Libtins help - example filter for Wifi sniffing
818 views
Skip to first unread message
Sean van der Walt
Sep 10, 2017, 7:29:24 PM9/10/17
to libtins
Hi All,
I really like Matias' Libtins library.
I'm trying out some WiFi sniffing of MAC, Addr & RSSI... within an OpenWRT environment I'm using.In the Beacon.cpp example I commented out some of the code & edited the filter:
Filter to:
config.set_filter("type mgt"); // subtype beacon or subtype probe-req or subtype probe-resp");
I expected to see all management frames, including probe requests & responses....
All I get on output is the WiFi AP Beacon's on Ch 1. and no device probe requests...
I edited out some of the checks callback so as not to only look at SSID's.
Do you have any advice for me pls ????
#include <iostream>
#include <iomanip>
#include <set>
#include <string>
#include <tins/tins.h>
using std::set;
using std::cout;
using std::endl;
using std::string;
using std::runtime_error;
using namespace Tins;
class BeaconSniffer {
public:
void run(const string& iface);
private:
typedef Dot11::address_type address_type;
typedef set<address_type> ssids_type;
bool callback(PDU& pdu);
ssids_type ssids;
};
void BeaconSniffer::run(const std::string& iface) {
SnifferConfiguration config;
config.set_promisc_mode(true);
// config.set_snap_len(2000);
config.set_filter("type mgt"); // subtype beacon or subtype probe-req or subtype probe-resp");
config.set_rfmon(true);
Sniffer sniffer(iface, config);
sniffer.sniff_loop(make_sniffer_handler(this, &BeaconSniffer::callback));
}
bool BeaconSniffer::callback(PDU& pdu) {
// Get the Dot11 layer
const Dot11Beacon& beacon = pdu.rfind_pdu<Dot11Beacon>();
// SvdW 31/08/2017 - Add RadioTap to locate the RSSI
const RadioTap &radio = pdu.rfind_pdu<RadioTap>();
int rssi = radio.dbm_signal();
// All beacons must have from_ds == to_ds == 0
// if (!beacon.from_ds() && !beacon.to_ds())
{
// Get the AP address
address_type addr = beacon.addr2();
// Look it up in our set
// ssids_type::iterator it = ssids.find(addr);
// if (it == ssids.end())
{
// First time we encounter this BSSID.
try {
/* If no ssid option is set, then Dot11::ssid will throw
* a std::runtime_error.
*/
string ssid = beacon.ssid();
string addr_string = addr.to_string();
// Save it so we don't show it again.
// ssids.insert(addr);
// Display the tuple "address - ssid".
cout << " mac: " << addr << " - ssid: " << ssid << " - rssi: " << std::setbase(10) << std::setprecision(2) << rssi << "dBm" << endl;
}
catch (runtime_error&) {
// No ssid, just ignore it.
cout << " Catch Runtime Error" << endl;
}
}
}
return true;
}
int main(int argc, char* argv[]) {
if (argc != 2) {
cout << "Usage: " <<* argv << " <interface>" << endl;
return 1;
}
string interface = argv[1];
BeaconSniffer sniffer;
sniffer.run(interface);
}Any assistance with the beacon.cpp with my reasoning would help. TIA.FYI - I did do a pcap on the target hardware (with openwrt) and confirm the libpcap works. Did tcpdump pcap capture (attached) and I get all the probe requests and responses as expected.So there is no issue with the hardware, or libs, or openwrt linux environment.
RgdsSean
Matias Fontanini
Sep 10, 2017, 7:37:25 PM9/10/17
to libtins
You changed the pcap filter but you are still only trying to grab beacons, as you are calling pdu.rfind_pdu<Dot11Beacon>(). If you want probe requests and probe responses you need to search for those PDUs as well, or just search for Dot11ManagementFrame if that suits you.
Sean van der Walt
Sep 10, 2017, 8:38:15 PM9/10/17
to libtins
Thanks Matias. Will test that out. Thanks.
Sean van der Walt
Sep 11, 2017, 2:27:51 AM9/11/17
to libtins
Matias,
I have managed to find the prob requests, the Libtins library is awesome. Thanks so much.
Reply all
Reply to author
Forward
0 new messages