Search code examples
pythonsecuritywirelessscapyintrusion-detection

Wireless Data Packet Capturing with help of scapy


My code That I have tried is as follows:

from scapy.all import *

def PacketHandler(pkt) :

       if pkt.haslayer == 2 and pkt.subtype==0:

          if pkt.haslayer(IP) :

             ip=pkt.getlayer(IP)
             print ip.dst

          if pkt.haslayer(UDP):
               udp=pkt.getlayer(UDP)
               print udp.dport
          if pkt.haslayer(TCP) :
               tcp=pkt.getlayer(TCP)
               print tcp.port

sniff(iface="mon0", prn=PacketHandler) 

Using this, I want to capture all wireless DATA packets but I am getting only multicast ( IP/UDP) packets. So how can I get all DATA packet in my wireless network? I have disabled encryption on my access point for this (temporarily) so I can get access to the data in packets.


Solution

  • If you want to handle only Data frames, and not Management and Control frames, then you can do this:

    from scapy.all import *
    
    def packet_handler(pkt) :
        # if packet has 802.11 layer, and type of packet is Data frame
        if pkt.haslayer(Dot11) and pkt.type == 2:
                # do your stuff here
                print(pkt.show())
    
    
    sniff(iface="mon0", prn=packet_handler)
    

    Also you can use filter option of sniff function to filter only Data frames to go to your packet_handler function:

    from scapy.all import *
    
    def packet_handler(pkt) :
        # if packet has 802.11 layer
        if pkt.haslayer(Dot11):
            # do your stuff here
            print(pkt.show())
    
    sniff(iface="mon0", prn=packet_handler, filter="type Data")
    

    Here, is a good list of type and subtype values for frames.