Python Packet Sniffing / Packet Capture - pcapy not capturing packets

Question

I have my wireless interface in monitor mode, and I'm able to successfully sniff network packets and analyze them with Wireshark. I've been trying to implement something similar with pcapy and impacket . It looks as if pcapy is not capturing the same packets that Wireshark is. I'm currently running on Mac OS X 10.9 w/ a 2012 Macbook Pro, but noticed the same behavior on Ubuntu with the TP-LINK TL-WN722N wireless usb adapter.

Here's an example of a script I've written that is clearly not working. I'm picking up no Probe Requests with pcapy , even though I see them in Wireshark.

import pcapy
import impacket

DECODER = impacket.ImpactDecoder.RadioTapDecoder()


def packet_handler(header, data):
   radio_packet = DECODER.decode(data)
   dot11 = radio_packet.child()
   if dot11.get_subtype() == impacket.dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_PROBE_REQUEST:
       management_base = dot11.child()
       if management_base.__class__ == impacket.dot11.Dot11ManagementFrame:
           print management_base.get_source_address(), management_base.get_destination_address()


p = pcapy.open_live("your_interface_here", 2000, 0, 1000)
p.loop(-1, packet_handler)

In this example, en1 is in monitor mode. This works fine using a pcap file generated from Wireshark, simply changing open_live to open_offline :

p = open_offline('path_to_file')

Am I not setting up pcapy correctly?

Answer 1

If you capture some packets but not all of the packets you see in Wireshark, try to enable promiscuous mode (should capture everything, even packets with bad checksums):

1) Setup promiscuous mode for pcapy

promiscuous = True
p = pcapy.open_live("your_interface_here", 2000, promiscuous, 1000)

2) Setup promiscuous mode for your interface. Not sure how to do it on Mac, on Linux it's:

os.system('sudo ifconfig eth0 promisc')

then shut down and shut up your interface.

Had the same problems with pcapy and copper Ethernet. The tricks above have solved the issue for me.