请问ESP32-C5手动构造发送5G的Probe request报文,实际无法抓到对应报文

Post Reply
JialingChen
Posts: 1
Joined: Tue Jan 07, 2025 1:53 am

请问ESP32-C5手动构造发送5G的Probe request报文,实际无法抓到对应报文

Postby JialingChen » Tue Jan 07, 2025 2:03 am

Code: [Select all] [Expand/Collapse]
  1. /* WiFi station Example
  2.  
  3.    This example code is in the Public Domain (or CC0 licensed, at your option.)
  4.  
  5.    Unless required by applicable law or agreed to in writing, this
  6.    software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
  7.    CONDITIONS OF ANY KIND, either express or implied.
  8. */
  9. #include <string.h>
  10. #include "freertos/FreeRTOS.h"
  11. #include "freertos/task.h"
  12. #include "freertos/event_groups.h"
  13. #include "esp_system.h"
  14. #include "esp_wifi.h"
  15. #include "esp_event.h"
  16. #include "esp_log.h"
  17. #include "nvs_flash.h"
  18.  
  19. #include "lwip/err.h"
  20. #include "lwip/sys.h"
  21.  
  22. #define SCAN_CHANNEL_1    1
  23. #define SCAN_CHANNEL_13   13
  24. #define SCAN_CHANNEL_36   36    // 5G信道
  25. #define SCAN_CHANNEL_48   48    // 5G信道
  26. #define PROBE_COUNT       3        
  27. #define SCAN_INTERVAL_MS  5000    
  28. #define PROBE_REQ_HEAD_LEN 24
  29. #define SSID_IE_LEN 2
  30. #define SUPPORTED_RATES_LEN 8
  31. #define DS_PARAM_LEN 3
  32. #define FRAME_CONTROL_PROBE_REQ 0x0040  // 正确的 Probe Request 帧控制值
  33.  
  34. static const char *TAG = "wifi station";
  35.  
  36. static void send_probe_req_task(void *pvParameters)
  37. {
  38.     uint8_t probe_req_frame_2g[200] = {0};
  39.     uint8_t probe_req_frame_5g[200] = {0};
  40.     int cur_len_2g = 0;
  41.     int cur_len_5g = 0;
  42.  
  43.     // 构造2.4G probe request基本帧
  44.     // Frame Control
  45.     probe_req_frame_2g[cur_len_2g++] = 0x40; // 帧控制字段
  46.     probe_req_frame_2g[cur_len_2g++] = 0x00;
  47.     // Duration
  48.     probe_req_frame_2g[cur_len_2g++] = 0x00;
  49.     probe_req_frame_2g[cur_len_2g++] = 0x00;
  50.     // Destination Address (broadcast)
  51.     memset(&probe_req_frame_2g[cur_len_2g], 0xFF, 6);
  52.     cur_len_2g += 6;
  53.     // Source Address
  54.     uint8_t mac_addr[6];
  55.     esp_wifi_get_mac(WIFI_IF_STA, mac_addr);
  56.     memcpy(&probe_req_frame_2g[cur_len_2g], mac_addr, 6);
  57.     cur_len_2g += 6;
  58.     // BSSID
  59.     memset(&probe_req_frame_2g[cur_len_2g], 0xFF, 6);
  60.     cur_len_2g += 6;
  61.     // Sequence Control
  62.     probe_req_frame_2g[cur_len_2g++] = 0x00;
  63.     probe_req_frame_2g[cur_len_2g++] = 0x00;
  64.  
  65.     // 2.4G SSID
  66.     probe_req_frame_2g[cur_len_2g++] = 0x00;
  67.     probe_req_frame_2g[cur_len_2g++] = 0x00;
  68.  
  69.     // 2.4G Supported rates
  70.     probe_req_frame_2g[cur_len_2g++] = 0x01;
  71.     probe_req_frame_2g[cur_len_2g++] = 0x04;
  72.     probe_req_frame_2g[cur_len_2g++] = 0x82; // 1 Mbps
  73.     probe_req_frame_2g[cur_len_2g++] = 0x84; // 2 Mbps
  74.     probe_req_frame_2g[cur_len_2g++] = 0x8B; // 5.5 Mbps
  75.     probe_req_frame_2g[cur_len_2g++] = 0x96; // 11 Mbps
  76.  
  77.     int total_len_2g = cur_len_2g;
  78.  
  79.     // Frame Control
  80.     probe_req_frame_5g[cur_len_5g++] = 0x40; // 帧控制字段
  81.     probe_req_frame_5g[cur_len_5g++] = 0x00;
  82.     // Duration
  83.     probe_req_frame_5g[cur_len_5g++] = 0x00;
  84.     probe_req_frame_5g[cur_len_5g++] = 0x00;
  85.     // Destination Address (broadcast)
  86.     memset(&probe_req_frame_5g[cur_len_5g], 0xFF, 6);
  87.     cur_len_5g += 6;
  88.     memcpy(&probe_req_frame_5g[cur_len_5g], mac_addr, 6);
  89.     cur_len_5g += 6;
  90.     // BSSID (broadcast)
  91.     memset(&probe_req_frame_5g[cur_len_5g], 0xFF, 6);
  92.     cur_len_5g += 6;
  93.     // Sequence Control
  94.     probe_req_frame_5g[cur_len_5g++] = 0x00;
  95.     probe_req_frame_5g[cur_len_5g++] = 0x00;
  96.  
  97.     // SSID
  98.     probe_req_frame_5g[cur_len_5g++] = 0x00; // Element ID: SSID
  99.     probe_req_frame_5g[cur_len_5g++] = 0x00; // Length: 0 (Broadcast)
  100.  
  101.     // Supported Rates (5G基本速率)
  102.     probe_req_frame_5g[cur_len_5g++] = 0x01; // Element ID: Supported Rates
  103.     probe_req_frame_5g[cur_len_5g++] = 0x08; // Length
  104.     probe_req_frame_5g[cur_len_5g++] = 0x0C; // 6 Mbps
  105.     probe_req_frame_5g[cur_len_5g++] = 0x18; // 9 Mbps
  106.     probe_req_frame_5g[cur_len_5g++] = 0x30; // 12 Mbps
  107.     probe_req_frame_5g[cur_len_5g++] = 0x60; // 18 Mbps
  108.     probe_req_frame_5g[cur_len_5g++] = 0x6c; // 24 Mbps
  109.     probe_req_frame_5g[cur_len_5g++] = 0x12; // 36 Mbps
  110.     probe_req_frame_5g[cur_len_5g++] = 0x24; // 48 Mbps
  111.     probe_req_frame_5g[cur_len_5g++] = 0x48; // 54 Mbps
  112.  
  113.  
  114.     int total_len_5g = cur_len_5g;
  115.  
  116.     while (1) {
  117.         // 2.4G 信道1发送
  118.         ESP_ERROR_CHECK(esp_wifi_set_channel(SCAN_CHANNEL_1, WIFI_SECOND_CHAN_NONE));
  119.         vTaskDelay(pdMS_TO_TICKS(20));
  120.        
  121.         for (int i = 0; i < PROBE_COUNT; i++) {
  122.             esp_err_t err = esp_wifi_80211_tx(WIFI_IF_STA, probe_req_frame_2g, total_len_2g, false);
  123.             if (err == ESP_OK) {
  124.                 ESP_LOGI(TAG, "Successfully sent 2.4G probe request %d/%d on channel 1", i + 1, PROBE_COUNT);
  125.             }
  126.             vTaskDelay(pdMS_TO_TICKS(100));
  127.         }
  128.  
  129.         // 5G 信道36发送
  130.         ESP_ERROR_CHECK(esp_wifi_set_channel(SCAN_CHANNEL_36, WIFI_SECOND_CHAN_NONE));
  131.         vTaskDelay(pdMS_TO_TICKS(20));
  132.         uint8_t primary;
  133.         wifi_second_chan_t second;
  134.         ESP_ERROR_CHECK(esp_wifi_get_channel(&primary, &second));
  135.         ESP_LOGI(TAG, "Current channel: primary=%d, secondary=%d", primary, second);
  136.        
  137.         for (int i = 0; i < PROBE_COUNT; i++) {
  138.             esp_err_t err = esp_wifi_80211_tx(WIFI_IF_STA, probe_req_frame_5g, total_len_5g, false);
  139.             if (err == ESP_OK) {
  140.                 ESP_LOGI(TAG, "Successfully sent 5G probe request %d/%d on channel 36", i + 1, PROBE_COUNT);
  141.             }
  142.             vTaskDelay(pdMS_TO_TICKS(100));
  143.         }
  144.  
  145.         // ... 其他信道的发送逻辑类似 ...
  146.  
  147.         vTaskDelay(pdMS_TO_TICKS(SCAN_INTERVAL_MS));
  148.     }
  149. }
  150.  
  151. static void wifi_init_sta(void)
  152. {
  153.     ESP_ERROR_CHECK(esp_netif_init());
  154.     ESP_ERROR_CHECK(esp_event_loop_create_default());
  155.     esp_netif_t *sta_netif = esp_netif_create_default_wifi_sta();
  156.     assert(sta_netif);
  157.  
  158.     wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
  159.     ESP_ERROR_CHECK(esp_wifi_init(&cfg));
  160.    
  161.  
  162.     // 简化 WiFi 配置
  163.     wifi_config_t wifi_config = {
  164.         .sta = {
  165.             .scan_method = WIFI_FAST_SCAN,
  166.             .bssid_set = 0,
  167.             .listen_interval = 0,
  168.         },
  169.     };
  170.     ESP_ERROR_CHECK(esp_wifi_set_config(WIFI_IF_STA, &wifi_config));
  171.    
  172.     // 设置 WiFi 模式并启动
  173.     ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA));
  174.     ESP_ERROR_CHECK(esp_wifi_start());
  175.    
  176.     // 禁用省电模式
  177.     ESP_ERROR_CHECK(esp_wifi_set_ps(WIFI_PS_NONE));
  178.    
  179.     // 确保监控模式正确设置
  180.     wifi_promiscuous_filter_t filter = {
  181.         .filter_mask = WIFI_PROMIS_FILTER_MASK_MGMT  // 只过滤管理帧
  182.     };
  183.     ESP_ERROR_CHECK(esp_wifi_set_promiscuous_filter(&filter));
  184.     ESP_ERROR_CHECK(esp_wifi_set_promiscuous(true));  // 启用混杂模式
  185.    
  186.     // 设置发送功率
  187.     int8_t power = 8;  // 设置适中的发送功率
  188.     ESP_ERROR_CHECK(esp_wifi_set_max_tx_power(power));
  189.    
  190.     // // 确保在信道 1
  191.     // ESP_ERROR_CHECK(esp_wifi_set_channel(SCAN_CHANNEL_1, WIFI_SECOND_CHAN_NONE));
  192.    
  193.     // 查看当前WiFi频段模式
  194.     wifi_band_mode_t mode;
  195.     ESP_ERROR_CHECK(esp_wifi_get_band_mode(&mode));
  196.     ESP_LOGI(TAG, "Current WiFi band mode: %d", mode);
  197.  
  198.     // 如果需要指定频段,可以这样设置:
  199.     // ESP_ERROR_CHECK(esp_wifi_set_band_mode(WIFI_BAND_MODE_2G));  // 仅2.4G
  200.     // ESP_ERROR_CHECK(esp_wifi_set_band_mode(WIFI_BAND_MODE_5G));  // 仅5G
  201.     // ESP_ERROR_CHECK(esp_wifi_set_band_mode(WIFI_BAND_MODE_AUTO)); // 自动(默认)
  202.    
  203.     // 创建发送任务
  204.     xTaskCreate(send_probe_req_task, "probe_req_task", 4096, NULL, 5, NULL);
  205. }
  206.  
  207. void app_main(void)
  208. {
  209.     //Initialize NVS
  210.     esp_err_t ret = nvs_flash_init();
  211.     if (ret == ESP_ERR_NVS_NO_FREE_PAGES || ret == ESP_ERR_NVS_NEW_VERSION_FOUND) {
  212.       ESP_ERROR_CHECK(nvs_flash_erase());
  213.       ret = nvs_flash_init();
  214.     }
  215.     ESP_ERROR_CHECK(ret);
  216.  
  217.     ESP_LOGI(TAG, "ESP_WIFI_MODE_STA");
  218.     wifi_init_sta();
  219. }
GeSHi © Codebox Plus Extension

如上是程序源代码,其中2G的报文能够正常抓取到,5G的报文无法正常抓取。5G的probe request报文是根据芯片自身扫描行为发送的报文构造的相同报文。
ESP-IDF版本为v5.4.0
Top
Post Reply

Return to “ESP-IDF 中文讨论版”

Who is online

Users browsing this forum: No registered users and 74 guests