomes the value in the type/length field of the Ethernet header; otherwise, the length of the data in the frame, including the LLC header and everything after it (but not including the FCS) becomes the value in the type/length field. Everything after the SNAP header in the first case, and everything after the MAC header in the second case, becomes the Ethernet payload.
是否可以绕过或禁用它?
Is it possible to bypass it or disable it?
是的,但是您必须在计算机上安装特殊的软件.
Yes, but you'll have to install special software on your machine.
某些形式的特殊软件具有"Fedora"和"Ubuntu"之类的名称.不幸的是,它们可能会在尝试在计算机上运行Windows应用程序时引起问题. :-)
Some forms of special software have names such as "Fedora" and "Ubuntu". Unfortunately, they might cause problems when trying to run Windows applications on your machine. :-)
不幸的是,当您尝试发送数据包时,尝试不使用Linux替换Windows并不像安装Microsoft Network Monitor和捕获流量那样容易接着就,随即.不幸的是, Microsoft的本机WiFi"的网络监视器操作模式"文档表示,在这种模式下,驱动程序无法自行发送数据包,也不能通过调用其 MiniportSendNetBufferLists 函数来发送数据包."也许有几种方法可以与
Unfortunately, as you're trying to send packets, trying to do this without replacing Windows with Linux isn't as easy as installing Microsoft Network Monitor and capturing traffic with that. Unfortunately, Microsoft's documentation for "Network Monitor Operation Mode" for "Native WiFi" says that, in that mode, "The driver cannot send packets either on its own or through a call to its MiniportSendNetBufferLists function." Perhaps there are ways of connecting to the Wi-Fi driver the same way some of the user-mode boxes in the diagram on this page do, but, to find them, you might have to start at Microsoft's top-level documentation page for Native 802.11 Wireless LAN and work your way down.
这篇关于带有WinPcap的原始WiFi数据包的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
