Didier Stevens

As promised in my previous post, here is another Python program for the AirPcap adapter.

apc-pr-log parses the WiFi packets captured by the AirPcap adapter and logs all probe requests with a SSID. If you start the program without any option, it starts displaying every new MAC address (source address) and SSID captured while channel hopping:

(BTW, the MAC addresses and SSIDs in this screenshot are fake)

Every probe request is logged to file apc-pr-log.txt, except if the –nolog option is provided. A summary report is written to file apc-pr-log-report.txt for every full channel hopping cycle, and when the program is interrupted (CTRL-C). The channel hop interval is 0.5 seconds, and can be changed with the –interval option.

When the program is interrupted, the internal data is persisted to file apc-pr-log.pkl. The program can be resumed with the –resume option (this will read the previously persisted internal data from file apc-pr-log.pkl).

If you don’t want to see new MAC addresses displayed in the console, provide option –nonewclients. Likewise, use option –nonewssids to keep quiet about new SSIDs.

The last option is –exclude, this allows you to provide a list of MAC addresses and OUIs (as a text file) that should be excluded from displaying and reporting.

If you store the oui.txt file in the same directory as the apc-pr-log.py program, the program will use the OUI.txt file to display the organisations linked to the OUI.

Summary of the options:

  --version             show program's version number and exit
  -h, --help            show this help message and exit
  -e, --nonewssids      don't print new SSIDs
  -c, --nonewclients    don't print new clients
  -r, --resume          resume logging
  -l, --nolog           don't log each probe request
  -x EXCLUDE, --exclude=EXCLUDE
                        file with clients/OUIs to exclude from display and
                        report
  -i INTERVAL, --interval=INTERVAL
                        interval in seconds between channel hops

Quickpost info