Linux 无线协议栈及配置命令

一、802.11 协议栈

二、无线网卡配置

1、查看无线网卡

  • ifconfig
  • iwconfig
  • iw list

示例:

root@kali:~# iwconfig 
wlan0     IEEE 802.11  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry short  long limit:2   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          
eth0      no wireless extensions.

lo        no wireless extensions.

root@kali:~# iw list  #可以列出网卡支持的加密方法,接口模式,信道,功率以及命令等
Wiphy phy0
    max # scan SSIDs: 4
    max scan IEs length: 2257 bytes
    max # sched scan SSIDs: 0
    max # match sets: 0
    max # scan plans: 1
    max scan plan interval: -1
    max scan plan iterations: 0
    Retry short long limit: 2
    Coverage class: 0 (up to 0m)
    Device supports RSN-IBSS.
    Supported Ciphers:
        * WEP40 (00-0f-ac:1)
        * WEP104 (00-0f-ac:5)
        * TKIP (00-0f-ac:2)
        * CCMP-128 (00-0f-ac:4)
        * CCMP-256 (00-0f-ac:10)
        * GCMP-128 (00-0f-ac:8)
        * GCMP-256 (00-0f-ac:9)
    Available Antennas: TX 0 RX 0
    Supported interface modes:
         * IBSS
         * managed
         * AP
         * AP/VLAN
         * monitor
         * mesh point
……………………

2、信道频率

  • iwlist wlan0 frequency
  • iw list

3、扫描附近AP

  • iw dev wlan0 scan
  • iw dev wlan0 scan | grep SSID
  • iw dev wlan0 scan | egrep "DS\ Parameter\ set | SSID"
  • iwlist wlan0 scanning | egrep "ESSID | Channel"

说明:上图1处的 signal 指的是接收功率,AP 发射的无线电波在传播是会有较大损耗,导致接受到的功率小于 1mW,再结合db和mW的转换公式可知,dB是负的,signal > -50dBm 信号还是比较强的,传输基本没啥问题。

4、添加删除侦听端口

  • iw dev wlan0 interface add wlan0mon type monitor(注意命名限制:wlan+数字+mon)
  • tcpdump -S 0 -i wlan2mon -P(建议用wireshark抓包查看)
  • iw dev wlan0mon interface del

示例:

root@kali:~# iwconfig 
wlan0     IEEE 802.11  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry short  long limit:2   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          
eth0      no wireless extensions.

lo        no wireless extensions.

root@kali:~# iw dev wlan0 interface add wlan0mon type monitor
root@kali:~# iwconfig 
wlan0     IEEE 802.11  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry short  long limit:2   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          
eth0      no wireless extensions.

wlan0mon  IEEE 802.11  Mode:Monitor  Tx-Power=20 dBm   
          Retry short  long limit:2   RTS thr:off   Fragment thr:off
          Power Management:off
          
lo        no wireless extensions.

root@kali:~# ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.10.181  netmask 255.255.255.0  broadcast 10.10.10.255
        inet6 fe80::20c:29ff:fe95:c833  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:95:c8:33  txqueuelen 1000  (Ethernet)
        RX packets 10  bytes 1888 (1.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 48  bytes 4684 (4.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 20  bytes 1116 (1.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 20  bytes 1116 (1.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 46:04:18:cb:ab:ba  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

root@kali:~# ifconfig wlan0mon up
root@kali:~# ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.10.181  netmask 255.255.255.0  broadcast 10.10.10.255
        inet6 fe80::20c:29ff:fe95:c833  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:95:c8:33  txqueuelen 1000  (Ethernet)
        RX packets 10  bytes 1888 (1.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 48  bytes 4684 (4.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 20  bytes 1116 (1.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 20  bytes 1116 (1.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 46:04:18:cb:ab:ba  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0mon: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        unspec 1C-BF-CE-3B-5F-BE-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
        RX packets 1551  bytes 76677 (74.8 KiB)
        RX errors 0  dropped 1551  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wireshark 抓包结果

注意:如果" iw dev wlan0 interface add wlan0mon type monitor "命令执行完 wlan0mon 是 Managed 模式或" ifconfig wlan0mon up"报错(参见下图),则可能是 network-manager 对 iw 命令相冲突,可通过先执行" service network-manager stop"命令,再进行如上操作解决。

5、协议栈

参见:https://www.kernel.org/doc/htmldocs/80211/index.html

6、无线驱动

参见:http://liuxwireless.org/en/users/Drivers/

加载中…………

 
posted @ 2022-03-20 17:55  z9m8r8  阅读(779)  评论(0编辑  收藏  举报