Net::Pcap with wireless

trevelyn has asked for the wisdom of the Perl Monks concerning the following question:

Hi. I created a Perl app that searches Airodump's output plain text file for MAC addresses and matches one that is specified. I would like to have no dependencies anymore and I would like to create a program that reads all data from a wireless device that is NOT associated with an AP, but simply sniffing (wardriving).

I have the proper drivers installed on WeakNet Linux to sniff in promiscuous mode, and I can with Airodump-ng.

I have tried utilizing all I can in CPAN, including: Net::Pcap; Net::PcapUtils; NetPacket::Ethernet;

None seem to work properly when I specify a wireless device rather than a wired device and all I want to do is to be able to drive around and decode the packets from, say, wlan0 to pull out MAC addresses in which i can search for a particular MAC specified.

I would rather not have someone else code this as I would like to learn more than anything, but I just want to know the right direction. Or maybe have some code samples.

Thanks in advance,

Douglas. here is the code I have that produces output, just wrong output:

#!/usr/bin/perl -w
use Net::Pcap;
use NetPacket::Ethernet;
use strict;
my $err;
my $dev = "wlan0";
my $object;
$object = Net::Pcap::open_live($dev, 2048, 0, 0, \$err);
Net::Pcap::loop($object, -1, \&syn_packets, '') || die 'Unable to perf
+orm packet capture';
Net::Pcap::close($object);
sub syn_packets {
        my ($user_data, $header, $packet) = @_;
        my $eth_obj = NetPacket::Ethernet->decode($packet);
        print("$eth_obj->{src_mac} : $eth_obj->{dest_mac}\n");
                }
[download]

Comment on Net::Pcap with wireless Download Code

Replies are listed 'Best First'.
Re: Net::Pcap with wireless by jbt (Chaplain) on Sep 13, 2009 at 03:52 UTC
You may obtain some useful information by checking return value and $err value from the open_live function. Is the syn_packets function called and if so what is printed? There also appears to be a syntax error in the loop function call.	[reply]
Re: Net::Pcap with wireless by traveler (Parson) on Sep 13, 2009 at 16:27 UTC
Also, ensure that your version of Net::Pcap and the libpcap it is using are current enough to support wireless capture. The MAC frame for wireless (which is CSMA/CA) is not the same as that for Ethernet (which is CSMA/CD). Older versions of libpcap do not support wireless frames. I do not know whether or not any versions of Net::Pcap support capturing wireless frames, or whether they only support accessing the pseudo-Ethernet version.	[reply]
Re^2: Net::Pcap with wireless by trevelyn (Novice) on Sep 13, 2009 at 17:10 UTC
First of all, I need to tell you guys, that this webiste is amazing! <33 Thank you guys for all the great advice. I was using die, but must have lost it somewhere when using CTRL+K in nano. I was afraid that Net::Pcap was unable to sniff wireless packets in the first place, but I got it to. Well, i think i did. I did: ------------------- iwconfig wlan0 mode monitor channel 6 (channel of my AP and clients) ifconfig wlan0 up perl wireless.pl wlan0 (wireless.pl is below) And i put to print "$packet" which is the raw packet which beeped up my ssh terminal and loaded it with garbage, except a few plain text areas!! The ESSID's where there!! so maybe this is so far possible! when i run the program below, i get no warnings, no errors, etc, but the MAC address output looks like this: root@WeakNetLabs:/home/assistant/code/wifi# perl wireless.pl wlan0 000000028509, 000018002e48 000000028509, 000018002e48 000000028509, 000018002e48 000000028509, 000018002e48 000000028509, 000018002e48 000000028509, 000018002e48 000000028509, 000018002e48 000000028509, 000018002e48 000000028509, 000018002e48 000000028509, 000018002e48 ^C which is odd. I fixed the syntax error in the loop, i guess, but ended up using the below code example found on the Net::Pcap tutorial at CPAN. wireless.pl: #!/usr/bin/perl -w use strict; use warnings; use Net::Pcap; use NetPacket::Ethernet; use NetPacket::IP; use NetPacket::TCP; my $error; my $device = $ARGV[0]; my $WiFiobject; $WiFiobject = Net::Pcap::open_live($device, 2048, 1, -1, \$error); unless (defined $WiFiobject) { die 'Unable to create packet capture on + device ', $device, ' - ', $error; } Net::Pcap::loop($WiFiobject, -1, \&syn_packets, '') \|\| die 'Unable to +perform packet capture'; Net::Pcap::close($WiFiobject); sub syn_packets { my ($user_data, $header, $packet) = @_; my $macaddr = NetPacket::Ethernet->decode($packet); print "$macaddr->{'src_mac'}, $macaddr->{'dest_mac'}\n"; } [download]	[reply] [d/l]
Re^3: Net::Pcap with wireless by traveler (Parson) on Sep 13, 2009 at 17:55 UTC
So do those MAC addresses match the card and AP? It seems that you are doing an Ethernet decode. Doing that will miss some info from the 802.11 frame, but if you don't care about that, it really doesn't make any difference.	[reply]
Re^4: Net::Pcap with wireless by trevelyn (Novice) on Sep 13, 2009 at 18:21 UTC
Re^5: Net::Pcap with wireless by traveler (Parson) on Sep 14, 2009 at 21:58 UTC
Re^4: Net::Pcap with wireless by trevelyn (Novice) on Oct 25, 2009 at 16:32 UTC
Re^5: Net::Pcap with wireless by Khen1950fx (Canon) on Oct 25, 2009 at 20:59 UTC
Some notes below your chosen depth have not been shown here
Re: Net::Pcap with wireless by apl (Monsignor) on Sep 13, 2009 at 13:35 UTC
You may also want to look at Use strict warnings and diagnostics or die to help reduce your development time...	[reply]

Back to Seekers of Perl Wisdom