[原创] Wireshark_11AC

发新帖
发表于 2016-3-14 11:59:19 | 显示全部楼层 |阅读模式
分享:
查看: 3926|回复: 0
Wireshark_11AC - How to get started! 5) How do I build and install the sniffer (Wireshark) for Ubuntu?5.1 Update local package index with the latest changes. Run this command from the terminal:$ sudo apt-get update 5.2 Fetch the dependency packages to ensure a successful source-based installation of Wireshark. $ sudo apt-get install bison flex libgtk2.0-dev libpcap-dev libc-ares-dev libsmi2-dev libgnutls-dev libgcrypt11-dev libkrb5-dev libcap2-bin libgeoip-dev libortp-dev libportaudio-dev 5.3 Download the source code for Wireshark from http://www.wireshark.org/download.htmlORDownload Wireshark from \\10.234.2.215\share\11AC-sniffer Note: Please use version 1.6.8 or later (the older versions have a problem where the prism header noise type is decoded as rate). 5.4 Change to the directory to where you saved the Wireshark source code file.$ cd ~/Downloads 5.5 Unpack the Wireshark source code file. $ tar -xvf wireshark-xxx.tar.bz2 5.6 Change to the wireshark-xxx directory.$ cd wireshark-xxx 5.7 Run the configure script with this command from the terminal:$ ./configure 5.8 Apply QCA patch- The dissector file “packet-ieee80211.c” with VHT decode can be checked out from \\10.234.2.215\share\11AC-sniffer - Replace Downloads/wireshark-xxx/epan/dissectors/packet-ieee80211.c with QCA enhanced packet-ieee80211.c 5.9 Build Wireshark. Run this command from the terminal:$ make 5.10 Install Wireshark.$ sudo make install Before running the Step 6 , please make sure you have executed through the steps in “Building host and target drivers” in the Build_host_machine.txt” file attached with this email. 6) How do I start the driver in monitor mode?On your x86 host invoke the following $ sudo rc.wlan up$ sudo wlanconfig wlan create wlandev wifi0 wlanmode monitor$ sudo iwpriv wlan0 mode 11ACVHT80 $ sudo iwconfig wlan0 channel 44 (whatever channel you want to monitor)$ sudo ifconfig wlan0 up 7) How do I use wireshark to decode the packets?Run Wireshark with this command from the terminal$ sudo wireshark $ Set the Capture Interface to wlan0 (monitor interface)$ Click the Start button 8) What VHT related info can wireshark decode?1) The following VHT IEs can be decoded by wireshark1) VHT Capability IE2) VHT Operational IE3) Extended BSS Load IE4) VHT Operating Mode Notification Element5) Control/channel Switch Wrapper Element6) VHT Transmit Power Envelope Element7) Wide Band Channel Switch Element2) Decode Operating Mode Notification action frame.3) The prism header can be expanded to view the Rate info which now includes VHT_SIG_A information. You should be able to see1) The number of Spatial Streams2) The Channel Bandwidth3) SGI in use/not4) STBC in use/not5) LDPC in use/not6) MCSThe signaling RTS will show the decoded Service field (static/dynamic and Channel width). 9) Are there any known limitations/issues?Yes. CUS223 has a problem with promiscuous mode where the MAC hangs on receipt of PHY errors. Raj has checked in a WAR to detect this scenario and reset the MAC. So, you will miss packets during this time. Wi-Fi 2.0 will have a fix for this problem. Wireshark has a problem with decoding A-MSDUs. 10) If I see new issues with running the sniffer what should I do?Open an EV (bug report) and describe your problem and attach as much debug info as possible (dmesg output).
收藏1 回复

使用道具 举报

返回列表
您需要登录后才可以回帖 登录 | 立即注册

快速回复 返回顶部 返回列表