bugkuctf<这么多数据包>

数据包过滤语句

tcp and tcp.srcport!=60686 and tcp.dstport !=60686 and tcp.srcport!=60687 and tcp.dstport !=60687 and tcp.srcport!=60688 and tcp.dstport !=60688 and tcp.srcport!=3389 and tcp.dstport !=3389 and tcp.srcport!=135 and tcp.dstport !=135 and tcp.srcport!=139 and tcp.dstport !=139 and tcp.srcport!=445 and tcp.dstport !=445 and tcp.srcport != 4444 and tcp.dstport!=4444

60686\60687\60688为扫描端口，3389\135\139\445端口为windows特征端口，经过观察过滤掉4444的端口，即可找到1234端口的通信数据

bugkuctf<想蹭网先解开密码>

数据包分析

"Statistics"->"Protocol Hierarchy"进行协议分析，发现"802.1x Authentication"比较可疑，右键，"Apply As Filter"，发现是eapol的四次握手协议，可疑爆破，但是爆破需要网络的ssid
wireshark的过滤语句如下:

eapol or wlan.fc.type_subtype == 0x08

右键mark有用数据包的起止范围，然后"File"->"Export Specified Packets"，保存时选择"First to Last Maked"，即可保存选择的数据包。

破解

生成字典：

output = open("password.txt","w")
prefix = "1391040"

for i in range(0,10000):
    if(i < 10):
        tmp = "000"
    elif(i < 100):
        tmp = "00"
    elif(i < 1000):
        tmp = "0"
    else:
        tmp = ""
    tmp += str(i)
    tmp = prefix + tmp + "\n"
    output.write(tmp)

output.close()

用kali中的aircrack-ng破解

aircrack-ng wifi-5.pcap -w password.txt