Scapy/Conversations: Difference between revisions
From charlesreid1
| Line 42: | Line 42: | ||
Further parsing could be done to identify packets that are beacons from access points, to determine which MAC addresses are access points. | Further parsing could be done to identify packets that are beacons from access points, to determine which MAC addresses are access points. | ||
{{ScapyFlag}} | {{ScapyFlag}} | ||
Revision as of 04:39, 27 January 2016
Conversations
Components
To analyze a wireless conversation, you need to be able to parse a few different pieces of information.
First is the source address. This will be a MAC address - you will not get an IP address unless you're on the same network and there is some kind of name resolution service available to turn a MAC address (Layer 2) into an IP address (Layer 3).
Show the Packet
Here is a dead-simple three-line script to show the full contents of the 120th packet:
from scapy.all import *
plist = rdpcap("airportSniffNERR6R.cap")
plist[120].show()
Getting Source/Destination Address
A simple script to pull out the source and destination of each packet using scapy is given below:
from scapy.all import *
plist = rdpcap("airportSniffNERR6R.cap")
getsrcdst = lambda x:(x.addr1, x.addr2, x.addr3)
for p in plist:
try:
c = getsrcdst(p)
print c
except AttributeError:
pass
This script reads a relatively small pcap file and prints out the addr1, addr2, and addr3 fields for each packet. This can be used to build a list of MAC addresses.
Further parsing could be done to identify packets that are beacons from access points, to determine which MAC addresses are access points.
 |
scapy a Python library for interfacing with network devices and analyzing packets from Python.
Building Wireless Utilities: Scapy/Airodump Clone · Scapy/AP Scanner Analyzing Conversations: Scapy/Conversations Database: Scapy/Wifi Database Category:Scapy · Category:Python · Category:Networking
|