CODEWITHSUNDEEP
pythonscapywifi
Jentel
Jentel

Reputation: 156

Python-Scapy Distinguish between Acesspoint to Station

I want to distiniguish between Access Points to Stations while listening to Wi-Fi traffic via python-scapy.

I do it over 802.11b/g/n with management frames, but it doesn't work over 5GHz (802.11ac/a) as I don't see any management frames sent from my iPhone X, but i do see other packets that sent to both directions without having a way to distinguish which one is a wifi client and which is an accesspoint.

When a packet is sent, what is the way to understand wether the sender is an AP or STA?

Best

J

EDIT:

```

From DS to STA via AP Receiver Address: 01:00:5e:7f:ff:fa [STA] Transmitter Address: a0:4f:d4:2a:f7:d2 Source Address d8:8f:76:88:10:72

From DS to STA via AP Receiver Address: 01:00:5e:7f:ff:fa [STA] Transmitter Address: a0:4f:d4:2a:f7:d2 Source Address d8:8f:76:88:10:72

From DS to STA via AP Receiver Address: 01:00:5e:7f:ff:fa [STA] Transmitter Address: a0:4f:d4:2a:f7:d2 Source Address d8:8f:76:88:10:72

From DS to STA via AP Receiver Address: 01:00:5e:00:00:fb [STA] Transmitter Address: a0:4f:d4:2a:f7:d2 Source Address d8:8f:76:88:10:72

From DS to STA via AP Receiver Address: 01:00:5e:00:00:fb [STA] Transmitter Address: a0:4f:d4:2a:f7:d2 Source Address d8:8f:76:88:10:72

From DS to STA via AP Receiver Address: 01:00:5e:7f:ff:fa [STA] Transmitter Address: a0:4f:d4:2a:f7:d2 Source Address d8:8f:76:88:10:72

From DS to STA via AP Receiver Address: 01:00:5e:7f:ff:fa [STA] Transmitter Address: a0:4f:d4:2a:f7:d2 Source Address d8:8f:76:88:10:72

From DS to STA via AP Receiver Address: 01:00:5e:7f:ff:fa [STA] Transmitter Address: a0:4f:d4:2a:f7:d2 Source Address d8:8f:76:88:10:72

```

Thats the result i get. most of them are broadcast for some reason

Upvotes: 1

Views: 892

Answers (1)

Dmitry
Dmitry

Reputation: 844

You can process data frames like this:

from scapy.all import *

pcap = rdpcap('test_data.pcap')
for pkt in pcap:
    if pkt.haslayer(Dot11) and pkt.type == 2: #Data frames
        DS = pkt.FCfield & 0x3
        toDS = DS & 0x01 != 0
        fromDS = DS & 0x2 != 0
        if toDS and not fromDS:
            print "From STA to DS via AP"
            print "Receiver Address: %s" % (pkt.addr1)
            print "Transmitter Address: %s" % (pkt.addr2)
            print "Destination Address: %s" % (pkt.addr3)
        if not toDS and fromDS:
            print "From DS to STA via AP"
            print "Receiver Address: %s" % (pkt.addr1)
            print "Transmitter Address: %s" % (pkt.addr2)
            print "Source Address %s" % (pkt.addr3)
        print "\n"

Upvotes: 1

Related Questions