Created
February 2, 2024 00:47
-
-
Save pansila/388924a6fec537580dbd38d3d695c29f to your computer and use it in GitHub Desktop.
A scaffold script to check ieee80211 sniffer trace for specified IEs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##!/usr/bin/env python3 | |
| import os | |
| import sys | |
| import argparse | |
| import random | |
| from pathlib import Path | |
| from multiprocessing import Pool | |
| import gzip | |
| from scapy.all import * | |
| # temporary place to extrace raw trace from gzip compressed file | |
| TEMP = Path(r"C:\Users\zaxon.zhou\temp") / str(random.randrange(1000000)) | |
| BLOCK_SIZE = 4096 * 4096 | |
| def main(args): | |
| not TEMP.exists() and TEMP.mkdir() | |
| file_list = [] | |
| if Path(args.trace).is_dir(): | |
| for root, _, files in os.walk(args.trace): | |
| for file in files: | |
| if 'map' in file: | |
| continue | |
| if file.endswith('.pcapng.gz'): | |
| output_name = TEMP / file[:-3] | |
| with gzip.open(os.path.join(root, file), 'rb') as input, open(output_name, 'wb') as output: | |
| data = input.read(BLOCK_SIZE) | |
| output.write(data) | |
| file_list.append(str(output_name)) | |
| continue | |
| if not file.endswith('.pcapng'): | |
| continue | |
| file_list.append(os.path.join(root, file)) | |
| else: | |
| file_list.append(args.trace) | |
| pool_sz = min(len(file_list), 10) | |
| with Pool(pool_sz) as p: | |
| p.map(parse_file, file_list) | |
| def parse_file(file): | |
| print(f'parsing {file=}') | |
| if os.path.getsize(file) == 0: | |
| return | |
| scapy_cap = PcapReader(str(file)) | |
| for idx, packet in enumerate(scapy_cap): | |
| # find beacons | |
| if packet.haslayer(Dot11) and packet.type == 0 and packet.subtype == 8: | |
| ta = str(packet.addr2) | |
| # filter our AP's frames | |
| if ta.startswith("64:f9:47:00:00"): | |
| #elem_layers = packet.getlayer(Dot11Elt).layers() | |
| #for elem in elem_layers: | |
| # print(elem.ID.i2h(elem, ), elem.len, elem.info) | |
| elem = packet.getlayer(Dot11Elt, ID=63) | |
| if elem: | |
| print(f'found one - pkt no. {idx+1}') | |
| break | |
| if __name__ == "__main__": | |
| parser = argparse.ArgumentParser() | |
| parser.add_argument("trace", help="the file path of the sniffer trace") | |
| args = parser.parse_args() | |
| sys.exit(main(args)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment