如何在python中使用pcap捕获同一wifi中其他人的流量?
[英]How to use pcap in python to capture other's traffic in same wifi?
问题描述
It's the first time I use monitor mode in pcap. 
这是我第一次在pcap中使用监视模式。 I think I start the monitor mode successfully since I can see that there is an "eye" symbol on wifi. 我认为我成功启动了监视模式,因为我可以看到wifi上有一个“眼睛”符号。 However, I still cannot capture packets not sent to me :( I use handle but not sure how it works and how can I capture those packets not sent to me. 但是,我仍然无法捕获未发送给我的数据包:(我使用handle但不确定其工作方式以及如何捕获那些未发送给我的数据包。
2 个解决方案
解决方案1
0 2015-11-13 08:34:53
Generally will the router just send the packets to you which are addressed to you. 通常,路由器只会将发给您的数据包发送给您。 This includes packets to you directly or broadcast messages. 这包括直接发送给您的数据包或广播消息。 The messages sent to other devices in the network are not reaching your machine at all, therefore it's impossible to capture it. 发送到网络中其他设备的消息根本无法到达您的计算机,因此无法捕获它。
If you really have to monitor the whole network traffic you need to get somewhere inbetween the router and the network. 如果确实需要监视整个网络流量,则需要在路由器和网络之间找到某个位置。 Or you could try a man in the middle attack on your wifi. 或者,您可以在wifi上的中间攻击中尝试一个男人。
解决方案2
0 2015-11-22 20:40:13
PCAP will only display traffic sent to you. PCAP将仅显示发送给您的流量。 This is true of any sniffer, the software needs to be able to see the traffic. 对于任何嗅探器都是如此,该软件需要能够看到流量。 In order to see WiFi traffic that is not sent to you, you will need a WiFi adapter that supports monitor mode. 为了查看未发送给您的WiFi流量,您将需要一个支持监视器模式的WiFi适配器。 Approx 90% of WiFi adapters, or more, do not support monitor mode. 大约90%或更多的WiFi适配器不支持显示器模式。 Both the hardware has to be capable to enter the RFMON mode and the driver for the adapter needs to support monitor mode. 两种硬件都必须能够进入RFMON模式,并且适配器的驱动程序需要支持监视模式。 If monitor mode is set up correctly, you will see 802.11 management traffic (beacons, probes, etc). 如果正确设置了监控器模式,您将看到802.11管理流量(信标,探针等)。 I don't think monitor mode will show you actual data traffic but I am not sure and maybe it's only my adapter that doesn't show it. 我认为监控器模式不会显示实际的数据流量,但我不确定,也许只是我的适配器没有显示它。 If you can see data where the source and dest MAC address are not the MAC address of your adapter and not FF:FF:FF:FF:FF:FF (broadcast) than you are using monitor mode. 如果您看到的数据中,源和目标MAC地址不是适配器的MAC地址,而不是正在使用监视方式的FF:FF:FF:FF:FF:FF(广播)。 I don't know which OS you are using and I don't know what handle is (program name?) so I can't help there. 我不知道您使用的是哪个OS,也不知道它的句柄是什么(程序名称?),所以我在这里没有帮助。 I would suggest that you set the adapter into monitor mode and than verify by running wireshark on the device and look at the traffic. 我建议您将适配器设置为监视模式,然后通过在设备上运行wireshark进行验证并查看流量。 If that works you can go back to PCAP and debug from there. 如果可行,您可以返回PCAP并从那里进行调试。
If you are using Linux and your adapter supports monitor mode, you can enable it by running the following commands as root 如果您使用的是Linux,并且您的适配器支持监视器模式,则可以通过以root用户身份运行以下命令来启用它
ip link set wlan0 down iwconfig wlan0 mode monitor ip link set wlan0 promisc on ip link set wlan0 up
Note that if a adapter is in monitor mode, it cannot be connected to a local WiFi network. 请注意,如果适配器处于监视模式,则无法将其连接到本地WiFi网络。 The adapter would need to be in managed mode where the WiFi AP manages what type of data an adapter receives (frequency, channel, etc). 适配器将需要处于托管模式,其中WiFi AP管理适配器接收的数据类型(频率,信道等)。 If you are connected to a local WLAN via the adapter than you are not in monitor mode. 如果您是通过适配器连接到本地WLAN的,则说明您不在监视模式下。
Oh! 哦! I think I remember hearing somewhere that WinPCAP doesn't support monitor mode. 我想我记得在某处听说WinPCAP不支持监视模式。 I don't use Windows so you may want to verify that. 我不使用Windows,所以您可能要验证一下。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.