Reputation: 55
Scapy 2.7.3 in Monitor Mode
I am writing a simple WiFi sniffer with scapy:
from scapy.all import *
ap_list = []
def ssid(pkt):
print(pkt.show())
if pkt.haslayer(Dot11):
if pkt.type == 0 and pkt.subtype == 8:
if pkt.addr2 not in ap_list:
ap_list.append(pkt.addr2)
print("AP: %s SSID: %s" % (pkt.addr2, pkt.info))
sniff(iface='en0', prn=ssid)
Where en0 is wi-fi interface.
My aim is to see the RSSI, noise, SSID for the wireless access points. When I run this script (from sudo or not), while I am connected to some wi-fi - there are many packets captured (no one is Beacon). WireShark shows RadioTap Headers in Monitor mode (airport en0 sniff 1) on my Mac (El Capitan), this script however, produces no output in monitor mode.
Could someone please help me understand what is going wrong here? TIA :)
Upvotes: 0
Views: 2647
Answers (1)
Reputation: 11
This is a Mac specific issue. You indeed are correct, you want to be capturing Beacon frames for this type of data. The issue here is that once the airport command finishes running, your interface is returned back to it's standard managed mode, so when you run your scapy script your wifi interface is not in monitor mode. To my knowledge, Mac does not have a native command that will turn on, and leave a card in monitor mode.
Upvotes: 1
Related Questions
- Python scan for WiFi
- How can I put mac os x en1 interface into monitor mode to use with python3 scapy?
- Scapy sniff filter not functioning
- How to see all packets in the air with scapy on Windows?
- Using scapy with wifi
- Sniffing wifi using libpcap in monitor mode
- Sniff error in Scapy
- Scapy sniff in monitor mode
- python-3.4 Scapy sniffing
- Python Scapy not sniffing