Análisis de paquetes con Tshark
Comandos para realizar análisis de paquetes presentes en captura de tráfico mediante Tshark.
Paquete Association Request
tshark -r traffic_file.cap -Y "wlan.fc.type_subtype==0"Paquete Association Response
tshark -r traffic_file.cap -Y "wlan.fc.type_subtype==1"Paquete Reassociation Request
tshark -r traffic_file.cap -Y "wlan.fc.type_subtype==2"Paquete Reassociation Response
tshark -r traffic_file.cap -Y "wlan.fc.type_subtype==3"Paquete Probe Request
tshark -r traffic_file.cap -Y "wlan.fc.type_subtype==4"Paquete Probe Response
tshark -r traffic_file.cap -Y "wlan.fc.type_subtype==5"Paquete Beacon
tshark -r traffic_file.cap -Y "wlan.fc.type_subtype==8"Paquete ATIM (Announcement Traffic Indication Message)
tshark -r traffic_file.cap -Y "wlan.fc.type_subtype==9"Paquete Desassociation
tshark -r traffic_file.cap -Y "wlan.fc.type_subtype==10"Paquete Authentication
tshark -r traffic_file.cap -Y "wlan.fc.type_subtype==11"Paquete Desauthentication
tshark -r traffic_file.cap -Y "wlan.fc.type_subtype==12"Paquete Action
tshark -r traffic_file.cap -Y "wlan.fc.type_subtype==13"Paquete RTS (Request to Send)
tshark -r traffic_file.cap -Y "wlan.fc.type_subtype==27"Paquete CTS (Clear to Send)
tshark -r traffic_file.cap -Y "wlan.fc.type_subtype==28"Paquete ACK (Acknowledgment)
tshark -r traffic_file.cap -Y "wlan.fc.type_subtype==29"Paquete BAR (Block Acknowledgment Request)
tshark -r traffic_file.cap -Y "wlan.fc.type_subtype==32"Paquete BA (Block Acknowledgment)
tshark -r traffic_file.cap -Y "wlan.fc.type_subtype==33"Paquete PS-Poll (Power Save-Poll)
tshark -r traffic_file.cap -Y "wlan.fc.type_subtype==34"Paquete CF-End (Contention-Free End)
tshark -r traffic_file.cap -Y "wlan.fc.type_subtype==38"Paquete CF-End + CF-ACK
tshark -r traffic_file.cap -Y "wlan.fc.type_subtype==39"Paquete QoS
tshark -r traffic_file.cap -Y "wlan.fc.type_subtype==40"