如何使用wireshark抓到報文radiotap的信息

本人希望在不修改內(nèi)核的情況下獲得每個數(shù)據(jù)報文的RSSI的大小,查閱資料后得知可以使用wireshark抓取報文,在報文的radiotap頭中會有rssi的信息。但是實際操作后發(fā)現(xiàn)獲取的報文是這個樣子的:
image.png

查閱資料后發(fā)現(xiàn),當無線網(wǎng)卡不支持或者沒有設(shè)置為monitor mode時,無線網(wǎng)卡的驅(qū)動會自動把802.11 frame 轉(zhuǎn)化為Ethernet frame后給kernel。官方解釋為:

If you‘re trying to capture network traffic that‘s not being sent to or from 
the machine running Wireshark or TShark, i.e. traffic between two or more 
other machines on an Ethernet segment, or are interested in 802.11 management 
or control packets, or are interested in radio-layer information about 
packets, you will probably have to capture in "monitor mode". This is 
discussed below.

Without any interaction, capturing on WLAN‘s may capture only user data 
packets with "fake" Ethernet headers. In this case, you won‘t see any 802.11 
management or control packets at all, and the 802.11 packet headers 
are"translated" by the network driver to "fake" Ethernet packet headers.

使用iwconfig命令后發(fā)現(xiàn):
2017-11-27 16_45_50 _______________.png

此時無線網(wǎng)卡的模式為managed。因此,我試著去打開無線網(wǎng)卡的monitor mode。查閱資料后,使用命令:

sudo ifconfig wlan11 down
sudo iwconfig wlan11 mode monitor
sudo ifconfig wlan11 up

再次運行iwconfig后發(fā)現(xiàn):
2017-11-27 16_45_28 _______________.png

此時,網(wǎng)卡的模式已經(jīng)變?yōu)镸onitor,在使用wireshark進行抓包,發(fā)現(xiàn)也有了radiotap header:
2017-11-27 16_45_01 _______________.png

參考網(wǎng)址:
https://www.zhihu.com/question/30085207
http://blog.csdn.net/qq_28057541/article/details/52937742
http://www.lxway.com/425268056.htm

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容