无线空口抓包OmniPeek使用

omnipeek过滤命令
Omnipeek是一款强大的网络分析工具，它可以帮助用户快速识别网络问题，并提供详细的报告和分析。

在使用Omnipeek时，过滤命令是非常有用的，它可以帮助用户根据各种条件过滤网络数据，以便更快地找到所需的信息。

以下是一些常用的Omnipeek过滤命令：
1. 过滤IP地址：可以使用“ip.addr == x.x.x.x”来过滤指定的IP地址；也可以使用“ip.src == x.x.x.x”或“ip.dst == x.x.x.x”来分别过滤源IP地址和目标IP地址。

2. 过滤协议：可以使用“tcp”、“udp”、“icmp”等关键字来过滤指定的协议。

3. 过滤端口：可以使用“tcp.port == xx”或“udp.port == xx”来过滤指定的端口。

4. 过滤MAC地址：可以使用“eth.addr == xx:xx:xx:xx:xx:xx”来过滤指定的MAC地址。

5. 过滤数据包大小：可以使用“frame.len == xx”来过滤指定大小的数据包。

以上是一些常用的Omnipeek过滤命令，但实际上还有很多其他的过滤条件可以使用。

掌握这些过滤命令可以使用户更轻松地处理和分析网络数据。

- 1 -。

OmniPeek_⽤户⼿册OmniAnalysis?PlatformGetting Started GuideG e t t i n g S t a r t e d G u i d eCopyright ? 2006, WildPackets, Inc. All rights reserved. Information in this document is subject to change without notice. No part of this document may be reproduced or transmitted in any form, or by any means, electronic or mechanical, including photocopying, for any purpose, without the express written permission of WildPackets, Inc. AiroPeek SE, AiroPeek NX, AiroPeek VX, EtherPeek SE, EtherPeek NX, EtherPeek VX, Gigabit Analyzer Card (GAC), GigaPeek NX, iNetTools, NAX, NetDoppler, NetSense, Network Calculator, Omni3, Omni Capture Engine, Omni Desktop Engine, Omni DNX Engine, OmniEngine Desktop, OmniEngine Enterprise, OmniEngine Workgroup,Omni Management Console, Omni PacketGrabber, OmniPeek, OmniPeek Enterprise, OmniPeek Enterprise Connect, OmniPeek Personal, OmniPeek Workgroup, OmniPeek Workgroup Pro, OmniPeek Personal, Omnipliance, OmniSpectrum, PacketGrabber, Peek DNX, ProConvert, ProtoSpecs, RFGrabber, RMONGrabber, WAN Analyzer Card (WAC), WANPeek NX, WildPackets, WildPackets Academy, and WildPackets OmniAnalysis Platform are trademarks of WildPackets, Inc. All other trademarks are the property of their respective holders.The material in this document is for information purposes only and is subject to change without notice. While reasonable efforts have been made in the preparation of this document to assure its accuracy, WildPackets, Inc. assumes no liability resulting from errors or omissions in this document, nor from the use of the information contained herein.WildPackets, Inc. reserves the right to make changes in the product design without reservation and without notification to its users.Contacting WildPacketsMailing AddressWildPackets, Inc.1340 Treat Blvd., Suite 500Walnut Creek, CA 94597Voice/Fax8 AM - 5 PM (PST)(925) 937-3200(800) 466-2447 (US only)Fax: (925) 937-3211info@/doc/199652966bec0975f465e2dd.htmlSalessales@/doc/199652966bec0975f465e2dd.htmlWeb/doc/199652966bec0975f465e2dd.htmlTechnical Support/doc/199652966bec0975f465e2dd.html/supportResourcesSee /doc/199652966bec0975f465e2dd.html/support/additional_resources/white_papers for white papers, tutorials, technicalbriefs and more.iiT raining and CertificationWildPackets Academy offers the most effective and comprehensive network and protocol analysis training available, meeting the professional requirements of corporate, educational, government, and private network managers. Our instructional methodology is centered on practical applications of protocol analysis techniques.See /doc/199652966bec0975f465e2dd.html/services for course catalog, current public course scheduling, web-delivered courses,and consulting services.WildPackets Academy(800) 466-2447training@/doc/199652966bec0975f465e2dd.htmlProduct Support and MaintenanceWildPackets Product Maintenance Programs ensure that you grow along with our products as new features and enhancements to existing features are added. All WildPackets customers are entitled to technical support for the life oftheir purchased product(s).Enhanced support services are available through our Premium Maintenance Programs. Premium Maintenance offers Remote Trace File Analysis assistance and free seats in our WildPackets Academy Training courses, in addition to our standard maintenance services.Standard or Premium Maintenance can be purchased by contactingsales@/doc/199652966bec0975f465e2dd.html.About WildPackets, Inc.Since 1990, WildPackets has been delivering real-time fault analysis solutions that enable the world's leading organizations to keep their networks running securely and reliably, day after day. From the desktop to the datacenter,from wireless LANs to Gigabyte backbones, on local segments and across distributed networks, WildPackets products enable IT organizations to quickly find and fix problems affecting mission-critical network services. WildPackets products are sold in over 60 countries through a broad network of channel and strategic partners. More than 5,000 customers, spanning all industrial sectors and including 80% of the Fortune 1000, use WildPackets products daily to troubleshoot networks and maximize network uptime. WildPackets customers include Agilent, Cisco Systems, Comcast, EDS, Microsoft, Siemens AG, Qualcomm, Unisys, Motorola, and Deutsche Bank. Strategic partners include Aruba, Atheros, Cisco, 3Com, Intel and Symbol Technologies. For further information, please visit/doc/199652966bec0975f465e2dd.html.20060410-E-OP40_d4iiiContentsChapter 1Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1System requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Installing the OmniPeek console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Installing an OmniEngine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Main program window and Start Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Displaying the Remote Engines window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Connecting to a remote engine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Chapter 2Capturing Packets . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . 11Capturing packets into a Capture window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Capturing packets on a remote engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Chapter 3Viewing Decoded Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17The packet decode window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Chapter 4Forensics Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Creating forensic captures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Using the remote engine files tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Chapter 5Monitoring the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Displaying Monitor statistics on the console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Baselining with summary statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Using the remote monitoring capture template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Chapter 6Creating Graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Creating a graph from a console Capture window. . . . . . . . . . . . . . . . . . . . . . . . . . . 33Creating a top ten protocols graph on a remote engine. . . . . . . . . . . . . . . . . . . . . . . 35 Chapter 7Wireless Statistics in Capture Windows . . . . . . . . . . . . . . . . . . 37The WLAN view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37The Channels view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39The Signal view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40vContentsvi Chapter 8Troubleshooting with the Expert . . . . . . . . . . . . . . . . . . . . . . . . 41 The Expert view. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41Using the Expert EventFinder Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Using the Visual Expert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Chapter 9Creating Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Enabling a filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Creating filters with the Make Filter command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Creating a simple filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Chapter 10Using the Peer Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 The Peer Map view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Chapter 11Using VoIP Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 The V oIP view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55Analyzing a single call or channel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Appendix A Keyboard Shortcuts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63C H A P T E R1 IntroductionWelcome to OmniPeek, the software console for distributed network analysis fromWildPackets!The OmniPeek console provides centralized expert analysis for 10/100 Ethernet, full-duplexGigabit Ethernet, 802.11 WLAN, and WAN networks by managing and interacting withremotely installed OmniEngines. With OmniPeek’s intuitive user interface, network engineerscan quickly troubleshoot problems on remote segments, drill down through multiple layers ofanalysis, and pinpoint problems that need correction.Important!The OmniPeek console and the OmniEngines are described here in their full-featuredversions. Please visit our web site at /doc/199652966bec0975f465e2dd.html for details about how to order the Omni features and media types that precisely fit the needs of your distributednetwork.System requirementsThe system requirements for the OmniPeek console are:●Windows XP Professional (SP2), Windows 2000 (SP4) or Windows Server 2003 (SP1)●Internet Explorer 6.0 (SP1)●Microsoft .NET Framework 2.0Note OmniPeek with Enhanced Voice Option does not support Windows Server 2003.OmniPeek supports most rack mount, desktop and portable computers as long as the basicsystem requirements to run the supported operating systems are met. Depending on trafficand the particular usage of OmniPeek, the requirements may be substantially higher.The following system is recommended for OmniPeek:1Chapter 1: Introduction 2System requirements●P4 2 GHz Processor (P4 2.4 GHz Processor for OmniPeek with Enhanced Voice Analysis)●512 MB RAM (1 GB RAM for OmniPeek with Enhanced Voice Analysis)●10 GB Available Hard Disk Space (20 GB Available Hard Disk Space for OmniPeek withEnhanced Voice Analysis)Factors that contribute towards superior performance include high speed CPU, dual CPUs, two or more GB of RAM, high performance disk storage subsystem (RAID 0), and as much additional hard disk space as is required to save the trace files that you plan to manage.Note Supported operating systems require users to have “Administrator” level privileges in order toload and unload device drivers, or to select a network adapter for the program’s use incapturing packets.For more information, please see our web site at /doc/199652966bec0975f465e2dd.html/products. Optional hardware requirementsTo analyze wireless, Gigabit, WAN, or traffic, a supported network analyzer card (GAC orWAC) or wireless LAN adapter is required for OmniPeek:●Full-duplex capture of Gigabit Ethernet networks : requires a WildPackets GigabitAnalyzer Card (GAC).Note Capture on Gigabit Ethernet networks is also possible using other supported Gigabit Ethernetinterfaces, but not in full-duplex mode.●Capture from T1/E1 WAN links : requires a WildPackets WAN Analyzer Card (WAC).●Capture from T3/E3 WAN links : requires a WildPackets WAN Analyzer Card (WAC).For more information, refer to the documentation that ships with the product or visit ourwebsite at /doc/199652966bec0975f465e2dd.html/products .For information on configuring wireless, Gigabit, and WAN analyzer cards, please refer to the OmniPeek User Guide or online help.Network connectivity and driversOmniPeek and the OmniEngines communicate over TCP/IP through port 6367, the default port for the WildPackets DNX proprietary protocol.OmniPeek Getting Started Guide WildPackets has developed a set of driver APIs for 802.11 WLAN cards, the Gigabit AnalyzerCards, and the WAN Analyzer Cards. OmniPeek and the OmniEngines ship with a number ofdrivers that support the WildPackets APIs.For the most recent information on network adapter cards and drivers, please visit http:///doc/199652966bec0975f465e2dd.html/support/product_support/overview.Installing the OmniPeek consoleTo install the OmniPeek console, follow these steps:1.Uninstall any earlier versions of OmniPeek.2.Insert the OmniPeek Installer CD into your CD or DVD drive.3.Follow the installation instructions that appear on the screen.During installation you are asked to enter a valid Activation Key. When prompted, youcan select Automatic or Manual:●Automatic: The installer uses your Internet connection to send an encrypted messageto an activation server, which retrieves and displays your Activation Key. Please writedown the Activation Key for future reference.●Manual: The installer allows you to enter the Activation Key manually. You canobtain an Activation Key in the following ways: Go to a computer with an Internetconnection and web browser and complete the request form, or call WildPacketsTechnical Support.For more information about the product activation process, please see our website at:/doc/199652966bec0975f465e2dd.html/activation.4.When the Installer has finished installing the program files, you can choose to view theReadme or launch the program.Installing an OmniEngineFor complete instructions on how to install, configure, and update settings for anOmniEngine, See the Getting Started Guide that ships with the OmniEngine or the online helpin the Omni Management Console application.Installing the OmniPeek console3Chapter 1: Introduction4Main program window and Start PageMain program window and Start PageTo start OmniPeek:●Choose Start > All Programs > WildPackets OmniPeek .The main program window and Start Page appears. The parts of the main program window are described below.●T oolbar: Provides icons for frequently-used tasks in OmniPeek. The function of each iconappears at a tooltip. Choose View > Toolbars > Show Toolbars to toggle the display ofthe icons in this toolbar.●Status Bar: Shows brief context-sensitive messages on the left and the current monitoradapter on the right. Choose View > Status Bar under the menu to toggle the display ofthis status bar.●Start Page: Provides links to useful resources, both local and online. You can:●open recently saved Capture files (click Open Capture File button)●start a new OmniPeek console capture (click New Capture button)ToolbarStatus BarOmniPeek Getting Started Guide●start a new remote engine capture (click View Remote Engines button)●view the Readme file●open the HTML version of the Getting Started Guide●open PDF versions of related hardware documents●access online resources and technical support●Network Statistics Gauge:Shows network utilization as analog dials with correspondingdigital displays. Choose Monitor > Network to display.●OmniPeek Log: Records Start, Stop, and other OmniPeek events. Choose View > Log todisplay.Displaying the Remote Engines windowThe Remote Engines window is used for interaction between the OmniPeek console and theOmniEngines. The Remote Engine window allows you to perform many of the sameoperations on a remote engine that you can perform locally with OmniPeek.Do one of the following to display the Remote Engines window:●Choose View > Remote Engines.●Click the View Remote Engines button on the Start Page.The Remote Engines window appears.Insert Engine Discover EngineInsert Group DeleteConnectDisconnectDisplaying the Remote Engines window5Chapter 1: Introduction6Connecting to a remote engineConnecting to a remote engineIn order to view packets and data from a remote engine, you must first connect to the engine from the Remote Engines window.To connect to a remote engine:1.From the Remote Engines window, click the Insert Engine icon. The Connect dialogappears./doc/199652966bec0975f465e2dd.htmlplete the dialog:●Host: Enter the IP address of the OmniEngine that you want to connect to.●Port: Enter the TCP/IP Port used for communications. Port 6367 is the default portfor the WildPackets OmniEngine.●Authentication: Select the method used to authenticate the user. Typically, you wouldselect Default if you don’t use a third-party authentication server.●Domain: Type the Domain for login to the remote engine. If the remote engine is not a member of any Domain, leave this field blank.●Username: Type the Username for login to the remote engine.●Password: Type the Password for login to the remote engine.3.Click Connect . When the connection is established, the remote engine appears in theRemote Engines window.Connecting to a remote engine 7OmniPeek Getting Started GuideTip You can add multiple OmniEngines to the Remote Engines window by using the InsertEngine icon.4.Click the Insert Group icon to add a group of engines to the Remote Engines window.5.Select the engine group and click Insert Engine to add an engine to the group.Chapter 1: Introduction8Connecting to a remote engineDiscover OmniEnginesWhen you click the Discover button in the Remote Engines window, the Discover Engines dialog appears. This dialog lets you search for OmniEngines installed on the network. You can then select the specific OmniEngines that you want to display in the Remote Engineswindow.●Engines: Displays the OmniEngines found on the network. Select the check box of theOmniEngine that you want to display in the Remote Engines window.●Discover: Click to search for OmniEngines installed on the local segment of yournetwork. The box on the right will change from Listening... to Finished when all network-available OmniEngines are discovered.●Advanced Settings:●Listen time: Enter the number of seconds that the OMC will listen for responses tothe discovery request. You can enter a minimum of 2 and a maximum of 30 seconds.●Device backoff time: Enter the number of seconds that the devices will wait beforeresponding to a Discover request. The Device backoff time should always be less thanthe listen time. You can enter a minimum of 0 and a maximum of 10 seconds.Discover OmniEngines 9OmniPeek Getting Started GuideNote You will need to select an engine in the Remote Engines window and connect to it beforecapturing packets and analyzing data.Chapter 1: Introduction10Connecting to a remote engineC H A P T E R211Capturing Packets Packets are the units of data carried on the network and the basis for all higher level network analysis. The Packets view of a Capture window is where you can view information about the individual packets transmitted on your network.OmniPeek and the OmniEngines can capture packets in multiple configurable Capture windows, each with its own dedicated capture buffer and settings for filters, triggers, and statistics output. You can establish and view multiple Capture windows up to the limits of available system resources.Capture windows allow you to:●View and monitor network traffic in real time ●Use a different adapter for each Capture window, or use the same adapter for multiple Capture windows●Apply filters, both before and after capture●Start or stop capture based on network events or time settings●View statistics based on selected network traffic●View packet contents, raw and/or decoded●Save packets for post-capture analysis in Capture file windows Capturing packets into a Capture window Note For remote capture, see Capturing packets on a remote engine on page 14.To capture packets:1.To start a new capture, do one of the following:●Click the New Capture button on the Start Page ●Choose File > New…Chapter 2: Capturing Packets12Capturing packets into a Capture windowThe General view of the Capture Options dialog appears.2.Configure the options in the General view.3.Click the Adapter view to select the capture adapter.Note For information on configuring settings in the other views of the Capture Options dialog, seethe OmniPeek User Guide or online help.4.Click OK . A new Capture window appears.Capture window titleSave to disk options Continuous capture optionsPacket slicing optionsCapture buffer size“Show this dialog...”OmniPeek Getting Started GuideStart/Stop Capture5.Click Start Capture to begin capturing packets. The Start Capture button changes to theStop Capture button and packets begin populating the Capture window.Note You can right-click a column heading to hide or display available column headings in the Packets tab.6.Click Stop Capture when you want to stop capturing packets.Capturing packets into a Capture window13。

omnipeek 解析Omnipeek是一种网络分析工具，它提供了全面而强大的功能，可以帮助用户解析网络数据包，识别网络问题，并提供有效的解决方案。

Omnipeek具有强大的数据包捕获和分析功能。

它能够捕获网络流量中的各种数据包，并对其进行深入分析。

用户可以通过查看捕获的数据包来了解网络中发生的事情，比如查看网络连接、查找异常流量、监控网络性能等。

此外，Omnipeek还可以对捕获的数据包进行解码，以便用户更好地理解其中的信息。

Omnipeek提供了丰富的网络分析功能。

用户可以利用Omnipeek 来进行网络流量统计分析，例如查看网络流量的来源和目的地，分析流量的协议分布等。

此外，Omnipeek还支持对网络流量进行过滤和搜索，用户可以根据自己的需求设置过滤条件，以便只关注特定的网络流量。

这些功能使得用户能够更好地理解网络中的数据流动情况，发现潜在的问题。

Omnipeek还具有强大的网络故障诊断功能。

当网络出现问题时，用户可以利用Omnipeek来识别问题的根源。

Omnipeek可以通过分析网络流量和数据包，找到网络中的瓶颈、延迟、丢包等问题，并提供相应的解决方案。

用户可以根据Omnipeek提供的信息来优化网络配置，改善网络性能。

Omnipeek还支持对无线网络进行分析。

它可以捕获和解码无线网络中的数据包，帮助用户了解无线网络的连接状态、信号强度、数据传输速率等。

用户可以利用Omnipeek来查找无线网络中的干扰源，优化无线网络的覆盖范围和性能。

除了上述功能，Omnipeek还具有其他一些特性。

例如，它支持多种操作系统，包括Windows和macOS等。

此外，Omnipeek还提供了直观易用的用户界面，使得用户能够方便地进行网络分析工作。

用户可以通过图形化界面来查看和分析网络数据包，而无需编写复杂的命令。

Omnipeek是一种强大的网络分析工具，它具有全面而强大的功能，可以帮助用户解析网络数据包，识别网络问题，并提供有效的解决方案。

安装Omnipeek无线网卡驱动详情相信大家对Omnipeek并不陌生吧，这是一款优秀网络抓包软件，不仅可以抓取有线网络的数据包，还可以抓取无线网络的数据包。

要想利用此软件抓取无线网络的数据包，除了要依靠无线网卡之外，还要对此无线网卡安装Omnipeek专有的驱动程序。

由于初次接触Omnipeek，对如何安装无线网卡的Omnipeek 驱动还是比较陌生的，结合网上的资料特写此短文，希望同志们少走弯路。

首先进入下边页面查看Omnipeek所支持的无线网卡，需要注意的是并不是所有的无线网卡都支持Omnipeek：/support/downloads/drivers在这里列出了Omnipeek所支持的无线网卡，可以选择与您的网卡相对应的型号，下载相应的驱动。

上图列出了几种常用的无线网卡的型号，如果您的无线网卡和此图的网卡型号一致，那么恭喜您。

如果您的网卡没有在这里面也不要着急，那么我们可以找使用与上面无线网卡相同芯片的网卡。

最常见的无线芯片是Atheros，请在此查询您的网卡是否支持Omnipeek：/customerproducts/de fault.asp我的无线网卡是D-Link公司的DWL-G650,我们来查询一下：Cardbus的意思是笔记本专用无线网卡。

上面列出了支持Omnipeek的D-Link无线网卡列表，包括DWL-G650。

返回此页面，由于列表中没有列出DWL-G650,选择“Other hardware models”,然后进入下载页面。

需要进行注册才可以下载驱动，注册完毕以后需要进行邮箱确认，步骤省略。

下载了驱动以后，接下来就是进行安装了。

在安装之前，首先确保你的无线网卡可用，也就是无线网卡的普通驱动安装正确。

然后进行安装，就可以了。

安装驱动完毕后的状态。

捕捉到的无线数据帧如上所示。

OmniPeek操作使用指导
OmniPeek操作使用指导
从网上下载OmniPeek5.0软件，并按照提示正确安装。

当然并不是OmniPeek支持所有无线网卡，Intel 3945ABG网卡、Netgear ABG511等都支持。

下面我们就开始使用OmniPeek扫描无线网络。

第一步：通过“开始”->“程序”，找到wildpackets OmniPeek启动项，运行该选项开始扫描。

第二步：启动OmniPeek后首先我们选择建立一个新的捕获扫描事件——NEW Capture
第三步：OmniPeek支持有线网卡和无线网卡，我们只需要在捕获选项窗口中的左边选择“Adapter”适配器，然后指定对应的无线网络连接即可针对无线网卡进行扫描。

第四步：设置完毕后点右上角的绿色捕获按钮开始拦截和分析经过无线网卡的数据包，找到对应数据包后将根据时间顺序显示在主窗口中，我们可以看到对应数据包的源MAC地址，目标MAC地址，对应的BSSID信息等。

同样点右上角的红色按钮将停止捕获。

第五步：双击视图中的一个报文，相应的报文内部详细信息就显示出来了。

第六步：点击左边“Capture”下子视图“Filters”，进行过滤操作。

根据需要选择其中的项目，抓包过程中匹配的项目就会被存于抓包缓冲中。

第七步：无线抓包可以进行基于信道、BSSID以及ESSID的选择。

在“Capture Option”
中可以进行项目选择。

OmniPeek使用技巧一直以来无线网络故障的排查和扫描都是比较麻烦的事情，和有线网络不同的是很少有无线网络下专门应用于无线数据包扫描的工具，这直接影响了用户检查网络的效果。

然而现在这个问题已经应刃而解，最近笔者发现了一款不错的扫描软件，他不仅可以扫描有线网络下的数据包信息，还可以针对无线网卡进行监控和扫描。

通过该软件我们就可以更清晰更快捷的定位无线网络故障，根据扫描结果调整自己无线设备的位置和参数信息。

下面就请各位跟随笔者一起从OmniPeek 开始无线扫描吧。

一、OmniPeek能做什么?和其他sniffer工具一样OmniPeek可以针对自己网卡接收和发送的每个数据包进行分析和保存，另外还可以针对一些广播数据包进行分析，结合各种过滤规则可以让我们更清楚的了解当前网络中存在的问题。

当然和其他sniffer工具不同的是OmniPeek可以针对无线网卡进行监控，通过对无线数据包的分析了解无线网络的运行状况，让用户可以清楚的知道无线网络使用的频段，信号强弱，SSID信息等内容。

二、安装OmniPeek软件：笔者以OmniPeek 5.0为例进行介绍，首先我们到https:///evals/eval.php?id=58055386地址下载主程序。

第一步：下载后运行主程序将进行自解压操作，我们指定一个路径点“unzip”解压按钮即可。

第二步：到解压缩目录中找到可执行安装程序，运行后选择第一行的install OmniPeek。

第三步：出现OmniPeek安装向导，我们点“NEXT”按钮继续操作。

第四步：经过注册步骤后同意安装许可协议。

一直以来无线网络故障的排查和扫描都是比较麻烦的事情，和有线网络不同的是很少有无线网络下专门应用于无线数据包扫描的工具，这直接影响了用户检查网络的效果。

然而现在这个问题已经应刃而解，最近笔者发现了一款不错的扫描软件，他不仅可以扫描有线网络下的数据包信息，还可以针对无线网卡进行监控和扫描。

目录1. 目的 (2)2.认证方式 (2)1.WEB用户接入流程 (2)2. PEAP认证流程 (4)3. WEB认证抓包分析 (5)1.关联过程 (5)2.DHCP地址分配过程 (5)3.Portal推出以及WEB认证 (6)1.强制Portal (6)2.认证报文 (6)3下线报文 (7)4.PEAP认证抓包分析 (7)1. 用户关联 (7)2. 认证过程 (7)5.抓包建议 (9)1.过滤 (9)1) 抓包前的过滤 (9)2) 抓包后的过滤 (9)2.Omnipeek使用问题 (9)1.目的802.11协议工作在物理层和数据链路层，为STA和AP之间建立数据连接。

通过使用omnipeek来进行空口抓包能抓取到STA和AP之间802.11报文交互情况，快速的进行故障定位和分析。

本次主要是完成了WEB认证的抓包和PEAP认证的抓包，将两种认证方式的流程中STA 与AP之间数据交互信息进行了抓取分析。

2.认证方式WLAN现网主要的认证方式有1)WEB认证通过强制Portal的方式将用户的http请求重定向到Portal服务器，通过Portal页面上完成认证过程。

2)PEAP(Protected EAP)是EAP认证方法的一种实现方式，网络侧通过用户名/密码对终端进行认证，终端侧通过服务器证书对网络侧进行认证。

用户首次使用PEAP认证时，需输入用户名和密码，后续接入认证无需用户任何手工操作，由终端自动完成。

1.WEB用户接入流程2.PEAP认证流程3.W EB认证抓包分析1.关联过程一个完整的关联过程包括Probe request（探测请求）、Probe response（探测响应）、Authentication（身份验证）、Association request（关联请求）、Association response（关联响应）。

图1、关联过程1)Probe request和Probe response。