我使用scapy来嗅探数据包。我的路由器处于监控模式,因此我可以捕获探测请求。获取探测请求后,我获取ssid,rssi,制造商名称,时间,mac地址。那么有什么方法可以获得更多字段,如频道,模型名称,关联状态?在wireshark,我得到了所有这些领域,但如何让这些领域变成scapy?
from scapy.all import *
import logging
import logging.handlers
PROBE_REQUEST_TYPE=0
PROBE_REQUEST_SUBTYPE=4
WHITELIST = ['18:dc:56:f0:40:40','34:a3:95:b1:2b:d9','48:13:7e:57:ae:b6','98:0c:a5:17:7d:2d'] # Replace this with your phone's MAC address
#WHITELIST = ['00:00:00:00:00:00',] # Replace this with your phone's MAC address
def PacketHandler(pkt):
if pkt.haslayer(Dot11):
#if pkt.type==PROBE_REQUEST_TYPE and pkt.subtype == PROBE_REQUEST_SUBTYPE and ( pkt.addr2.lower() in WHITELIST or pkt.addr2.upper() in WHITELIST):
if pkt.type==PROBE_REQUEST_TYPE and pkt.subtype == PROBE_REQUEST_SUBTYPE:
PrintPacket(pkt)
def PrintPacket(pkt):
print "Probe Request Captured:"
try:
extra = pkt.notdecoded
except:
extra = None
if extra!=None:
signal_strength = -(256-ord(extra[-4:-3]))
else:
signal_strength = -100
print "No signal strength found"
#print "Time: %s Target: %s Source: %s SSID: %s RSSi: %d "%(pkt.time,pkt.addr3,pkt.addr2,pkt.getlayer(Dot11ProbeReq).info,signal_strength)
print "Time: %s Source: %s SSID: %s RSSi: %d "%(pkt.time,pkt.addr3,pkt.addr2,pkt.getlayer(Dot11ProbeReq).info,signal_strength)
str = "%s,%s,%s,%s,%d\n"%(pkt.time,pkt.addr2,pkt.getlayer(Dot11ProbeReq).info,signal_strength)
#f = open('log.txt',"a")
#f.write(str)
WriteToFile(str)
def WriteToFile(str):
my_logger = logging.getLogger('agentlogger')
handler = logging.handlers.RotatingFileHandler('tplink3020.log', mode='a', maxBytes=1000, backupCount=10, encoding=None, delay=0)
my_logger.addHandler(handler)
my_logger.warn(str)
def main():
from datetime import datetime
print "[%s] Starting scan"%datetime.now()
print "Scanning :"
WriteToFile("Hello")
#print "\n".join(mac for mac in WHITELIST)
sniff(iface=sys.argv[1],prn=PacketHandler)
if __name__=="__main__":
main()`