def proc_packet(self, p): if ( p.haslayer(Dot11Beacon) and p[Dot11Elt].info != "" and re.match( "[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]", p.addr2, ) ): mac = re.sub(":", "", p.addr2) timeStamp = datetime.datetime.fromtimestamp(int(p.time)) vendor = self.mv.lookup(mac[:6]) if self.hash_macs == "True": mac = snoop_hash(mac) if b64mode: ssid = b64encode(p[Dot11Elt].info) else: ssid = p[Dot11Elt].info.decode("utf-8", "ignore") try: sig_str = -(256 - ord(p.notdecoded[-4:-3])) # TODO: Use signal strength except: logging.error("Unable to extract signal strength") logging.error(p.summary()) self.prox.pulse(mac, timeStamp) self.ap_names.add((mac, ssid)) self.device_vendor.add((mac, vendor))
def proc_packet(self,p): if not p.haslayer(Dot11ProbeReq): return timeStamp = datetime.datetime.fromtimestamp(int(p.time)) mac = re.sub(':', '', p.addr2) vendor = self.mv.lookup(mac[:6]) if self.hash_macs == "True": mac = snoop_hash(mac) try: sig_str = -(256-ord(p.notdecoded[-4:-3])) #TODO: Use signal strength except: #logging.error("Unable to extract signal strength") pass self.prox.pulse(mac, timeStamp) #Using packet time instead of system time allows us to read pcaps self.device_vendor.add((mac,vendor[0],vendor[1])) if p[Dot11Elt].info != '': ssid = p[Dot11Elt].info.decode('utf-8') ssid = re.sub("\n", "", ssid) if self.verb > 1 and len(ssid) > 0: logging.info("Sub-plugin %s%s%s noted device %s%s%s (%s%s%s) probing for %s%s%s" % (GR,self.fname,G,GR,mac,G,GR,vendor[0],G,GR,ssid,G)) if len(ssid) > 0: self.client_ssids.add((mac,ssid))
def proc_packet(self, p): if not p.haslayer(Dot11ProbeReq): return timeStamp = datetime.datetime.fromtimestamp(int(p.time)) mac = re.sub(':', '', p.addr2) vendor = self.mv.lookup(mac[:6]) if self.hash_macs == "True": mac = snoop_hash(mac) try: sig_str = -(256 - ord(p.notdecoded[-4:-3]) ) #TODO: Use signal strength except: #logging.error("Unable to extract signal strength") pass self.prox.pulse( mac, timeStamp ) #Using packet time instead of system time allows us to read pcaps self.device_vendor.add((mac, vendor[0], vendor[1])) if p[Dot11Elt].info != '': ssid = p[Dot11Elt].info.decode('utf-8') ssid = re.sub("\n", "", ssid) if self.verb > 1 and len(ssid) > 0: logging.info( "Sub-plugin %s%s%s noted device %s%s%s (%s%s%s) probing for %s%s%s" % (GR, self.fname, G, GR, mac, G, GR, vendor[0], G, GR, ssid, G)) if len(ssid) > 0: self.client_ssids.add((mac, ssid))
def proc_packet(self, p): if p.haslayer(Ether) and p.haslayer(TCP) and hasattr(p[TCP], 'load'): data=p[TCP].load #mac = re.sub(':', '', p.addr2) mac = re.sub(':', '', p[Ether].src) if self.hash_macs == "True": mac = snoop_hash(mac) srl = re.search('(\$\w{8}-\w{4}-\w{4}-\w{4}-\w{13})', data) if srl: guid = srl.group(1) if (mac, guid) not in self.apple_guids: self.apple_guids[(mac, guid)] = 0 if self.verb > 0: logging.info("Sub-plugin %s%s%s observed new GUID: %s%s(%s)%s" % (GR,self.fname,G,GR,guid,mac,G))
def proc_packet(self, p): if p.haslayer(Ether) and p.haslayer(TCP) and hasattr(p[TCP], 'load'): data = p[TCP].load #mac = re.sub(':', '', p.addr2) mac = re.sub(':', '', p[Ether].src) if self.hash_macs == "True": mac = snoop_hash(mac) srl = re.search('(\$\w{8}-\w{4}-\w{4}-\w{4}-\w{13})', data) if srl: guid = srl.group(1) if (mac, guid) not in self.apple_guids: self.apple_guids[(mac, guid)] = 0 if self.verb > 0: logging.info( "Sub-plugin %s%s%s observed new GUID: %s%s(%s)%s" % (GR, self.fname, G, GR, guid, mac, G))
def proc_packet(self, p): if p.haslayer(Dot11Beacon) and p[Dot11Elt].info != '' and re.match( "[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]", p.addr2): mac = re.sub(':', '', p.addr2) timeStamp = datetime.datetime.fromtimestamp(int(p.time)) vendor = self.mv.lookup(mac[:6]) if self.hash_macs == "True": mac = snoop_hash(mac) if b64mode: ssid = b64encode(p[Dot11Elt].info) else: ssid = p[Dot11Elt].info.decode('utf-8', 'ignore') try: sig_str = -(256 - ord(p.notdecoded[-4:-3]) ) #TODO: Use signal strength except: logging.error("Unable to extract signal strength") logging.error(p.summary()) self.prox.pulse(mac, timeStamp) self.ap_names.add((mac, ssid)) self.device_vendor.add((mac, vendor))