I want to get information about mac addressees "talking" in protocol 802.11 from a pcap file using scapy. I have done something similar that working with tcp connections:
l = self.pcap[int(arg)]
ipsrc = l.getlayer("IP").src
ipdst = l.getlayer("IP").dst
portsrc = l.getlayer("TCP").sport
portdst = l.getlayer("TCP").dport
pkt = []
pkt.append([])
for i,p in enumerate(self.pcap):
if p.haslayer('TCP'):
if p[IP].src == ipsrc and p[IP].dst == ipdst and p[TCP].sport == portsrc and p[TCP].dport == portdst:
pkt.append([i, p])
if p[IP].src == ipdst and p[IP].dst == ipsrc and p[TCP].sport == portdst and p[TCP].dport == portsrc:
pkt.append([i, p])
where arg is a number that represent packet's ID and self.pcap is a pcap file that was opened using the command rdpcap.
anyone have any idea how to do the same as the above function but on mac address and 802.11 protocol? thanks.
See example for getting mac adresses from 802.11 mac header:
from scapy.all import *
pcap = rdpcap('test_wifi.pcap')
for pkt in pcap:
if pkt.haslayer(Dot11):
print "Addr1 = %s, Addr2 = %s, Addr3 = %s, Addr4 = %s" %(pkt.addr1, pkt.addr2, pkt.addr3, pkt.addr4)
I set my wireless card to monitor mode and save captured packets to 'test_wifi.pcap' file for testing this code.