CODEWITHSUNDEEP
pythonwifiscapy
MM Manuel
MM Manuel

Reputation: 385

Filtering packets by src mac in scapy

When I filter the packets using this filter in wireshark: wlan.sa == 04.b1.67.14.bd.64 All goes perfect.

However, I'm trying to do it with the following python script using scapy, but it never filter by the source mac:

from scapy.all import *
from datetime import datetime
import traceback
# import MySQLdb

def getAverageSSI():
    global ssiFinal
    return ssiFinal

def setParams():
    global window
    global timestamp
    global SSID
    global datetime
    global iterator1
    window = 1
    timestamp = datetime.now()
    SSID='DefaultName'
    iterator1 = 0
    global ssiArray

    ssiArray = []


def myPacketHandler(pkt) :
    global SSID
    global timestamp
    global iterator1
    global ssiArray

    try :

        if pkt.haslayer(Dot11) :

            ssiNew = -(256-ord(pkt.notdecoded[-4:-3]))

            ssiArray.append(ssiNew)

            diffT=(datetime.now()-timestamp).seconds


            if diffT>window:

                print 'With MAC dst = %s with SSI Power= %s' %(pkt.addr1, sum(ssiArray)/len(ssiArray))
                print ssiArray
                ssiArray = []

                timestamp=datetime.now()

    except Exception as e:
        print 'Exception'
        print e
        traceback.print_exc()
        sys.exit(0)


setParams()

try:
    sniff(iface="wlan1", filter="ether src 04:b1:67:14:bd:64", prn = myPacketHandler, store=0)
except Exception as e:
    print e
    print "Sniff AP1 Off"

I have also tried to remove the filter in sniff, and put an if like the following: 

if pkt.addr1 == '04:b1:67:14:bd:64' : # mac xiaomi mi a1

            # SSID = pkt.info;
            ssiNew = -(256-ord(pkt.notdecoded[-4:-3]))

            ssiArray.append(ssiNew)

            diffT=(datetime.now()-timestamp).seconds


            if diffT>window:

                # query = "START TRANSACTION;"
                # queryBack=cur.execute(query)

                # query = "INSERT INTO RSSI VALUES(%d,\"AP1\",%d);"%(iterator1,ssiNew)
                # queryBack = cur.execute(query)

                print 'MAC = %s with SSI Power= %s' %(pkt.addr1, sum(ssiArray)/len(ssiArray))

                ssiArray = []
                # Conexion.commit()

                # iterator1+=1

                timestamp=datetime.now()

But it is only filtering by destination mac.

Do you know how to properly filter by mac like in the following wireshark image? (it needs to be exactly the same behaviour than in the wireshark filter):

enter image description here

Upvotes: 0

Views: 1790

Answers (1)

Cukic0d
Cukic0d

Reputation: 5431

Your second method should be working well, if you used addr2 instead of addr1

Dot11 FCS packet

Here is how it works in 802.11 (yes it’s really messy) How 802.11 addresses work

Also, you should update to the github scapy version, which has support for RSSI directly (so you don’t have to parse notdecoded)

RadioTap example

See https://github.com/secdev/scapy/archive/master.zip

Upvotes: 1

Related Questions