Search code examples
wirelessbeaconaccess-pointhuman-readable

How to get a human-readable date/time format from Beacon packets

I want to fetch the human-readable date/time format from IEEE 802.11[a,b,g,n] wireless packets.

We have an open-source project for wireless pen-testing that called Aircrack-ng. This package has a tool that called Airodump-ng.

I found a function in Airodump-ng's source that can convert this timestamp to readable format.

source-code:

https://github.com/aircrack-ng/aircrack-ng/blob/master/src/airodump-ng.c#L3039

https://github.com/aircrack-ng/aircrack-ng/blob/master/src/airodump-ng.c#L3044

#define TSTP_SEC 1000000ULL /* It's a 1 MHz clock, so a million ticks per second! */
#define TSTP_MIN (TSTP_SEC * 60ULL)
#define TSTP_HOUR (TSTP_MIN * 60ULL)
#define TSTP_DAY (TSTP_HOUR

static char *parse_timestamp(unsigned long long timestamp) {
        static char s[15];
        unsigned long long rem;
        unsigned int days, hours, mins, secs;

        days = timestamp / TSTP_DAY;
        rem = timestamp % TSTP_DAY;
        hours = rem / TSTP_HOUR;
        rem %= TSTP_HOUR;
        mins = rem / TSTP_MIN;
        rem %= TSTP_MIN;
        secs = rem / TSTP_SEC;

        snprintf(s, 14, "%3ud %02u:%02u:%02u", days, hours, mins, secs);

        return s; }

In Airodump-ng, I saw below human-readable up-times for access-points:

  • ADSL-ADSL: 0d 01:04:08
  • ViroooS: 0d 18:13:10
  • Python2: 0d 12:50:40
  • G4_3355: 0d 00:07:34
  • apple: 4d 12:23:28
  • Maya: 8d 22:44:50

for example: the up-time of G4_3355 as an Access-Point is ~7 minutes.

for testing, i have a PCAP file and you can parse it with Wireshark.

download link of PCAP file: https://ufile.io/y0cca

a screenshot from Airodump-ng tool: https://ufile.io/qpv5t

How we can write above function (C codes) in Python !?

the <bsstimestamp>183258624319</bsstimestamp> as input. 

ts = 183258624319

result: a Date/Time  readable format.

note: the format of timestamps in wireshark is not like as above TS. https://www.epochconverter.com/

Help me to convert the timestamps of this PCAP file to readable format like as above examples.

Thanks a lot.

Solution

  • Simple example:

    from scapy.all import *

def print_timestamp(ts):
    TSTP_SEC =   1000000
    TSTP_MIN  = TSTP_SEC * 60
    TSTP_HOUR  = TSTP_MIN * 60
    TSTP_DAY  = TSTP_HOUR * 24

    days = ts / TSTP_DAY;
    rem = ts % TSTP_DAY;
    hours = rem / TSTP_HOUR;
    rem %= TSTP_HOUR;
    mins = rem / TSTP_MIN;
    rem %= TSTP_MIN;
    secs = rem / TSTP_SEC;

    print '%3ud %02u:%02u:%02u'% (days, hours, mins, secs)

pkts = rdpcap('timestamp.cap')

for pkt in pkts:
    if pkt.haslayer(Dot11Beacon) or pkt.haslayer(Dot11ProbeResp):
        print_timestamp(pkt.timestamp)