def proc_packet(self, p):
if (
p.haslayer(Dot11Beacon)
and p[Dot11Elt].info != ""
and re.match(
"[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]",
p.addr2,
)
):
mac = re.sub(":", "", p.addr2)
timeStamp = datetime.datetime.fromtimestamp(int(p.time))
vendor = self.mv.lookup(mac[:6])
if self.hash_macs == "True":
mac = snoop_hash(mac)
if b64mode:
ssid = b64encode(p[Dot11Elt].info)
else:
ssid = p[Dot11Elt].info.decode("utf-8", "ignore")
try:
sig_str = -(256 - ord(p.notdecoded[-4:-3])) # TODO: Use signal strength
except:
logging.error("Unable to extract signal strength")
logging.error(p.summary())
self.prox.pulse(mac, timeStamp)
self.ap_names.add((mac, ssid))
self.device_vendor.add((mac, vendor))
def proc_packet(self,p):
if not p.haslayer(Dot11ProbeReq):
return
timeStamp = datetime.datetime.fromtimestamp(int(p.time))
mac = re.sub(':', '', p.addr2)
vendor = self.mv.lookup(mac[:6])
if self.hash_macs == "True":
mac = snoop_hash(mac)
try:
sig_str = -(256-ord(p.notdecoded[-4:-3])) #TODO: Use signal strength
except:
#logging.error("Unable to extract signal strength")
pass
self.prox.pulse(mac, timeStamp) #Using packet time instead of system time allows us to read pcaps
self.device_vendor.add((mac,vendor[0],vendor[1]))
if p[Dot11Elt].info != '':
ssid = p[Dot11Elt].info.decode('utf-8')
ssid = re.sub("\n", "", ssid)
if self.verb > 1 and len(ssid) > 0:
logging.info("Sub-plugin %s%s%s noted device %s%s%s (%s%s%s) probing for %s%s%s" % (GR,self.fname,G,GR,mac,G,GR,vendor[0],G,GR,ssid,G))
if len(ssid) > 0:
self.client_ssids.add((mac,ssid))
def proc_packet(self, p):
if not p.haslayer(Dot11ProbeReq):
return
timeStamp = datetime.datetime.fromtimestamp(int(p.time))
mac = re.sub(':', '', p.addr2)
vendor = self.mv.lookup(mac[:6])
if self.hash_macs == "True":
mac = snoop_hash(mac)
try:
sig_str = -(256 - ord(p.notdecoded[-4:-3])
) #TODO: Use signal strength
except:
#logging.error("Unable to extract signal strength")
pass
self.prox.pulse(
mac, timeStamp
) #Using packet time instead of system time allows us to read pcaps
self.device_vendor.add((mac, vendor[0], vendor[1]))
if p[Dot11Elt].info != '':
ssid = p[Dot11Elt].info.decode('utf-8')
ssid = re.sub("\n", "", ssid)
if self.verb > 1 and len(ssid) > 0:
logging.info(
"Sub-plugin %s%s%s noted device %s%s%s (%s%s%s) probing for %s%s%s"
% (GR, self.fname, G, GR, mac, G, GR, vendor[0], G, GR,
ssid, G))
if len(ssid) > 0:
self.client_ssids.add((mac, ssid))
def proc_packet(self, p):
if p.haslayer(Ether) and p.haslayer(TCP) and hasattr(p[TCP], 'load'):
data=p[TCP].load
#mac = re.sub(':', '', p.addr2)
mac = re.sub(':', '', p[Ether].src)
if self.hash_macs == "True":
mac = snoop_hash(mac)
srl = re.search('(\$\w{8}-\w{4}-\w{4}-\w{4}-\w{13})', data)
if srl:
guid = srl.group(1)
if (mac, guid) not in self.apple_guids:
self.apple_guids[(mac, guid)] = 0
if self.verb > 0:
logging.info("Sub-plugin %s%s%s observed new GUID: %s%s(%s)%s" % (GR,self.fname,G,GR,guid,mac,G))
def proc_packet(self, p):
if p.haslayer(Ether) and p.haslayer(TCP) and hasattr(p[TCP], 'load'):
data = p[TCP].load
#mac = re.sub(':', '', p.addr2)
mac = re.sub(':', '', p[Ether].src)
if self.hash_macs == "True":
mac = snoop_hash(mac)
srl = re.search('(\$\w{8}-\w{4}-\w{4}-\w{4}-\w{13})', data)
if srl:
guid = srl.group(1)
if (mac, guid) not in self.apple_guids:
self.apple_guids[(mac, guid)] = 0
if self.verb > 0:
logging.info(
"Sub-plugin %s%s%s observed new GUID: %s%s(%s)%s" %
(GR, self.fname, G, GR, guid, mac, G))
def proc_packet(self, p):
if p.haslayer(Dot11Beacon) and p[Dot11Elt].info != '' and re.match(
"[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]",
p.addr2):
mac = re.sub(':', '', p.addr2)
timeStamp = datetime.datetime.fromtimestamp(int(p.time))
vendor = self.mv.lookup(mac[:6])
if self.hash_macs == "True":
mac = snoop_hash(mac)
if b64mode:
ssid = b64encode(p[Dot11Elt].info)
else:
ssid = p[Dot11Elt].info.decode('utf-8', 'ignore')
try:
sig_str = -(256 - ord(p.notdecoded[-4:-3])
) #TODO: Use signal strength
except:
logging.error("Unable to extract signal strength")
logging.error(p.summary())
self.prox.pulse(mac, timeStamp)
self.ap_names.add((mac, ssid))
self.device_vendor.add((mac, vendor))
