stackoom
  简体   繁体   中英

Sniffing ethernet packets in monitor mode in python without a third party library?

 原文  2014-10-01 06:59:32       python/ networking/ sniffing

Question

I am able to sniff packets in promiscuous mode in python, whilst connected to my wireless network with the below code. I have thoroughly tested this and know this works. I am seeing normal packets across my network: 

rawSocket = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(0x0003))
packet = rawSocket.recvfrom(2048)
ethernet_header = packet[0][0:14]
ethernet_detailed = unpack("!6s6s2s", ethernet_header)
print ethernet_detailed

However I want to take it a step further and attempt this with my wifi card in monitor mode, while not connected to any network. I know my card supports Monitor mode as its an alfa AWUS066NH. I use the below code to put py card in monitor mode. 

    os.system('ifconfig %s down' % interface)
    os.system('iwconfig %s mode monitor' % interface)
    os.system('ifconfig %s up' % interface)

However now when I run the same code above, that was used in promiscous mode and I only get a single packet who's ethernet_header looks like this ('\\x00\\x00\\x12\\x00.H', '\\x00\\x00\\x00\\x02l\\t', '\\xc0\\x00')

Why do I no longer see any packets other than the one described? Also how should I be sniffing in monitor mode? I would like to do this without a 3rd party, but will do so if I must.

2 answers

solution1
 2  2015-02-12 05:59:34

Since you put your card in monitor mode, you are now looking at 802.11 frames (beacons, probe requests/responses, etc).

What you are seeing in your 0:14 range of bytes is part of the Radio Tap Header that your card prepends to the data captured. The third byte indicates the Radio Tap Header length of 0x12 (18 bytes). Radio Tap Headers are not always 0x12 so 802.11 data begins at the value of the third byte + 1.

solution2
 0  2015-01-11 10:38:29

There was an extra lenth in 

ethernet_header = packet[0][0:14]

which is not required 

rawSocket = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(0x0003))
packet = rawSocket.recvfrom(2048)
ethernet_header = packet[0:14]
ethernet_detailed = unpack("!6s6s2s", ethernet_header)
print ethernet_detailed

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question sniffing network packets using python Python Raw Sockets (Windows): Sniffing Ethernet Frames Add methods to a third party library class in Python Calling Third Party Library in Python / Kivy How to use third party library in Python? Python: How to use a third-party library Python module imports of copied in third party library Python arp sniffing raw socket no reply packets Sniffing received HTTP post packets with python Python: include a third party library in a personal Python package
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM