So this is my script:
#!/usr/bin/env python
import sys
from scapy.all import *
from subprocess import *
call(["clear"])
print "Probe Investigator"
print "-----------------------------------------------------"
intf = raw_input("Enter the Name of the interface to sniff: ")
print ("\n")
clients = []
uni = 0
mach = []
def phandle(p):
if p.haslayer(Dot11ProbeReq):
mac = p.addr2
if p.haslayer(Dot11Elt):
if p.ID == 0:
ssid = p.info
if ssid not in clients and ssid != "":
clients.append(ssid)
print len(clients),mac+"--Probing-->"+ssid
if mac not in mach:
mach.append(mac)
global uni
uni+=1
else:
return
sniff(iface=intf,prn=phandle, store=0)
print ("\n")
print "Unique MACs: ",uni
As you can see, I am filtering for probe requests and also filtering to see if the requests aren't broadcast but are for specific SSID's. I analyzed probe requests in wireshark to see that such probes also have a tag no 221 in Dot11ELt layer which specifies vendor. If I just change the p.ID == 0 statement to p.ID == 221 then it should technically give me the vendor info but instead the script just hangs and never moves forward with the rest of the script.
How do I extract vendor info from the packet?
My python version: 2.7.3 (default, Mar 13 2014, 11:03:55) [GCC 4.7.2] My linux version: Distributor ID:Kali Description:Kali GNU/Linux 1.1.0 Release:1.1.0 Codename:moto Linux version 3.18.0-kali3-amd64 gcc version 4.7.2 Debian 4.7.2-5) ) #1 SMP Debian 3.18.6-1~kali2 (2015-03-02)
A probe request packet might have several Dot11Elt layers and you need to iterate over them until you locate the desired one, as follows:
dot11elt = p.getlayer(Dot11Elt)
while dot11elt and dot11elt.ID != 221:
dot11elt = dot11elt.payload.getlayer(Dot11Elt)
if dot11elt:
... # dot11elt.ID == 221: