gopacket解析Dot11层

时间:2017-07-05 13:09:20

标签: go 802.11 gopacket

我正在尝试使用gopacket来解析.pcap文件的数据包并且几乎要获取其中的所有信息,直到现在我得到截断的信息或错误如果我尝试使用过滤器。

package main

import (
    "fmt"
    "github.com/google/gopacket"
    "github.com/google/gopacket/pcap"
    //"github.com/google/gopacket/layers"
    "log"
)

var (
    pcapFile string = "myFile.pcap"
    handle   *pcap.Handle
    err      error
)

func main() {
    // Open file instead of device
    handle, err = pcap.OpenOffline(pcapFile)
    if err != nil { log.Fatal(err) }
    defer handle.Close()

    // Loop through packets in file
    packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
    for packet := range packetSource.Packets() {
        fmt.Println
      }
}

返回:

PACKET: 122 bytes, wire length 122 cap length 122 @ 2017-06-11 02:57:03.133873 +0100 WEST
- Layer 1 (36 bytes) = RadioTap {Contents=[..36..] Payload=[..86..] Version=0 Length=36 Present=2684370991 TSFT=661956589449 Flags=FCS Rate=1 Mb/s ChannelFrequency=2412 MHz ChannelFlags=CCK,Ghz2 FHSS=0 DBMAntennaSignal=-91 DBMAntennaNoise=0 LockQuality=0 TxAttenuation=0 DBTxAttenuation=0 DBMTxPower=0 Antenna=0 DBAntennaSignal=0 DBAntennaNoise=0 RxFlags= TxFlags= RtsRetries=0 DataRetries=0 MCS= AMPDUStatus=ref#0 VHT=}
- Layer 2 (24 bytes) = Dot11    {Contents=[..24..] Payload=[..58..] Type=DataQOSData Proto=0 Flags=TO-DS,WEP DurationID=0 Address1=11:22:33:44:55:66 Address2=00:11:22:33:44:55 Address3=11:22:33:44:55:66 Address4= SequenceNumber=0 FragmentNumber=0 Checksum=4262477891}
- Layer 3 (58 bytes) = Dot11WEP {Contents=[..58..] Payload=[]}

PACKET: 116 bytes, wire length 116 cap length 116 @ 2017-06-11 02:57:03.243457 +0100 WEST
- Layer 1 (18 bytes) = RadioTap {Contents=[..18..] Payload=[..102..] Version=0 Length=18 Present=18478 TSFT=0 Flags= Rate=1 Mb/s ChannelFrequency=2417 MHz ChannelFlags=CCK,Ghz2 FHSS=0 DBMAntennaSignal=-25 DBMAntennaNoise=0 LockQuality=0 TxAttenuation=0 DBTxAttenuation=0 DBMTxPower=0 Antenna=1 DBAntennaSignal=0 DBAntennaNoise=0 RxFlags= TxFlags= RtsRetries=0 DataRetries=0 MCS= AMPDUStatus=ref#0 VHT=}
- Layer 2 (24 bytes) = Dot11    {Contents=[..24..] Payload=[..74..] Type=DataQOSData Proto=0 Flags=TO-DS,WEP DurationID=314 Address1=00:11:22:33:44:55 Address2=11:22:33:44:55:66 Address3=00:11:22:33:44:55 Address4= SequenceNumber=0 FragmentNumber=0 Checksum=412506031}
- Layer 3 (74 bytes) = Dot11WEP {Contents=[..74..] Payload=[]}

我想看看例如每个图层中的数据包的SSID或更多信息,但每次我尝试深入研究我得到的项目时

RadioTap
Dot11
Dot11WEP
RadioTap
Dot11
Dot11WEP

上述输出代码

package main



import (
    "fmt"
    "github.com/google/gopacket"
    "github.com/google/gopacket/pcap"
    //"github.com/google/gopacket/layers"
    "log"
)

var (
    pcapFile string = "myFile.pcap"
    handle   *pcap.Handle
    err      error
)

func main() {
    // Open file instead of device
    handle, err = pcap.OpenOffline(pcapFile)
    if err != nil { log.Fatal(err) }
    defer handle.Close()

    // Loop through packets in file
    packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
    for packet := range packetSource.Packets() {
      for _, p := range packet.Layers() {
        for _, b := range p.LayerType() {
          fmt.Println(b)
        }
      }
    }
}

但实际上我想知道SSID / BSSID以及Dot11层包内的标志。

1 个答案:

答案 0 :(得分:0)

package main

import (
    "fmt"
    "github.com/google/gopacket"
    "github.com/google/gopacket/pcap"
    "github.com/google/gopacket/layers"
    "log"
)

var (
    pcapFile string = "Network_Join_Nokia_Mobile.pcap"
    handle   *pcap.Handle
    err      error
)

func main() {
    // Open file instead of device
    handle, err = pcap.OpenOffline(pcapFile)
    if err != nil { log.Fatal(err) }
    defer handle.Close()

    // Loop through packets in file
    packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
    for packet := range packetSource.Packets() {
        fmt.Println(packet.Metadata().CaptureInfo.Timestamp)
        dot11 := packet.Layer(layers.LayerTypeDot11)
        if nil != dot11 {
                dot11, _ := dot11.(*layers.Dot11)
                // the flags are empty in many of the packets of this example capture file
                fmt.Printf("BSSID: %v Flags: %+v\n", dot11.Address3, dot11.Flags)
        }
        dot11info := packet.Layer(layers.LayerTypeDot11InformationElement)
        // some wlan frames contain these with the SSID, usually beacons, probes and association requests
        if nil != dot11info {
                dot11info, _ := dot11info.(*layers.Dot11InformationElement)
                if dot11info.ID == layers.Dot11InformationElementIDSSID {
                        fmt.Printf("SSID: %q\n", dot11info.Info)
                }
        }
        fmt.Printf("\n")
    }
}

example file Network_Join_Nokia_Mobile.pcap from Wireshark输出的一部分:

2000-01-01 00:05:04.913478 +0000 UTC
BSSID: 00:01:e3:41:bd:6e Flags: Retry
SSID: "martinet3"

请注意,您在问题中使用的捕获文件不包含具有包含SSID的图层的框架。