监控模式下的 Scapy 2.7.3 [英] Scapy 2.7.3 in Monitor Mode

问题描述

我正在用 scapy 编写一个简单的 WiFi 嗅探器:

I am writing a simple WiFi sniffer with scapy:

from scapy.all import *

ap_list = []
def ssid(pkt):
    print(pkt.show())
    if pkt.haslayer(Dot11):
        if pkt.type == 0 and pkt.subtype == 8:
            if pkt.addr2 not in ap_list:
                ap_list.append(pkt.addr2)
                print("AP: %s SSID: %s" % (pkt.addr2, pkt.info))

sniff(iface='en0', prn=ssid)

其中 en0 是 wi-fi 接口.

Where en0 is wi-fi interface.

我的目标是查看无线接入点的 RSSI、噪声、SSID.当我运行这个脚本时(无论是否来自 sudo)，当我连接到一些 wi-fi 时 - 捕获了许多数据包(没有一个是 Beacon).WireShark 在我的 Mac (El Capitan) 上以监控模式(airport en0 sniff 1)显示 RadioTap 标头，但是此脚本在监控模式下不产生任何输出.

My aim is to see the RSSI, noise, SSID for the wireless access points. When I run this script (from sudo or not), while I am connected to some wi-fi - there are many packets captured (no one is Beacon). WireShark shows RadioTap Headers in Monitor mode (airport en0 sniff 1) on my Mac (El Capitan), this script however, produces no output in monitor mode.

有人可以帮我理解这里出了什么问题吗?TIA :)

Could someone please help me understand what is going wrong here? TIA :)

推荐答案

这是 Mac 特定的问题.您确实是对的，您想为此类数据捕获 Beacon 帧.这里的问题是，一旦 airport 命令完成运行，您的接口就会返回到标准管理模式，因此当您运行 scapy 脚本时，您的 wifi 接口并不处于监控模式.据我所知，Mac 没有可以打开并将卡保持在监控模式的本机命令.

This is a Mac specific issue. You indeed are correct, you want to be capturing Beacon frames for this type of data. The issue here is that once the airport command finishes running, your interface is returned back to it's standard managed mode, so when you run your scapy script your wifi interface is not in monitor mode. To my knowledge, Mac does not have a native command that will turn on, and leave a card in monitor mode.

这篇关于监控模式下的 Scapy 2.7.3的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！