I am writing a simple WiFi sniffer with scapy:
from scapy.all import *
ap_list = []
def ssid(pkt):
print(pkt.show())
if pkt.haslayer(Dot11):
if pkt.type == 0 and pkt.subtype == 8:
if pkt.addr2 not in ap_list:
ap_list.append(pkt.addr2)
print("AP: %s SSID: %s" % (pkt.addr2, pkt.info))
sniff(iface='en0', prn=ssid)
Where en0 is wi-fi interface.
My aim is to see the RSSI, noise, SSID for the wireless access points. When I run this script (from sudo or not), while I am connected to some wi-fi - there are many packets captured (no one is Beacon). WireShark shows RadioTap Headers in Monitor mode (airport en0 sniff 1) on my Mac (El Capitan), this script however, produces no output in monitor mode.
Could someone please help me understand what is going wrong here? TIA :)
This is a Mac specific issue. You indeed are correct, you want to be capturing Beacon frames for this type of data. The issue here is that once the airport command finishes running, your interface is returned back to it's standard managed mode, so when you run your scapy script your wifi interface is not in monitor mode. To my knowledge, Mac does not have a native command that will turn on, and leave a card in monitor mode.
Related
I am trying to write a Python-based CDP client, similar to WinCDP for those familiar. For the purposes of troubleshooting compilation I have a significantly shortened version:
# Suppress Scapy IPv6 warning
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
import re from scapy.all import *
load_contrib("cdp") class main:
def __init__(self):
self.filter = "ether host 01:00:0c:cc:cc:cc"
self.interfaces = str(ifaces)
print(self.interfaces)
try:
self.p = sniff(count=1,iface='Intel(R) 82578DM Gigabit Network Connection',filter=self.filter,timeout=60)
except:
print('OUCH! Something went wrong.')
else:
print('Finished processing...')
print("DeviceID: {}".format(self.p[0].payload["CDPMsgDeviceID"].val.decode('utf-8')))
print("PortID: {}".format(self.p[0].payload["CDPMsgPortID"].iface.decode('utf-8')))
print("NativeVLAN: {}".format(self.p[0].payload["CDPMsgNativeVLAN"].vlan))
print("IPv4addr: {}".format(self.p[0].payload["CDPAddrRecordIPv4"].addr))
print("Model: {}".format(self.p[0].payload["CDPMsgPlatform"].val.decode('utf-8')))
print("Duplex: {}".format(self.p[0].payload["CDPMsgDuplex"].duplex))
print("VTP Domain: {}".format(self.p[0].payload["CDPMsgVTPMgmtDomain"].val.decode('utf-8')))
if __name__ == "__main__": main()
On all versions of Python I've tried this produces results similar to the following:
INDEX IFACE IP MAC
10 Hyper-V Virtual Ethernet Adapter 172.31.253.241 78:15:27:01:22:F1
11 Intel(R) 82578DM Gigabit Network Connection 10.X.Y.Z 78:2B:CB:00:11:22
21 Hyper-V Virtual Ethernet Adapter #2 10.0.75.1 00:15:5D:CD:BE:03
26 Npcap Loopback Adapter 127.0.0.1 00:00:00:00:00:00
4 VirtualBox Host-Only Ethernet Adapter #2 192.168.56.1 0A:00:27:00:00:04
9 NETGEAR WNA3100M N300 Wireless Mini USB Adapter 2C:B0:5D:00:11:22
Finished processing...
DeviceID: switch01
PortID: GigabitEthernet5/0/29
NativeVLAN: 120
IPv4addr: 10.X.Y.Z
Model: cisco WS-C2960X-48FPD-L
Duplex: 1
VTP Domain: XYZ
I have managed to get the script to compile and it will run with the following:
pyinstaller -F cdpscript.py --hidden-import=queue
But, when the executable is run the output is:
INDEX IFACE IP MAC
OUCH! Something went wrong.
Which leads me to believe that enough of Scapy is running to print the headers of the ifaces command, but nothing else works. This was done on Python 3.6.6 as the Pyinstaller documentation indicates this is the most recent version supported, with Scapy 2.4.0 and PyInstaller 3.3.1.
I'm hoping to be able to give my techs an executable on a USB drive they can run and get CDP information without having to install anything locally, similarly to how we had been using WinCDP. Except, WinCDP has not been playing well with Windows 10 lately. I am hoping to create our own version so we can do fancier stuff like stick information in a database to track our machines. At any rate, none of this fun can happen if I can't get the script to compile into a working exe. Also, does anyone familiar with Scapy know if NPcap is going to have to be installed on the target machines? Any help would be greatly appreciated.
I've a device which is supposed to send data via a usb connection. When I connect my laptop via usb to this device and open a terminal I get sone weird characters and are printed as a command line. However I haven't configured anything.
If I try to connect to the device via serial port initializing it I cannot know which port is? Plugging ang unplugging the device shows no difference in the result of:
>ls /dev/*
Which seems the device is not detected, but as I said in the command promp or even if I use any other application, it is as if I was writing, but random characters
Does anyone k ow why does it happen?
How can I set communication characteristics to be able to connect to the device at a certain baud-rate?
The idea is to get data via Python.
Lots of thanks ;)
It's the first time I use monitor mode in pcap. I think I start the monitor mode successfully since I can see that there is an "eye" symbol on wifi.
However, I still cannot capture packets not sent to me :(
I use handle but not sure how it works and how can I capture those packets not sent to me.
Generally will the router just send the packets to you which are addressed to you. This includes packets to you directly or broadcast messages. The messages sent to other devices in the network are not reaching your machine at all, therefore it's impossible to capture it.
If you really have to monitor the whole network traffic you need to get somewhere inbetween the router and the network. Or you could try a man in the middle attack on your wifi.
PCAP will only display traffic sent to you. This is true of any sniffer, the software needs to be able to see the traffic. In order to see WiFi traffic that is not sent to you, you will need a WiFi adapter that supports monitor mode. Approx 90% of WiFi adapters, or more, do not support monitor mode. Both the hardware has to be capable to enter the RFMON mode and the driver for the adapter needs to support monitor mode. If monitor mode is set up correctly, you will see 802.11 management traffic (beacons, probes, etc). I don't think monitor mode will show you actual data traffic but I am not sure and maybe it's only my adapter that doesn't show it. If you can see data where the source and dest MAC address are not the MAC address of your adapter and not FF:FF:FF:FF:FF:FF (broadcast) than you are using monitor mode. I don't know which OS you are using and I don't know what handle is (program name?) so I can't help there. I would suggest that you set the adapter into monitor mode and than verify by running wireshark on the device and look at the traffic. If that works you can go back to PCAP and debug from there.
If you are using Linux and your adapter supports monitor mode, you can enable it by running the following commands as root
ip link set wlan0 down
iwconfig wlan0 mode monitor
ip link set wlan0 promisc on
ip link set wlan0 up
Note that if a adapter is in monitor mode, it cannot be connected to a local WiFi network. The adapter would need to be in managed mode where the WiFi AP manages what type of data an adapter receives (frequency, channel, etc). If you are connected to a local WLAN via the adapter than you are not in monitor mode.
Oh! I think I remember hearing somewhere that WinPCAP doesn't support monitor mode. I don't use Windows so you may want to verify that.
I am using a telit he910g card. it is connected to my PC directly using a miniPCI slot.
I am using it for 3G internet connection and A-GPS/GPS services.
My system is running linux mint 17.1, the 3G connection is handled using the network manager APP and works great. The 3G connection is started and handled using a module that is part of a program I am writing.
The code I am using in order to connect to the serial port is this:
def _connect_to_device(self):
""" Connect to a serial port """
try:
self._device = serial.Serial(self._filename, baudrate=self._baud_rate)
except StandardError, e:
raise StandardError("Couldn't connect to GPS device. Error: %s" % str(e))
When I use the python program alone it works great. But when I try and use it while the 3G is on i cant connect to the serial device. The wierd thing is that if I try to connect to it using a program like "minicom" while 3G is turned on it DOES work.
So my question is: how can I make both run and work together? since now they are mutually exclusive.
thanks to all who help. :)
Glad you found a way round your problem. Just for completeness:
Normally, serial ports can be opened by multiple processes.
If one of them does ioctl(,TIOCEXCL) on the open file then further opens will return EBUSY until everyone closes the device. Only root can get past this and open the device at all times.
If root opens the device and does an ioctl(,TIOCNXCL), then other processes can open the device too.
In python, TIOCNXCL isnt defined anywhere, but you can do the ioctl (eg on stdin) with:
import fcntl
TIOCEXCL = 0x540c # from /usr/lib64/perl5/asm-generic/ioctls.ph
TIOCNXCL = 0x540d
print fcntl.ioctl(0, TIOCNXCL)
Ok, so it is solved.
the issue was that the telit module has 2 ports /dev/ttyACM0 (high speed) and /dev/ttyACM3 (lower speed).
I tried to connect to the high speed one, but apparently the 3G uses that one and it causes contentions.
So moving to use the lower speed port in my script solved the issue.
I am writing as application to Switch On Systems on Network using WakeOnLan feature.
I googled and able to get the code from here. My code looks like below.
I have forwarded port 9 in my router also.
I have Enabled Wake On Lan Options for the network Card from Power Management. I followed instructions from here
I have installed Wake on Lan Monitor/Sniffer from here to check if i am able to receive magic Packet to wakeup. And the system is receiving magic packets. When i shutdown and run WOL python script from another system (Laptop) on same network, My system doesn't power on.
Can anyone suggest me solution.
My systems are
Desktop with Win 8.1 which need to be wake On Lan.
Laptop with Win 8 which need to run application and send magic packet to desktop.
My LAN IPs range from 172.16.0.1 and so on, so used 172.16.255.255 as broadcast address.
import sys, struct, socket
# Configuration variables
broadcast = ['172.16.255.255']
wol_port = 9
known_computers = {
'mercury' : '00:1C:55:35:12:BF',
'venus' : '00:1d:39:55:5c:df',
'earth' : '00:10:60:15:97:fb',
'mars' : '00:10:DC:34:B2:87',
}
def WakeOnLan(ethernet_address):
# Construct 6 byte hardware address
add_oct = ethernet_address.split(':')
if len(add_oct) != 6:
print "\n*** Illegal MAC address\n"
print "MAC should be written as 00:11:22:33:44:55\n"
return
hwa = struct.pack('BBBBBB', int(add_oct[0],16),
int(add_oct[1],16),
int(add_oct[2],16),
int(add_oct[3],16),
int(add_oct[4],16),
int(add_oct[5],16))
# Build magic packet
msg = '\xff' * 6 + hwa * 16
# Send packet to broadcast address using UDP port 9
soc = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
soc.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST,1)
for i in broadcast:
soc.sendto(msg,(i,wol_port))
soc.close()
def wol(*macs):
if len(macs) == 0:
print "\n*** No computer given to power up\n"
print "Use: 'wol computername' or 'wol 00:11:22:33:44:55'"
else:
for i in macs:
if i[0] != '/':
if ":" in i:
# Wake up using MAC address
WakeOnLan(i)
else:
# Wake up known computers
if i in known_computers:
WakeOnLan(known_computers[i])
else:
print "\n*** Unknown computer " + i + "\n"
quit()
if len(macs) == 2:
print "\nDone! The computer should be up and running in a short while."
else:
print "\nDone! The computers should be up and running in a short while."
print
wol('My System MAC address')
You need to check whether the system reacts to getting the WOL-packets, not only that it's able to receive it (i.e. actually wakes up). If not you need to turn that on either trough special software or in the BIOS-settings of your computer.
I also have the experience that on most laptops you need to have the power plugged in, and also have the ethernet cable having been plugged in the computer before you turn it off to work properly.
To test if it works on your computer, download an existing software for sending WOL Magic Packets and make sure that works before you make an assumption that it's something wrong in your code.
In Linux (debian based example) all you need to do is:
sudo apt-get install etherwake
and then do
wakeonlan MAC-ADDRESS
I know this thread is old, but did you manage to make it work?
First of all, I see you were using Win8.1
According to wikipedia:
"The ability to wake from a hybrid shutdown state (S4) or a fully
powered off state (S5) is unsupported in Windows 8 and above,[20][21]
and Windows Server 2012 and above.[22] This is because of a change in
the OS behavior which causes network adapters to be explicitly not
armed for WOL when shutdown to these states occurs. WOL from a sleep
state (S3) or non-hybrid hibernation state (S4) is supported."
So I'd suggest to try with a different machine/OS, and make sure the WoL option is enabled in the BIOS.
Edit: I've just made a small python app and it works wether I use the '!' operator or not. Therefore, I'm not sure about the following lines:
Also, I see you were using the default byte order in your pack:
struct.pack('BBBBBB',
Aren't you supposed to use the '>' or '!' (big-endian / network) operator?
e.g.
struct.pack('!BBBBBB',
I'm afraid if you don't use the big-endian operator, it will default to your system way of encoding, and on Intel machines it will be the little-endian encoding scheme.
So you're sending your bytes in the wrong order.
https://docs.python.org/3.0/library/struct.html
https://en.wikipedia.org/wiki/Endianness
I use wireshark to trace my WOL packet
I tested my code and it works.
for the wol in windows 8 + you have to uncheck the fast booting
(like i said before)
if you want to acces the remote pc for shutting down or check logged in status
or to logon
you need to add something into the regestry off the remote pc
see this picture to see where to add in regestry
(also) like i said before :)
if you don't do that, you cannot have remote acces (acces denied (5))
you can check it with cmd send a shutdown -s -m \ipadressOfTheRemotePC
i just created some massive software to wake up the other pc
check logged in or not and if its not it will do it for you if 1 of both are logged in.
The code i used for my wol packet is :
see this picture of my code