stackoom
  简体   繁体   中英

How to use pcap in python to capture other's traffic in same wifi?

 原文  2015-11-13 06:04:52       python/ pcap/ packet-capture/ sniffing

Question

It's the first time I use monitor mode in pcap. I think I start the monitor mode successfully since I can see that there is an "eye" symbol on wifi. However, I still cannot capture packets not sent to me :( I use handle but not sure how it works and how can I capture those packets not sent to me.

2 answers

solution1
 0  2015-11-13 08:34:53

Generally will the router just send the packets to you which are addressed to you. This includes packets to you directly or broadcast messages. The messages sent to other devices in the network are not reaching your machine at all, therefore it's impossible to capture it.

If you really have to monitor the whole network traffic you need to get somewhere inbetween the router and the network. Or you could try a man in the middle attack on your wifi.

solution2
 0  2015-11-22 20:40:13

PCAP will only display traffic sent to you. This is true of any sniffer, the software needs to be able to see the traffic. In order to see WiFi traffic that is not sent to you, you will need a WiFi adapter that supports monitor mode. Approx 90% of WiFi adapters, or more, do not support monitor mode. Both the hardware has to be capable to enter the RFMON mode and the driver for the adapter needs to support monitor mode. If monitor mode is set up correctly, you will see 802.11 management traffic (beacons, probes, etc). I don't think monitor mode will show you actual data traffic but I am not sure and maybe it's only my adapter that doesn't show it. If you can see data where the source and dest MAC address are not the MAC address of your adapter and not FF:FF:FF:FF:FF:FF (broadcast) than you are using monitor mode. I don't know which OS you are using and I don't know what handle is (program name?) so I can't help there. I would suggest that you set the adapter into monitor mode and than verify by running wireshark on the device and look at the traffic. If that works you can go back to PCAP and debug from there.

If you are using Linux and your adapter supports monitor mode, you can enable it by running the following commands as root

ip link set wlan0 down iwconfig wlan0 mode monitor ip link set wlan0 promisc on ip link set wlan0 up

Note that if a adapter is in monitor mode, it cannot be connected to a local WiFi network. The adapter would need to be in managed mode where the WiFi AP manages what type of data an adapter receives (frequency, channel, etc). If you are connected to a local WLAN via the adapter than you are not in monitor mode.

Oh! I think I remember hearing somewhere that WinPCAP doesn't support monitor mode. I don't use Windows so you may want to verify that.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to capture traffic in python How to capture the traffic of an Android device in Python? How to capture python https traffic in fiddler? Parsing SSL traffic in .pcap file using Python Not a pcap capture file (bad magic) - scapy python How to track other people's website traffic How to capture network traffic using selenium webdriver and browsermob proxy on Python? How to capture network traffic with selenium How to use kafka-python to send customized payload? (between two ubuntu machines under same WIFI network) How to generate a Pcap traffic from Text file with the help of Scapy
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM