Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Re: Net::Pcap with wireless

by traveler (Parson)
on Sep 13, 2009 at 16:27 UTC ( #795002=note: print w/ replies, xml ) Need Help??


in reply to Net::Pcap with wireless

Also, ensure that your version of Net::Pcap and the libpcap it is using are current enough to support wireless capture. The MAC frame for wireless (which is CSMA/CA) is not the same as that for Ethernet (which is CSMA/CD). Older versions of libpcap do not support wireless frames. I do not know whether or not any versions of Net::Pcap support capturing wireless frames, or whether they only support accessing the pseudo-Ethernet version.


Comment on Re: Net::Pcap with wireless
Re^2: Net::Pcap with wireless
by trevelyn (Novice) on Sep 13, 2009 at 17:10 UTC
    First of all, I need to tell you guys, that this webiste is amazing! <33 Thank you guys for all the great advice. I was using die, but must have lost it somewhere when using CTRL+K in nano. I was afraid that Net::Pcap was unable to sniff wireless packets in the first place, but I got it to. Well, i think i did.
    I did:
    -------------------
    iwconfig wlan0 mode monitor channel 6 (channel of my AP and clients)
    ifconfig wlan0 up
    perl wireless.pl wlan0 (wireless.pl is below)
    And i put to print "$packet" which is the raw packet which beeped up my ssh terminal and loaded it with garbage, except a few plain text areas!!
    The ESSID's where there!! so maybe this is so far possible!

    when i run the program below, i get no warnings, no errors, etc, but the MAC address output looks like this:
    root@WeakNetLabs:/home/assistant/code/wifi# perl wireless.pl wlan0
    000000028509, 000018002e48
    000000028509, 000018002e48
    000000028509, 000018002e48
    000000028509, 000018002e48
    000000028509, 000018002e48
    000000028509, 000018002e48
    000000028509, 000018002e48
    000000028509, 000018002e48
    000000028509, 000018002e48
    000000028509, 000018002e48
    ^C

    which is odd. I fixed the syntax error in the loop, i guess, but ended up using the below code example found on the Net::Pcap tutorial at CPAN.

    wireless.pl:
    #!/usr/bin/perl -w use strict; use warnings; use Net::Pcap; use NetPacket::Ethernet; use NetPacket::IP; use NetPacket::TCP; my $error; my $device = $ARGV[0]; my $WiFiobject; $WiFiobject = Net::Pcap::open_live($device, 2048, 1, -1, \$error); unless (defined $WiFiobject) { die 'Unable to create packet capture on + device ', $device, ' - ', $error; } Net::Pcap::loop($WiFiobject, -1, \&syn_packets, '') || die 'Unable to +perform packet capture'; Net::Pcap::close($WiFiobject); sub syn_packets { my ($user_data, $header, $packet) = @_; my $macaddr = NetPacket::Ethernet->decode($packet); print "$macaddr->{'src_mac'}, $macaddr->{'dest_mac'}\n"; }
      So do those MAC addresses match the card and AP? It seems that you are doing an Ethernet decode. Doing that will miss some info from the 802.11 frame, but if you don't care about that, it really doesn't make any difference.
        nope, that's not a MAC address, if i switch interfaces to wired ethernet (eth0), i see the MAC addresses of the windows computer i use PuTTY from and the Linux box with the wireless.pl app on it perfectly flying by.
        Also, I don't really care about the payload, i just need the MAC addresses.
        I can write another thread for channel hopping later using iwconfig or a Perl module to iwconfig later. I just want to make sure i can get MACs from the same data i see the plain text ESSID's.

        My Net::Pcap is up to date: Net::Pcap is up to date (0.16). and i don't see a module for NetPacket for 802.11, but i do see a section in the Net::Pcap file on the CPAN site that says:
        :datalink exports the data link types macros:
        "DLT_IEEE802_11 - IEEE 802.11 wireless LAN"

        as an exporter tag. Does that mean I need to do: "use Exporter;" and "export" them? that part confused me a bit, heh. Thanks again, man :)
        Well, I tried setting the data link type with this:
        #!/usr/bin/perl -w # by trevelyn. # use warnings; use Net::Pcap; use NetPacket::Ethernet; use NetPacket::IP; use NetPacket::TCP; my $error; my $type = 'DLT_IEEE802_11'; my $device = $ARGV[0]; my $WiFiobject = Net::Pcap::open_live($device, 2048, 1, -1, \$error); my $w802 = Net::Pcap::datalink($type); Net::Pcap::set_datalink($Wifiobject, $w802); unless (defined $WiFiobject) { die 'Unable to create packet capture on + device ', $device, ' - ', $error; } Net::Pcap::loop($WiFiobject, -1, \&syn_packets, '') || die 'Unable to +perform packet capture'; Net::Pcap::close($WiFiobject); sub syn_packets { my ($user_data, $header, $packet) = @_; my $macaddr = NetPacket::Ethernet->decode($packet); print "$macaddr->{'src_mac'}, $macaddr->{'dest_mac'}\n"; }
        Doesn't seem to want to work at all anymore. I am completely lost now? :(

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://795002]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (12)
As of 2014-09-18 12:23 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (113 votes), past polls