wireshark 常用过滤规则

///////////// 过滤 btm 报文
wlan.fixed.category_code == 10

Wireshark Display Filters related management traffic:

wireshark display filters:

management frames   wlan.fc.type == 0   all management frames
 
    wlan.fc.type_subtype == 0   association requests
    wlan.fc.type_subtype == 1   association response
    wlan.fc.type_subtype == 2   re-association request
    wlan.fc.type_subtype == 3   re-association response
    wlan.fc.type_subtype == 4   probe requests
    wlan.fc.type_subtype == 5   probe responses
    wlan.fc.type_subtype == 8   beacons
    wlan.fc.type_subtype == 9   atims
    wlan.fc.type_subtype == 10  disassosiations
    wlan.fc.type_subtype == 11  authentications
    wlan.fc.type_subtype == 12  deauthentications
    wlan.fc.type_subtype == 13  actions
         

Wireshark Display Filters related Control frames traffic:

control frames  wlan.fc.type == 1   all control frames
    wlan.fc.type_subtype == 24  block ack requests
    wlan.fc.type_subtype == 25  block ack
    wlan.fc.type_subtype == 26  ps-polls
    wlan.fc.type_subtype == 27  rts
    wlan.fc.type_subtype == 28  cts
    wlan.fc.type_subtype == 29  acks
    wlan.fc.type_subtype == 30  cf-ends
    wlan.fc.type_subtype == 31  cf-ends/cf-acks

Wireshark Display Filters related Data frames traffic:

data frames wlan.fc.type == 2   all data frames
    wlan.fc.type_subtype == 32  data frames
    wlan.fc.type_subtype == 33  data+cf-ack
    wlan.fc.type_subtype == 34  data+cf-poll
    wlan.fc.type_subtype == 35  data+cf-ack + cf-ack
    wlan.fc.type_subtype == 36  null data
    wlan.fc.type_subtype == 37  cf-ack
    wlan.fc.type_subtype == 38  cf-poll
    wlan.fc.type_subtype == 39  cf-ack + cf-poll
    wlan.fc.type_subtype == 40  qos data
    wlan.fc.type_subtype == 41  qos data + cf-ack
    wlan.fc.type_subtype == 42  qos data + cf-poll
    wlan.fc.type_subtype == 43  qos data + cf-ack+ cf-poll
    wlan.fc.type_subtype == 44  qos null
    wlan.fc.type_subtype == 46  qos cf-poll
    wlan.fc.type_subtype == 47  qos cf-ack + cf-poll

Wireshark Display Filters related Retries:

retry   wlan.fc.retry ==1   retry frames
    wlan.fc.retry ==1 && wlan.fc.tods ==1   towards ap
    wlan.fc.retry ==1 && wlan.fc.fromds ==1 from ap towards client device

Wireshark Display Filters related 802.11 k,v,r traffic:
802.11 k,v,r         
    wlan.fixed.action_code ==23 802.11v dms request
    wlan.fixed.action_code ==24 802.11v dms respose
    wlan.fixed.action_code == 4 802.11k neighbour request
    wlan.fixed.action_code == 5 802.11k neighbour response
    (wlan.fc.type_subtype==0)&&(wlan.rsn.akms.type==3)  802.11r auth request
    (wlan.fc.type_subtype==1)&&(wlan.tag.number==55)    802.11r auth response
    (wlan.fc.type_subtype==2)&&(wlan.tag.number==55)    802.11r re-association request
    (wlan.fc.type_subtype==3)&&(wlan.tag.number==55)    802.11r re-association response
    wlan.fixed.action_code==7                       BSS Transition (Steering)
    wlan.fixed.action_code==8   BSS Transition (Steering)

Display Filters related Weak signals:

wlan_radio.signal_dbm < -67 weak signal filter
wlan.fc.type_subtype == 0x05 && wlan_radio.signal_dbm < -75 weak prob response
wlan.fc.type_subtype == 0x04 && wlan_radio.signal_dbm < -75 weak prob requests
Some Extras:

wlan.addr == mac address    specific client by mac address
wlan.ta == mac address  transmitter address
wlan.ra == mac address  receive address
wlan.sa == mac address  source address
wlan.da == mac address  destination address
wlan.bssid == ap mac address    radio mac address
wlan.mgt.ssid == “your-ssid”    filter by ssid
最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

推荐阅读更多精彩内容