This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
scapy-usage-examples [2012/08/03 14:20] 94.245.224.234 [examples] |
scapy-usage-examples [2012/08/05 12:12] (current) 89.144.206.230 [how to] |
||
---|---|---|---|
Line 10: | Line 10: | ||
<code python> | <code python> | ||
- | >>> pkts=sniff(count=10) | + | >>> pkts=sniff(count=100, iface="wlan1") #use exteranl wifi card to sniff |
+ | >>>pkts | ||
+ | <Sniffed: TCP:0 UDP:47 ICMP:0 Other:53> | ||
>>> wrpcap(‘traffic.pcap’,pkts) # Write list of packets to PCAP file | >>> wrpcap(‘traffic.pcap’,pkts) # Write list of packets to PCAP file | ||
>>> packetlist = rdpcap(‘traffic.pcap’) # Read PCAP file into list of packets | >>> packetlist = rdpcap(‘traffic.pcap’) # Read PCAP file into list of packets | ||
- | >>> for pkt in pkts: | + | >>> for pkt in packetlist: |
- | ... print pkt | + | ... print pkt, pkt.src, pkt.name #src give the MAC address of the device; name gives the protocol (Ethernet/802.3...) |
</code> | </code> | ||
returns a dump like this: | returns a dump like this: | ||
Line 51: | Line 53: | ||
* [[http://www.packetstan.com/2011/03/extracting-ap-names-from-packet.html|PACKETSTAN: Extracting AP names from Packet Captures ]] | * [[http://www.packetstan.com/2011/03/extracting-ap-names-from-packet.html|PACKETSTAN: Extracting AP names from Packet Captures ]] | ||
+ | |||
+ | works great, extracts MAC addresses and ESSIDs found in a pcap file. | ||
+ | |||
+ | downloaded this script by Tim Medin; run it like this: | ||
+ | |||
+ | <code>./APNameFromPcap.py -f [a .pcap file] | sort -u</code> | ||
+ | |||
+ | returns a list like this: | ||
+ | <code> | ||
+ | 00:--:--:--:--:-- Alexxa | ||
+ | 00:--:--:--:--:-- NETGEAR | ||
+ | 00:--:--:--:--:-- UPC008034 | ||
+ | 00:--:--:--:--:-- UPC011853 | ||
+ | 00:--:--:--:--:-- UPC019652 | ||
+ | 00:--:--:--:--:-- bobi13 | ||
+ | bc:--:--:--:--:-- ASUS_lgdp | ||
+ | </code> | ||
* ping all online IPs; with timeout | * ping all online IPs; with timeout |