Most sniffers aren't smart enough to associate CTSes and ACKs with their corresponding data frames based on timing, so it's very difficult to keep these CTSes and ACKs in your capture if you're filtering stuff out based on BSSID. The only way to tell which BSSID those frames are associated with is to see if they were transmitted during a tiny timing window right before (in the case of a CTS) or right after (in the case of an ACK) a data frame with the right BSSID. Specifically, tiny control frames such as CTSes and ACKs contain little more than the MAC address of the intended receiver and a few status bits. But then again, unless you're running multiple capture radios on your Wireshark machine simultaneously, you can't be tuned to multiple bands or channels at the same time.Īs I mentioned before, not all 802.11 packets report their BSSID. And larger Wi-Fi networks are made up of lots of APs, each with its own BSSID. So it would have two BSSes, each with its own BSSID. Note that a simultaneous dual-band AP is technically two APs in one one for each band. The Wireshark syntax for this is: wlan.bssid = 00.11.22.33.44.55 The BSSID is the MAC address of the AP (Access Point think "Wi-Fi router") that is hosting that network. In this lab, you will use Wireshark to capture ICMP data packet IP addresses and Ethernet frame MAC addresses. Most, but not all, 802.11 packets contain a header field to report which "BSSID" the packet is on.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |