So my question is , I have been trying to work with scapy by sniffing packets going in and out of my computer using a simple sniff() and print pkt.summary() everything is going well then I wanted to go a bit further so I put my wifi adapter in to monitor mode to catch other packets only that the packets I am catching seem to be different , I can not get any info from them , how can these packets be used and can I catch TCP/UDP packets being sent from other devices like I did when I was sniffing my computers packets ? I am a bit new to all this packet monitoring and its usage so please go easy.
what i get when i print pkt.summary() and pkt.show() :
RadioTap / 802.11 Management 4L 98:0c:82:4c:XX:XX > ff:ff:ff:ff:ff:ff / Dot11ProbeReq / SSID='TELENETHOMESPOT' / Dot11Elt / Dot11Elt / Dot11Elt / Dot11Elt / Dot11Elt / Dot11Elt / Dot11Elt
###[ RadioTap dummy ]###
version = 0
pad = 0
len = 18
present = Flags+Rate+Channel+dBm_AntSignal+Antenna+b14
notdecoded= '\x10\x02\x99\t\xa0\x00\xd3\x05\x00\x00'
###[ 802.11 ]###
subtype = 4L
type = Management
proto = 0L
FCfield =
ID = 0
addr1 = ff:ff:ff:ff:ff:ff
addr2 = 98:0c:82:4c:XX:XX
addr3 = ff:ff:ff:ff:ff:ff
SC = 55360
addr4 = None
###[ 802.11 Probe Request ]###
###[ 802.11 Information Element ]###
ID = SSID
len = 15
info = 'TELENETHOMESPOT'
###[ 802.11 Information Element ]###
ID = Rates
len = 4
info = '\x02\x04\x0b\x16'
###[ 802.11 Information Element ]###
ID = ESRates
len = 8
info = '\x0c\x12\x18$0H`l'
###[ 802.11 Information Element ]###
ID = 45
len = 26
info = '\x0c\x10\x19\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
###[ 802.11 Information Element ]###
ID = DSset
len = 1
info = '\x0b'
###[ 802.11 Information Element ]###
ID = vendor
len = 9
info = '\x00\x10\x18\x02\x00\x00\x00\x00\x00'
###[ 802.11 Information Element ]###
ID = vendor
len = 30
info = '\x00\x90L3\x0c\x10\x19\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
###[ 802.11 Information Element ]###
ID = 138
len = 37
info = '\xf5x'
That packet is a type of 802.11 management frame, more specifically a Probe response frame, it is very similar to a beacon frame. When a wireless user wishes to know information about the access point, they send a probe request, and the access point may send a probe response back. It gives information such as SSID, rates, capabilities and other parameters.
If you are trying to decrypt WPA encrypted traffic, it gets a little harder. All traffic by users associated by the AP will be scrambled. If you wish to decrypt it, save the packet to a .pcap file and use a tool such as airdecap-ng on the file.
If you are associated with the wireless network, it would be far easier to perform an ARP poisoning attack using a program such as ettercap. This will trick the other computers on the network to forwarding traffic through your computer, which can then be inspected as if it was going through your own computer. (Make sure you have permission from the other users if there is any!)