从Python访问802.11无线管理框架 [英] Accessing 802.11 Wireless Management Frames from Python
问题描述
从Linux上的Python,我想嗅探802.11管理探测请求"帧.可以从Scapy这样实现:
From Python on Linux I would like to sniff 802.11 management 'probe-request' frames. This is possible from Scapy like so:
# -*- coding: utf-8 -*-
from scapy.all import *
def proc(p):
if ( p.haslayer(Dot11ProbeReq) ):
mac=re.sub(':','',p.addr2)
ssid=p[Dot11Elt].info
ssid=ssid.decode('utf-8','ignore')
if ssid == "":
ssid="<BROADCAST>"
print "%s:%s" %(mac,ssid)
sniff(iface="mon0",prn=proc)
或者从tshark像这样:
Or from tshark like so:
tshark -n -i mon0 subtype probereq -R 'wlan.fc.type_subtype eq 4' -T fields -e wlan.sa -e wlan_mgt.ssid
我们可以重定向tshark的输出,并使用一些Python(不是很漂亮,但是可以正常工作)将其吸收掉.
We could redirect the output from tshark, and slurp it up with some Python (not pretty, but it works).
然而,这两个选项都GPL许可,这使得潜在的商业项目棘手.因此,我正在尝试针对此特定问题在Python中找到较低级别"的解决方案.在Google的帮助下,我设法找到了两个可能的尝试方向:
However, both of these options have GPL licensing, which makes potential commercial projects tricky. I'm therefore trying to figure out a 'lower level' solution in Python for this specific problem. From Google I've managed to work out two potential directions to try:
Pcap libraries: There seem to be three pcap libraries available for Python: pylibpcap, pypcap, and pcapy. I'm not too sure how to approach incorporating the above functionality into these. Any sample code or solutions would be great.
原始套接字:PF_PACKET: 数据包套接字用于在设备驱动程序(OSI第2层)级别上接收或发送原始数据包.它们允许用户在物理层顶部的用户空间中实现协议模块."
Raw sockets: PF_PACKET: "Packet sockets are used to receive or send raw packets at the device driver (OSI Layer 2) level. They allow the user to implement protocol modules in user space on top of the physical layer."
这听起来可能是另一种选择,完全绕开了pcap.我听说有评论说这甚至可能是更好的方法,可以消除pcap库的开销.不过,我不确定从哪里开始解决这个问题.
This sounds like it could be another option, bypassing pcap altogether. I've heard comments that this may even be a better approach, removing the overhead of pcap libraries. I'm not sure where to start tackling this, though.
在解决此问题方面的任何帮助将不胜感激.
Any help in solving this would be greatly appreciated.
推荐答案
我设法解决了这个问题.这是我经历的过程:
I've managed to work this out. Here's the process I went through:
-
捕获一些802.11管理探测请求"帧:
Capture some 802.11 management 'probe-request' frames:
tshark -n -i mon0 subtype probereq -c 5 -w probe.pcap
了解RadioTap
阅读 RadioTap 文档,我意识到RadioTap框架由以下字段组成:
Understand RadioTap
Reading RadioTap documentation, I realised that RadioTap frames are comprised of the following fields:
it_version (2 bytes) - major version of the radiotap header is in use. Currently, this is always 0
it_pad (2 bytes) - currently unused
it_len (4 bytes) - entire length of the radiotap data, including the radiotap header
it_present (8 byte) - bitmask of the radiotap data fields that follows the radiotap header
因此,it_len允许我们定位紧接无线电广播数据的802.11帧的开头.
Therefore the it_len allows us to locate the beginning of the 802.11 frame that follows the radiotap data.
Python中的编码解决方案
我从上一篇文章中找到的三个pcap库选项中选择使用 pylibpcap ,并发现了dpkt 模块,用于解析802.11帧.文档非常薄,因此通过使用Python解释器,我设法编写出以下代码以从捕获文件中提取MAC,探测SSID和信号强度:
Coding solution in Python
I chose to use pylibpcap from three pcap library options I found in my previous post, and discovered the dpkt module for parsing 802.11 frames. Documentation was very thin, so by playing in the Python interpreter I managed to work out the following code to extract MAC, probe SSID, and signal strength from our capture file:
f = open('probe.pcap')
pc = dpkt.pcap.Reader(f)
dl=pc.datalink()
if pc.datalink() == 127: #Check if RadioTap
for timestamp, rawdata in pc:
tap = dpkt.radiotap.Radiotap(rawdata)
signal_ssi=-(256-tap.ant_sig.db) #Calculate signal strength
t_len=binascii.hexlify(rawdata[2:3]) #t_len field indicates the entire length of the radiotap data, including the radiotap header.
t_len=int(t_len,16) #Convert to decimal
wlan = dpkt.ieee80211.IEEE80211(rawdata[t_len:])
if wlan.type == 0 and wlan.subtype == 4: # Indicates a probe request
ssid = wlan.ies[0].info
mac=binascii.hexlify(wlan.mgmt.src)
print "%s, %s (%d dBm)"%(mac,ssid,signal_ssi)
这篇关于从Python访问802.11无线管理框架的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
