This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
scapy-usage-examples [2012/08/03 14:19] 94.245.224.234 created |
scapy-usage-examples [2012/08/05 12:12] (current) 89.144.206.230 [how to] |
||
---|---|---|---|
Line 10: | Line 10: | ||
<code python> | <code python> | ||
- | >>> pkts=sniff(count=10) | + | >>> pkts=sniff(count=100, iface="wlan1") #use exteranl wifi card to sniff |
+ | >>>pkts | ||
+ | <Sniffed: TCP:0 UDP:47 ICMP:0 Other:53> | ||
>>> wrpcap(‘traffic.pcap’,pkts) # Write list of packets to PCAP file | >>> wrpcap(‘traffic.pcap’,pkts) # Write list of packets to PCAP file | ||
>>> packetlist = rdpcap(‘traffic.pcap’) # Read PCAP file into list of packets | >>> packetlist = rdpcap(‘traffic.pcap’) # Read PCAP file into list of packets | ||
- | >>> for pkt in pkts: | + | >>> for pkt in packetlist: |
- | ... print pkt | + | ... print pkt, pkt.src, pkt.name #src give the MAC address of the device; name gives the protocol (Ethernet/802.3...) |
</code> | </code> | ||
returns a dump like this: | returns a dump like this: | ||
Line 50: | Line 52: | ||
- | [[http://www.packetstan.com/2011/03/extracting-ap-names-from-packet.html|PACKETSTAN: Extracting AP names from Packet Captures ]] | + | * [[http://www.packetstan.com/2011/03/extracting-ap-names-from-packet.html|PACKETSTAN: Extracting AP names from Packet Captures ]] |
- | ping all online IPs; with timeout | + | works great, extracts MAC addresses and ESSIDs found in a pcap file. |
+ | |||
+ | downloaded this script by Tim Medin; run it like this: | ||
+ | |||
+ | <code>./APNameFromPcap.py -f [a .pcap file] | sort -u</code> | ||
+ | |||
+ | returns a list like this: | ||
+ | <code> | ||
+ | 00:--:--:--:--:-- Alexxa | ||
+ | 00:--:--:--:--:-- NETGEAR | ||
+ | 00:--:--:--:--:-- UPC008034 | ||
+ | 00:--:--:--:--:-- UPC011853 | ||
+ | 00:--:--:--:--:-- UPC019652 | ||
+ | 00:--:--:--:--:-- bobi13 | ||
+ | bc:--:--:--:--:-- ASUS_lgdp | ||
+ | </code> | ||
+ | |||
+ | * ping all online IPs; with timeout | ||
<code> | <code> | ||
Line 74: | Line 93: | ||
(doesn't really continue once it reaches my own IP) | (doesn't really continue once it reaches my own IP) | ||
- | [[http://samsclass.info/124/proj11/123-P14x-promscan.html|Detecting Promiscuous NICs with scapy]] fun exercise, tried it with 2 wifi cards | + | * [[http://samsclass.info/124/proj11/123-P14x-promscan.html|Detecting Promiscuous NICs with scapy]] fun exercise, tried it with 2 wifi cards |