Didier Stevens

Tuesday 24 June 2008

Quickpost: WiFi Probe Request Logging with an AirPcap Adapter

Filed under: My Software,Quickpost,WiFi — Didier Stevens @ 9:10

As promised in my previous post, here is another Python program for the AirPcap adapter.

apc-pr-log parses the WiFi packets captured by the AirPcap adapter and logs all probe requests with a SSID. If you start the program without any option, it starts displaying every new MAC address (source address) and SSID captured while channel hopping:

(BTW, the MAC addresses and SSIDs in this screenshot are fake)

Every probe request is logged to file apc-pr-log.txt, except if the –nolog option is provided. A summary report is written to file apc-pr-log-report.txt for every full channel hopping cycle, and when the program is interrupted (CTRL-C). The channel hop interval is 0.5 seconds, and can be changed with the –interval option.

When the program is interrupted, the internal data is persisted to file apc-pr-log.pkl. The program can be resumed with the –resume option (this will read the previously persisted internal data from file apc-pr-log.pkl).

If you don’t want to see new MAC addresses displayed in the console, provide option –nonewclients. Likewise, use option –nonewssids to keep quiet about new SSIDs.

The last option is –exclude, this allows you to provide a list of MAC addresses and OUIs (as a text file) that should be excluded from displaying and reporting.

If you store the oui.txt file in the same directory as the apc-pr-log.py program, the program will use the OUI.txt file to display the organisations linked to the OUI.

Summary of the options:

  --version             show program's version number and exit
  -h, --help            show this help message and exit
  -e, --nonewssids      don't print new SSIDs
  -c, --nonewclients    don't print new clients
  -r, --resume          resume logging
  -l, --nolog           don't log each probe request
  -x EXCLUDE, --exclude=EXCLUDE
                        file with clients/OUIs to exclude from display and
                        report
  -i INTERVAL, --interval=INTERVAL
                        interval in seconds between channel hops

Quickpost info


2 Comments »

  1. [...] has given us another tool written in python, apc-pr-log, which uses the AirPcap adapter to log all probe requests with a SSID for easy viewing. [...]

    Pingback by Interesting Information Security Bits for June 24th, 2008 « Infosec Ramblings — Tuesday 24 June 2008 @ 18:25

  2. [...] the mean time, during my researches, I also found that a friend, Didier Stevens, published on his blog the same kind of script but for an AirCap adapter. Mine uses any adapter capable to be switched to [...]

    Pingback by Show me your SSID’s, I’ll Tell Who You Are! « /dev/random — Thursday 12 January 2012 @ 16:50


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 221 other followers

%d bloggers like this: