有没有办法从PcapNG跟踪文件中提取WiFi协议类型？

如果捕获数据包的接口的链路层报头类型是LINKTYPE_IEEE802_11，不，您无法获取协议变体。

If the link-layer header type for the interface on which the packet was captured is LINKTYPE_IEEE802_11, no, you can't get the protocol variant.

如果链路层报头类型对于在其上捕获数据包的接口是LINKTYPE_IEEE802_11_RADIOTAP（是的，是正确的名字； wiretap.org pcap-NG规范中的链接层标题类型列表已过期，最新列表为 tcpdump.org链接层标头类型页面），然后该数据包以 radiotap标头开头提供有关该数据包的各种元数据。

If the link-layer header type for the interface on which the packet was captured is LINKTYPE_IEEE802_11_RADIOTAP (yes, that's the correct name; the list of link-layer header types in the wiretap.org pcap-NG spec is out of date, the up-to-date list is the tcpdump.org Link-Layer Header Types page), then the packet begins with a radiotap header giving various meta-data about the packet.

如果radiotap标头包含 Channel 字段，然后从那里的信息中确定有关协议变体的一些信息：

If the radiotap header includes the Channel field, then, from the information there, you can determine some information about the protocol variant:

• 5 GHz频谱信道 + OFDM信道 = 802.11a；


• 2 GHz频谱信道 + CCK信道 = 802.11b;


• 2 GHz频谱信道 + OFDM信道 = 802.11g；


• 2 GHz频谱信道 +动态CCK-OFDM信道 = 802.11g；

• "5 GHz spectrum channel" + "OFDM channel" = 802.11a;
• "2 GHz spectrum channel" + "CCK channel" = 802.11b;
• "2 GHz spectrum channel" + "OFDM channel" = 802.11g;
• "2 GHz spectrum channel" + "Dynamic CCK-OFDM channel" = 802.11g;

（两种802.11g版本之间的差异表明在同一信道上也可能是802.11b流量-这就是动态CCK-OFDM信道所指示的含义。）

(the difference between the two flavors of 802.11g indicates whether there might also be 802.11b traffic on the same channel - that's what the "Dynamic CCK-OFDM channel" indicates).

但是存在 MCS 字段，它是802.11n，不是其他任何类型，如果存在 VHT 字段，它是802.11ac。

However, if the MCS field is present, it's 802.11n, not any of those other types, and if the VHT field is present, it's 802.11ac.

也可能有一个 XChannel 字段，可以用类似的方式解释到通道字段，尽管它也包含802.11n的一些信息。

There might also be an XChannel field, which can be interpreted similarly to the Channel field, although it also contains some information for 802.11n.