TechQA.

SCAPY PYTHON - Get 802.11 DS Status

3.8k views Asked by At

I'm trying to use SCAPY to create a sniffing program to demonstrate 802.11 device association[s] and roles within an 802.11 network.

SCAPY has simple functions to identify Beacon frames, probe requests and probe responses. I'm trying to dig a bit deeper than that and do my own evaluation based upon the DS status to show all other traffic association[s].

What I cannot do it determine how to get the value of the DS status (00, 01,10,11). If determined, then I can handle the frame accordingly to get SOURCE, BSSID, RECEIVER, TRANSMITTER and DESTINATION to suit my code.

I have found that I should be able to get DS Status with tshark (wlan.fc.ds) so, if required, I could pass the frame to a tshark derived process; but I'd firstly like to attempt to do it all using SCAPY as I've only just started coding using SCAPY with PYTHON and I don't want to jump to other MAC frame analytical programs at the first hurdle.

In addition to creating my program to demonstrate device associations; I'm also using it as a tool means for me to learn more about 802.11, PYTHON and SCAPY therefore I wish to dig into each frame a bit, grouping them on the DS state. Thanks, Bob

python-2.7 scapy wifi
Original Q&A
1

There are 1 answers

4
Yoel On BEST ANSWER

Scapy's source code reveals that the To DS and From DS values reside within FCField (which stands for Frame Control Field):

class Dot11(Packet):
    name = "802.11"
    fields_desc = [
                    BitField("subtype", 0, 4),
                    BitEnumField("type", 0, 2, ["Management", "Control", "Data", "Reserved"]),
                    BitField("proto", 0, 2),
                    FlagsField("FCfield", 0, 8, ["to-DS", "from-DS", "MF", "retry", "pw-mgt", "MD", "wep", "order"]),
                    ShortField("ID",0),
                    MACField("addr1", ETHER_ANY),
                    Dot11Addr2MACField("addr2", ETHER_ANY),
                    Dot11Addr3MACField("addr3", ETHER_ANY),
                    Dot11SCField("SC", 0),
                    Dot11Addr4MACField("addr4", ETHER_ANY) 
                    ]

Therefore, once you've got hold of a Dot11 packet, you can inspect its DS status via the following code:

DS = pkt.FCfield & 0x3
to_DS = DS & 0x1 != 0
from_DS = DS & 0x2 != 0

Related Questions in PYTHON-2.7

Related Questions in SCAPY

Related Questions in WIFI

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions