问题
I'm building a PcapNG parser (in Python) to analyse WiFi packets.
I'd like to be able to display the link type (e.g., the protocol variant: 802.11b, 802.11a, 802.11g or 802.11n).
However, reading the PcapNG format definition I see only the following being mentioned:
- LINKTYPE_IEEE802_11 105 IEEE 802.11 (wireless)
- LINKTYPE_IEEE802_11_RADIO 127 802.11 plus BSD radio header
Is there a way to extract the WiFi protocol type from a PcapNG trace file?
回答1:
If the link-layer header type for the interface on which the packet was captured is LINKTYPE_IEEE802_11, no, you can't get the protocol variant.
If the link-layer header type for the interface on which the packet was captured is LINKTYPE_IEEE802_11_RADIOTAP (yes, that's the correct name; the list of link-layer header types in the wiretap.org pcap-NG spec is out of date, the up-to-date list is the tcpdump.org Link-Layer Header Types page), then the packet begins with a radiotap header giving various meta-data about the packet.
If the radiotap header includes the Channel field, then, from the information there, you can determine some information about the protocol variant:
- "5 GHz spectrum channel" + "OFDM channel" = 802.11a;
- "2 GHz spectrum channel" + "CCK channel" = 802.11b;
- "2 GHz spectrum channel" + "OFDM channel" = 802.11g;
- "2 GHz spectrum channel" + "Dynamic CCK-OFDM channel" = 802.11g;
(the difference between the two flavors of 802.11g indicates whether there might also be 802.11b traffic on the same channel - that's what the "Dynamic CCK-OFDM channel" indicates).
However, if the MCS field is present, it's 802.11n, not any of those other types, and if the VHT field is present, it's 802.11ac.
There might also be an XChannel field, which can be interpreted similarly to the Channel field, although it also contains some information for 802.11n.
来源:https://stackoverflow.com/questions/29339864/is-there-a-way-to-extract-the-wifi-protocol-type-from-a-pcapng-trace-file