Reputation: 2638
Sniffing ethernet packets in monitor mode in python without a third party library?
I am able to sniff packets in promiscuous mode in python, whilst connected to my wireless network with the below code. I have thoroughly tested this and know this works. I am seeing normal packets across my network:
rawSocket = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(0x0003))
packet = rawSocket.recvfrom(2048)
ethernet_header = packet[0][0:14]
ethernet_detailed = unpack("!6s6s2s", ethernet_header)
print ethernet_detailed
However I want to take it a step further and attempt this with my wifi card in monitor mode, while not connected to any network. I know my card supports Monitor mode as its an alfa AWUS066NH. I use the below code to put py card in monitor mode.
os.system('ifconfig %s down' % interface)
os.system('iwconfig %s mode monitor' % interface)
os.system('ifconfig %s up' % interface)
However now when I run the same code above, that was used in promiscous mode and I only get a single packet who's ethernet_header looks like this ('\x00\x00\x12\x00.H', '\x00\x00\x00\x02l\t', '\xc0\x00')
Why do I no longer see any packets other than the one described? Also how should I be sniffing in monitor mode? I would like to do this without a 3rd party, but will do so if I must.
Upvotes: 1
Views: 4073
Answers (2)
Reputation: 21
Since you put your card in monitor mode, you are now looking at 802.11 frames (beacons, probe requests/responses, etc).
What you are seeing in your 0:14 range of bytes is part of the Radio Tap Header that your card prepends to the data captured. The third byte indicates the Radio Tap Header length of 0x12 (18 bytes). Radio Tap Headers are not always 0x12 so 802.11 data begins at the value of the third byte + 1.
Upvotes: 2
Reputation: 21
There was an extra lenth in
ethernet_header = packet[0][0:14]
which is not required
rawSocket = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(0x0003))
packet = rawSocket.recvfrom(2048)
ethernet_header = packet[0:14]
ethernet_detailed = unpack("!6s6s2s", ethernet_header)
print ethernet_detailed
Upvotes: 0
Related Questions
- Network Packet Sniffer:Process an Ethernet frame (MAC src&dest address + protocole) using python
- Python Raw Sockets (Windows): Sniffing Ethernet Frames
- Packet sniffing in Python (Windows)
- How can I listen for raw ethernet frames in vanilla Python 3?
- Packet sniffer in Python
- sniffing network packets using python
- Simple Raw Packet Sniffer In Python
- Packet sniffer in python3
- Network sniffing with python
- How to intercept and manipulate network traffic using Python?