def get_vendor_for_mac(mac):
"""
mac -- First bytes of mac address as "AA:BB:CC" (uppercase!) or byte representation b"\xAA\xBB\xCC\xDD\xEE\xFF"
return -- found vendor string or empty string
"""
if len(MAC_VENDOR) == 0:
_load_mac_vendor()
if type(mac) == bytes:
# assume byte representation: convert to AA:BB:CC"
mac = pypacker.mac_bytes_to_str(mac)[0:8]
try:
return MAC_VENDOR[mac]
except KeyError:
return ""
def get_vendor_for_mac(mac): """ mac -- First bytes of mac address as "AA:BB:CC" (uppercase!) or byte representation b"\xAA\xBB\xCC\xDD\xEE\xFF" return -- found vendor string or empty string """ if len(MAC_VENDOR) == 0: _load_mac_vendor() if type(mac) == bytes: # assume byte representation: convert to AA:BB:CC" mac = pypacker.mac_bytes_to_str(mac)[0:8] try: return MAC_VENDOR[mac] except KeyError: return ""
def get_vendor_for_mac(mac):
"""
mac -- First three bytes of mac address at minimum eg "AA:BB:CC...", "AABBCC..." or
byte representation b"\xaa\xbb\xcc\xdd\xee\xff"
return -- found vendor string or empty string
"""
if len(MAC_VENDOR) == 1:
return ""
if len(MAC_VENDOR) == 0:
_load_mac_vendor()
# avoid loading next time
if len(MAC_VENDOR) == 0:
MAC_VENDOR["test"] = "test"
if type(mac) == bytes:
# b"\xaa\xbb\xcc\xdd\xee\xff" -> AA:BB:CC:DD:EE:FF -> AABBCC"
mac = pypacker.mac_bytes_to_str(mac)[0:8].replace(":", "")
else:
# AA:BB:CC -> AABBCC
mac = str.upper(mac.replace(":", "")[0:6])
#logger.debug("searching mac %s", mac)
return MAC_VENDOR.get(mac, "")
def dhcpProcess(pkt, layer, ts, DiscoverOptionsExactList, DiscoverOptionsPartialList, RequestOptionsExactList, RequestOptionsPartialList, ReleaseOptionsExactList, ReleaseOptionsPartialList, ACKOptionsExactList, ACKOptionsPartialList, AnyOptionsExactList, AnyOptionsPartialList, InformOptionsExactList, InformOptionsPartialList, DiscoverOption55ExactList, DiscoverOption55PartialList, RequestOption55ExactList, RequestOption55PartialList, ReleaseOption55ExactList, ReleaseOption55PartialList, ACKOption55ExactList, ACKOption55PartialList, AnyOption55ExactList, AnyOption55PartialList, InformOption55ExactList, InformOption55PartialList, DiscoverVendorCodeExactList, DiscoverVendorCodePartialList, RequestVendorCodeExactList, RequestVendorCodePartialList, ReleaseVendorCodeExactList, ReleaseVendorCodePartialList, ACKVendorCodeExactList, ACKVendorCodePartialList, AnyVendorCodeExactList, AnyVendorCodePartialList, InformVendorCodeExactList, InformVendorCodePartialList, DiscoverTTLExactList, DiscoverTTLPartialList, RequestTTLExactList, RequestTTLPartialList, ReleaseTTLExactList, ACKTTLExactList, AnyTTLExactList, InformTTLExactList, ACKTTLPartialList, AnyTTLPartialList, InformTTLPartialList, NAKOptionsPartialList, NAKOptionsExactList, NAKOption55PartialList, NAKOption55ExactList, NAKVendorCodePartialList, NAKVendorCodeExactList, NAKTTLPartialList, NAKTTLExactList, OfferOptionsPartialList, OfferOptionsExactList, OfferOption55PartialList, OfferOption55ExactList, OfferVendorCodePartialList, OfferVendorCodeExactList, OfferTTLPartialList, OfferTTLExactList, DeclineOptionsPartialList, DeclineOptionsExactList, DeclineOption55PartialList, DeclineOption55ExactList, DeclineVendorCodePartialList, DeclineVendorCodeExactList, DeclineTTLPartialList, DeclineTTLExactList):
if layer == 'eth':
src_mac = pkt[ethernet.Ethernet].src_s
else:
#fake filler mac for all the others that don't have it, may have to add some elif above
src_mac = '00:00:00:00:00:00'
ip4 = pkt.upper_layer
udp1 = pkt.upper_layer.upper_layer
fingerprintOptions = None
fingerprintOption55 = None
fingerprintVendorCode = None
timeStamp = datetime.utcfromtimestamp(ts).isoformat()
dhcp1 = pkt[dhcp.DHCP]
MessageType=getDHCPMessageType(dhcp1.op)
clientAddr = dhcp1.ciaddr_s
yourAddr = dhcp1.yiaddr_s
nextServerAddr = dhcp1.siaddr_s
relayServerAddr = dhcp1.giaddr_s
clientMAC = pypacker.mac_bytes_to_str(dhcp1.chaddr[0:6]) #dump the padding is pypacker copies it all together
[options, messageType, option55, vendorCode] = getDHCPOptions(dhcp1.opts)
osGuessOptions = ''
osGuessOption55 = ''
osGuessVendorCode = ''
if messageType == 'Discover':
if options != '':
osGuessOptions = DHCPFingerprintLookup(DiscoverOptionsExactList, DiscoverOptionsPartialList, options)
fingerprintOptions = clientAddr + ';' + clientMAC + ';DHCP;' + messageType + ';Options;' + options + ';' + osGuessOptions
if option55 != '':
osGuessOption55 = DHCPFingerprintLookup(DiscoverOption55ExactList, DiscoverOption55PartialList, option55)
fingerprintOption55 = clientAddr + ';' + clientMAC + ';DHCP;' + messageType + ';Option55;' + option55 + ';' + osGuessOption55
if vendorCode != '':
osGuessVendorCode = DHCPFingerprintLookup(DiscoverVendorCodeExactList, DiscoverVendorCodePartialList, vendorCode)
fingerprintVendorCode = clientAddr + ';' + clientMAC + ';DHCP;' + messageType + ';VendorCode;' + vendorCode + ';' + osGuessVendorCode
elif messageType == 'Offer':
if options != '':
osGuessOptions = DHCPFingerprintLookup(OfferOptionsExactList, OfferOptionsPartialList, options)
fingerprintOptions = ip4.src_s + ';' + src_mac + ';DHCP;' + messageType + ';Options;' + options + ';' + osGuessOptions
if option55 != '':
osGuessOption55 = DHCPFingerprintLookup(OfferOption55ExactList, OfferOption55PartialList, option55)
fingerprintOption55 = ip4.src_s + ';' + src_mac + ';DHCP;' + messageType + ';Option55;' + option55 + ';' + osGuessOption55
if vendorCode != '':
osGuessVendorCode = DHCPFingerprintLookup(OfferVendorCodeExactList, OfferVendorCodePartialList, vendorCode)
fingerprintVendorCode = ip4.src_s + ';' + src_mac + ';DHCP;' + messageType + ';VendorCode;' + vendorCode + ';' + osGuessVendorCode
elif messageType == 'Request':
if options != '':
osGuessOptions = DHCPFingerprintLookup(RequestOptionsExactList, RequestOptionsPartialList, options)
fingerprintOptions = clientAddr + ';' + clientMAC + ';DHCP;' + messageType + ';Options;' + options + ';' + osGuessOptions
if option55 != '':
osGuessOption55 = DHCPFingerprintLookup(RequestOption55ExactList, RequestOption55PartialList, option55)
fingerprintOption55 = clientAddr + ';' + clientMAC + ';DHCP;' + messageType + ';Option55;' + option55 + ';' + osGuessOption55
if vendorCode != '':
osGuessVendorCode = DHCPFingerprintLookup(RequestVendorCodeExactList, RequestVendorCodePartialList, vendorCode)
fingerprintVendorCode = clientAddr + ';' + clientMAC + ';DHCP;' + messageType + ';VendorCode;' + vendorCode + ';' + osGuessVendorCode
elif messageType == 'Decline':
if options != '':
osGuessOptions = DHCPFingerprintLookup(DeclineOptionsExactList, DeclineOptionsPartialList, options)
fingerprintOptions = clientAddr + ';' + clientMAC + ';DHCP;' + messageType + ';Options;' + options + ';' + osGuessOptions
if option55 != '':
osGuessOption55 = DHCPFingerprintLookup(DeclineOption55ExactList, DeclineOption55PartialList, option55)
fingerprintOption55 = clientAddr + ';' + clientMAC + ';DHCP;' + messageType + ';Option55;' + option55 + ';' + osGuessOption55
if vendorCode != '':
osGuessVendorCode = DHCPFingerprintLookup(DeclineVendorCodeExactList, DeclineVendorCodePartialList, vendorCode)
fingerprintVendorCode = clientAddr + ';' + clientMAC + ';DHCP;' + messageType + ';VendorCode;' + vendorCode + ';' + osGuessVendorCode
elif messageType == 'ACK':
if options != '':
osGuessOptions = DHCPFingerprintLookup(ACKOptionsExactList, ACKOptionsPartialList, options)
fingerprintOptions = ip4.src_s + ';' + src_mac + ';DHCP;' + messageType + ';Options;' + options + ';' + osGuessOptions
if option55 != '':
osGuessOption55 = DHCPFingerprintLookup(ACKOption55ExactList, ACKOption55PartialList, option55)
fingerprintOption55 = ip4.src_s + ';' + src_mac + ';DHCP;' + messageType + ';Option55;' + option55 + ';' + osGuessOption55
if vendorCode != '':
osGuessVendorCode = DHCPFingerprintLookup(ACKVendorCodeExactList, ACKVendorCodePartialList, vendorCode)
fingerprintVendorCode = ip4.src_s + ';' + src_mac + ';DHCP;' + messageType + ';VendorCode;' + vendorCode + ';' + osGuessVendorCode
elif messageType == 'NAK':
if options != '':
osGuessOptions = DHCPFingerprintLookup(NAKOptionsExactList, NAKOptionsPartialList, options)
fingerprintOptions = ip4.src_s + ';' + src_mac + ';DHCP;' + messageType + ';Options;' + options + ';' + osGuessOptions
if option55 != '':
osGuessOption55 = DHCPFingerprintLookup(NAKOption55ExactList, NAKOption55PartialList, option55)
fingerprintOption55 = ip4.src_s + ';' + src_mac + ';DHCP;' + messageType + ';Option55;' + option55 + ';' + osGuessOption55
if vendorCode != '':
osGuessVendorCode = DHCPFingerprintLookup(NAKVendorCodeExactList, NAKVendorCodePartialList, vendorCode)
fingerprintVendorCode = ip4.src_s + ';' + src_mac + ';DHCP;' + messageType + ';VendorCode;' + vendorCode + ';' + osGuessVendorCode
elif messageType == 'Release':
if options != '':
osGuessOptions = DHCPFingerprintLookup(ReleaseOptionsExactList, ReleaseOptionsPartialList, options)
fingerprintOptions = clientAddr + ';' + clientMAC + ';DHCP;' + messageType + ';Options;' + options + ';' + osGuessOptions
if option55 != '':
osGuessOption55 = DHCPFingerprintLookup(ReleaseOption55ExactList, ReleaseOption55PartialList, option55)
fingerprintOption55 = clientAddr + ';' + clientMAC + ';DHCP;' + messageType + ';Option55;' + option55 + ';' + osGuessOption55
if vendorCode != '':
osGuessVendorCode = DHCPFingerprintLookup(ReleaseVendorCodeExactList, ReleaseVendorCodePartialList, vendorCode)
fingerprintVendorCode = clientAddr + ';' + clientMAC + ';DHCP;' + messageType + ';VendorCode;' + vendorCode + ';' + osGuessVendorCode
elif messageType == 'Inform':
if options != '':
osGuessOptions = DHCPFingerprintLookup(InformOptionsExactList, InformOptionsPartialList, options)
fingerprintOptions = clientAddr + ';' + clientMAC + ';DHCP;' + messageType + ';Options;' + options + ';' + osGuessOptions
if option55 != '':
osGuessOption55 = DHCPFingerprintLookup(InformOption55ExactList, InformOption55PartialList, option55)
fingerprintOption55 = clientAddr + ';' + clientMAC + ';DHCP;' + messageType + ';Option55;' + option55 + ';' + osGuessOption55
if vendorCode != '':
osGuessVendorCode = DHCPFingerprintLookup(InformVendorCodeExactList, InformVendorCodePartialList, vendorCode)
fingerprintVendorCode = clientAddr + ';' + clientMAC + ';DHCP;' + messageType + ';VendorCode;' + vendorCode + ';' + osGuessVendorCode
# need to revisit this when not printing them as this just makes noise right now.
# if messageType != None: #last ditch check against the 'any' field ones
# if options != '':
# osGuessOptions = DHCPFingerprintLookup(AnyOptionsExactList, AnyOptionsPartialList, options)
# print("%s;%s;%s;DHCP;%s;Options;%s;%s" % (timeStamp, clientAddr, clientMAC, messageType, options, osGuessOptions))
# if option55 != '':
# osGuessOption55 = DHCPFingerprintLookup(AnyOption55ExactList, AnyOption55PartialList, option55)
# print("%s;%s;%s;DHCP;%s;Option55;%s;%s" % (timeStamp, clientAddr, clientMAC, messageType, option55, osGuessOption55))
# if vendorCode != '':
# osGuessVendorCode = DHCPFingerprintLookup(AnyVendorCodeExactList, AnyVendorCodePartialList, vendorCode)
# print("%s;%s;%s;DHCP;%s;VendorCode;%s;%s" % (timeStamp, clientAddr, clientMAC, messageType, vendorCode, osGuessVendorCode))
return [timeStamp, fingerprintOptions, fingerprintOption55, fingerprintVendorCode]
print(prism.Prism(raw_bytes))
# grab some beacons on the current channel
bc_cnt = 0
for i in range(10):
raw_bytes = wlan_reader.recv()
# drvinfo = radiotap.Radiotap(raw_bytes)
drvinfo = prism.Prism(raw_bytes)
try:
beacon = drvinfo[ieee80211.IEEE80211.Beacon]
if beacon is None:
continue
mac_ap = drvinfo[ieee80211.IEEE80211.MGMTFrame].bssid
mac_ap = pypacker.mac_bytes_to_str(mac_ap)
# print("beacon: %s" % beacon)
# assume ascending order, 1st IE is Beacon
ie_ssid = beacon.ies[0].body_bytes
# Note: only for prism-header
print("bssid: %s, ssid: %s (Signal: -%d dB, Quality: %d)"
% (mac_ap,
ie_ssid,
0xffffffff ^ drvinfo.dids[3].value,
drvinfo.dids[4].value)
)
bc_cnt += 1
except Exception as e:
print(e)
if bc_cnt == 0:
print(prism.Prism(raw_bytes))
# grab some beacons on the current channel
bc_cnt = 0
for i in range(10):
raw_bytes = wlan_reader.recv()
# drvinfo = radiotap.Radiotap(raw_bytes)
drvinfo = prism.Prism(raw_bytes)
try:
beacon = drvinfo[ieee80211.IEEE80211.Beacon]
if beacon is None:
continue
mac_ap = drvinfo[ieee80211.IEEE80211.MGMTFrame].bssid
mac_ap = pypacker.mac_bytes_to_str(mac_ap)
# print("beacon: %s" % beacon)
# assume ascending order, 1st IE is Beacon
ie_ssid = beacon.ies[0].body_bytes
# Note: only for prism-header
print("bssid: %s, ssid: %s (Signal: -%d dB, Quality: %d)" %
(mac_ap, ie_ssid, 0xffffffff ^ drvinfo.dids[3].value,
drvinfo.dids[4].value))
bc_cnt += 1
except Exception as e:
print(e)
if bc_cnt == 0:
print("got no beacons, try to change channel or get closer to the AP")
wlan_reader.close()
except socket.error as e:
