Wireshark Filters

                                            



Management Frames

        wlan.fc.type_subtype == 0 association requests

  wlan.fc.type_subtype == 1 association response

  wlan.fc.type_subtype == 2 re-association request

  wlan.fc.type_subtype == 3 re-association response

  wlan.fc.type_subtype == 4 probe requests

  wlan.fc.type_subtype == 5 probe responses

  wlan.fc.type_subtype == 8 beacons

  wlan.fc.type_subtype == 9 atims

  wlan.fc.type_subtype == 10 disassosiations

  wlan.fc.type_subtype == 11 authentications

  wlan.fc.type_subtype == 12 deauthentications

  wlan.fc.type_subtype == 13 actions

             

Control frames traffic:

        wlan.fc.type                == 1 all control frames

  wlan.fc.type_subtype == 24 block ack requests

  wlan.fc.type_subtype == 25 block ack

  wlan.fc.type_subtype == 26 ps-polls

  wlan.fc.type_subtype == 27 rts

  wlan.fc.type_subtype == 28 cts

  wlan.fc.type_subtype == 29 acks

  wlan.fc.type_subtype == 30 cf-ends

  wlan.fc.type_subtype == 31 cf-ends/cf-acks

 Data frames traffic:

        wlan.fc.type                == 2 all data frames

  wlan.fc.type_subtype == 32 data frames

  wlan.fc.type_subtype == 33 data+cf-ack

  wlan.fc.type_subtype == 34 data+cf-poll

  wlan.fc.type_subtype == 35 data+cf-ack + cf-ack

  wlan.fc.type_subtype == 36 null data

  wlan.fc.type_subtype == 37 cf-ack

  wlan.fc.type_subtype == 38 cf-poll

  wlan.fc.type_subtype == 39 cf-ack + cf-poll

  wlan.fc.type_subtype == 40 qos data

  wlan.fc.type_subtype == 41 qos data + cf-ack

  wlan.fc.type_subtype == 42 qos data + cf-poll

  wlan.fc.type_subtype == 43 qos data + cf-ack+ cf-poll

  wlan.fc.type_subtype == 44 qos null

  wlan.fc.type_subtype == 46 qos cf-poll

  wlan.fc.type_subtype == 47 qos cf-ack + cf-poll


Wireshark Display Filters related Retries:


        wlan.fc.retry  ==1 retry frames

  wlan.fc.retry ==1 && wlan.fc.tods ==1 towards ap

  wlan.fc.retry ==1 && wlan.fc.fromds ==1 from ap towards client device


Basics filters in Wireshark:

wlan.addr == mac address   specific client by mac address

wlan.ta == mac address           transmitter address

wlan.ra == mac address           receive address

wlan.sa == mac address           source address

wlan.da == mac address           destination address

wlan.bssid == AP mac address    radio mac address

wlan.mgt.ssid == “your-ssid” filter by ssid

Comments

Post a Comment

Popular Posts