dongwan5381 2017-07-05 13:09 采纳率: 100%
浏览 140

gopacket解析Dot11层

I'm trying to use gopacket to parse the packets of a .pcap file and pretty much to get all the information in it, until now I get either truncated information or an error IF I try to use a filter.

package main

import (
    "fmt"
    "github.com/google/gopacket"
    "github.com/google/gopacket/pcap"
    //"github.com/google/gopacket/layers"
    "log"
)

var (
    pcapFile string = "myFile.pcap"
    handle   *pcap.Handle
    err      error
)

func main() {
    // Open file instead of device
    handle, err = pcap.OpenOffline(pcapFile)
    if err != nil { log.Fatal(err) }
    defer handle.Close()

    // Loop through packets in file
    packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
    for packet := range packetSource.Packets() {
        fmt.Println
      }
}

This returns:

PACKET: 122 bytes, wire length 122 cap length 122 @ 2017-06-11 02:57:03.133873 +0100 WEST
- Layer 1 (36 bytes) = RadioTap {Contents=[..36..] Payload=[..86..] Version=0 Length=36 Present=2684370991 TSFT=661956589449 Flags=FCS Rate=1 Mb/s ChannelFrequency=2412 MHz ChannelFlags=CCK,Ghz2 FHSS=0 DBMAntennaSignal=-91 DBMAntennaNoise=0 LockQuality=0 TxAttenuation=0 DBTxAttenuation=0 DBMTxPower=0 Antenna=0 DBAntennaSignal=0 DBAntennaNoise=0 RxFlags= TxFlags= RtsRetries=0 DataRetries=0 MCS= AMPDUStatus=ref#0 VHT=}
- Layer 2 (24 bytes) = Dot11    {Contents=[..24..] Payload=[..58..] Type=DataQOSData Proto=0 Flags=TO-DS,WEP DurationID=0 Address1=11:22:33:44:55:66 Address2=00:11:22:33:44:55 Address3=11:22:33:44:55:66 Address4= SequenceNumber=0 FragmentNumber=0 Checksum=4262477891}
- Layer 3 (58 bytes) = Dot11WEP {Contents=[..58..] Payload=[]}

PACKET: 116 bytes, wire length 116 cap length 116 @ 2017-06-11 02:57:03.243457 +0100 WEST
- Layer 1 (18 bytes) = RadioTap {Contents=[..18..] Payload=[..102..] Version=0 Length=18 Present=18478 TSFT=0 Flags= Rate=1 Mb/s ChannelFrequency=2417 MHz ChannelFlags=CCK,Ghz2 FHSS=0 DBMAntennaSignal=-25 DBMAntennaNoise=0 LockQuality=0 TxAttenuation=0 DBTxAttenuation=0 DBMTxPower=0 Antenna=1 DBAntennaSignal=0 DBAntennaNoise=0 RxFlags= TxFlags= RtsRetries=0 DataRetries=0 MCS= AMPDUStatus=ref#0 VHT=}
- Layer 2 (24 bytes) = Dot11    {Contents=[..24..] Payload=[..74..] Type=DataQOSData Proto=0 Flags=TO-DS,WEP DurationID=314 Address1=00:11:22:33:44:55 Address2=11:22:33:44:55:66 Address3=00:11:22:33:44:55 Address4= SequenceNumber=0 FragmentNumber=0 Checksum=412506031}
- Layer 3 (74 bytes) = Dot11WEP {Contents=[..74..] Payload=[]}

I would like to see for example the SSID of the packets or more info inside each layer but everytime I try to drill down the items I get:

RadioTap
Dot11
Dot11WEP
RadioTap
Dot11
Dot11WEP

CODE FOR THE ABOVE OUTPUT

package main



import (
    "fmt"
    "github.com/google/gopacket"
    "github.com/google/gopacket/pcap"
    //"github.com/google/gopacket/layers"
    "log"
)

var (
    pcapFile string = "myFile.pcap"
    handle   *pcap.Handle
    err      error
)

func main() {
    // Open file instead of device
    handle, err = pcap.OpenOffline(pcapFile)
    if err != nil { log.Fatal(err) }
    defer handle.Close()

    // Loop through packets in file
    packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
    for packet := range packetSource.Packets() {
      for _, p := range packet.Layers() {
        for _, b := range p.LayerType() {
          fmt.Println(b)
        }
      }
    }
}

But in reality I would like to Know the SSID/BSSID and the flags inside the packtet from Dot11 layer.

  • 写回答

1条回答 默认 最新

  • duan111112 2017-07-10 12:04
    关注
    package main
    
    import (
        "fmt"
        "github.com/google/gopacket"
        "github.com/google/gopacket/pcap"
        "github.com/google/gopacket/layers"
        "log"
    )
    
    var (
        pcapFile string = "Network_Join_Nokia_Mobile.pcap"
        handle   *pcap.Handle
        err      error
    )
    
    func main() {
        // Open file instead of device
        handle, err = pcap.OpenOffline(pcapFile)
        if err != nil { log.Fatal(err) }
        defer handle.Close()
    
        // Loop through packets in file
        packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
        for packet := range packetSource.Packets() {
            fmt.Println(packet.Metadata().CaptureInfo.Timestamp)
            dot11 := packet.Layer(layers.LayerTypeDot11)
            if nil != dot11 {
                    dot11, _ := dot11.(*layers.Dot11)
                    // the flags are empty in many of the packets of this example capture file
                    fmt.Printf("BSSID: %v Flags: %+v
    ", dot11.Address3, dot11.Flags)
            }
            dot11info := packet.Layer(layers.LayerTypeDot11InformationElement)
            // some wlan frames contain these with the SSID, usually beacons, probes and association requests
            if nil != dot11info {
                    dot11info, _ := dot11info.(*layers.Dot11InformationElement)
                    if dot11info.ID == layers.Dot11InformationElementIDSSID {
                            fmt.Printf("SSID: %q
    ", dot11info.Info)
                    }
            }
            fmt.Printf("
    ")
        }
    }
    

    Part of output with example file Network_Join_Nokia_Mobile.pcap from Wireshark:

    2000-01-01 00:05:04.913478 +0000 UTC
    BSSID: 00:01:e3:41:bd:6e Flags: Retry
    SSID: "martinet3"
    

    Note that the capture file you used in your question does not contain a frame with the layer that contains the SSID.

    评论

报告相同问题?

悬赏问题

  • ¥15 数学的三元一次方程求解
  • ¥20 iqoo11 如何下载安装工程模式
  • ¥15 本题的答案是不是有问题
  • ¥15 关于#r语言#的问题:(svydesign)为什么在一个大的数据集中抽取了一个小数据集
  • ¥15 C++使用Gunplot
  • ¥15 这个电路是如何实现路灯控制器的,原理是什么,怎么求解灯亮起后熄灭的时间如图?
  • ¥15 matlab数字图像处理频率域滤波
  • ¥15 在abaqus做了二维正交切削模型,给刀具添加了超声振动条件后输出切削力为什么比普通切削增大这么多
  • ¥15 ELGamal和paillier计算效率谁快?
  • ¥15 蓝桥杯单片机第十三届第一场,整点继电器吸合,5s后断开出现了问题