在监控模式下使用 libpcap 嗅探 wifi [英] Sniffing wifi using libpcap in monitor mode
问题描述
问题陈述
调用 pcap_activate() 导致 PCAP_ERR_RFMON_NOTSUP 错误,即不支持 RF 监控模式.
Calling pcap_activate() results in PCAP_ERR_RFMON_NOTSUP error, i.e. RF monitor mode is not supported.
背景
我正在编写小型 C 程序,其工作是在监控模式下监听我笔记本电脑的 wifi 卡.笔记本电脑运行的是 Ubuntu 12.04 LTS.我运行了 airmon-ng start wlan0 命令,然后出现了 mon0 界面.以下是运行 airmon 命令后 iwconfig 命令的输出:
I'm writing small C program whose job is to listen on my laptop's wifi card in monitor mode. The laptop is running Ubuntu 12.04 LTS. I ran airmon-ng start wlan0 command after which mon0 interface appeared. Following shows output of iwconfig command after running the airmon command:
$ iwconfig
mon0 IEEE 802.11bgn Mode:Monitor Tx-Power=16 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Power Management:off
eth0 no wireless extensions.
lo no wireless extensions.
wlan0 IEEE 802.11bgn ESSID:"SKY88F48"
Mode:Managed Frequency:2.412 GHz Access Point: 7C:4C:A5:3B:33:59
Bit Rate=52 Mb/s Tx-Power=16 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Power Management:off
Link Quality=43/70 Signal level=-67 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:4 Invalid misc:415 Missed beacon:0
问题
在我的程序中,我使用 pcap_create() 在设备 mon0 上创建网络句柄.然后我成功设置了快照长度和混杂模式.
In my program, I create network handle on device mon0 using pcap_create(). Then I set snapshot length and promiscuous mode successfully.
当我检查是否可以设置 rfmon 时,使用 pcap_can_set_rfmon() 方法,它返回正值.然后我使用成功通过的 pcap_set_rfmon() 方法设置 rfmon.我也设置了超时.最后,当我调用 pcap_activate() 时,它返回错误 PCAP_ERR_RFMON_NOTSUP,即不支持 RF 监控模式.我以 root 身份运行我的程序.
When I check if rfmon can be set, using pcap_can_set_rfmon() method, it returns positive. Then I set rfmon using pcap_set_rfmon() method which goes through successfully. I also set timeout. Finally when I call pcap_activate() it returns error PCAP_ERR_RFMON_NOTSUP, i.e. RF monitor mode not supported. I'm running my program as root.
需要注意的一点是,我安装了wireshark并开始监听mon0,它成功捕获了所有流量.
One thing to note is that I installed wireshark and started listening on mon0 which successfully captured all the traffic.
推荐答案
您不需要在 mon0 上设置 rfmon 模式 - 它本质上处于监视器模式.只需捕捉它;这就是您使用 Wireshark 所做的.
You don't need to set rfmon mode on mon0 - it's inherently in monitor mode. Just capture on it; that's what you did with Wireshark.
由于各种原因与此有关
libnl 有多个不兼容的版本,因此选择正确的版本来构建 libpcap 显然是发行版构建者的痛苦;
libnl having multiple incompatible versions, so choosing the right version with which to build libpcap is, apparently, a pain for distribution builders;
选择与同时使用 libnl 和 libpcap 的应用程序使用的版本不同的版本,会由于上述不兼容性而导致可怕的问题;
choosing a version different from the one used by an application that uses both libnl and libpcap causing horrible problems due to the aforementioned incompatibilities;
适用于大多数设备的 Linux 的 libpcap rfmon 模式代码,它使用 libnl(本质上,它创建了一个新的 monN 接口,复制 airmon-ng 的功能,打开该接口进行捕获,并在捕获完成时将其删除)完成),在许多 Linux 发行版中未启用,因为 libpcap 被配置为未使用 libnl.
the libpcap rfmon mode code for Linux that works best for most devices, which uses libnl (essentially, it creates a new monN interface, duplicating what airmon-ng does, opens that interface for capturing, and deletes it when the capture is finished), is not enabled in many Linux distributions because libpcap is configured not to use libnl.
因此,它不适用于 Linux.
Therefore, it doesn't work well on Linux.
为 libpcap 编写代码以直接使用 netlink 套接字,而不是通过 libnl,在我的待办事项列表中,但不幸的是,它落后于该列表中的许多其他问题.
Writing code for libpcap to directly use netlink sockets, rather than go through libnl, is on my to-do list, but it is, unfortunately, behind a number of other issues on that list.
这篇关于在监控模式下使用 libpcap 嗅探 wifi的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
