Re^5: Net::Pcap with wireless

Try this. It's a little better, but needs some work:-)

#!/usr/bin/perl 

use strict;
use warnings;
use Net::Pcap;
use NetPacket::Ethernet;
use NetPacket::IP;
use NetPacket::TCP;

my $err;
my $type = 'DLT_IEEE802_11';
my $dev  = Net::Pcap::lookupdev( \$err );
if ( defined $err ) {
    die "Unable to determine network device for monitoring - ", $err;
}

my ( $addr, $net, $mask );
if ( Net::Pcap::lookupnet( $dev, \$net, \$mask, \$err ) ) {
    die "Unable to look up device information for ", $dev, " - ", $err
+;
}
print STDOUT "${dev}: addr/mask -> $addr/$mask\n";

my $WiFiobject = Net::Pcap::open_live( $dev, 2048, 1, -1, \$err );
my $w802 = Net::Pcap::datalink($type);
Net::Pcap::set_datalink( $WiFiobject, $w802 );
unless ( defined $WiFiobject ) {
    die 'Unable to create packet capture on device ', $dev, ' - ', $er
+r;
}
die 'Unable to perform packet capture'
  unless Net::Pcap::loop( $WiFiobject, -1, \&syn_packets, '' );
Net::Pcap::close($WiFiobject);

sub syn_packets {
    my ( $user_data, $header, $packet ) = @_;
    my $macaddr = NetPacket::Ethernet->decode($packet);
    print "$macaddr->{'src_mac'},  $macaddr->{'dest_mac'}\n";

}
[download]

Update: Making some progress. This is better still. I added Net::Pcap::FindDevice


#!/usr/bin/perl 

use strict;
use warnings;
use Data::Dumper;
use Net::Pcap;
use Net::Pcap::FindDevice;
use NetPacket::Ethernet;
use NetPacket::IP;
use NetPacket::TCP;

my $err;
my $type = 'DLT_IEEE802_11';
my $dev  = find_device($ARGV[0]);
my ( $addr, $net, $mask );
if ( Net::Pcap::lookupnet( $dev, \$net, \$mask, \$err ) ) {
    die "Unable to look up device information for ", $dev, " - ", $err
+;
}
print STDOUT "${dev}: addr/mask -> $addr/$mask\n";

my $WiFiobject = Net::Pcap::open_live( $dev, 128000, -1, 500, \$err );
my $w802 = Net::Pcap::datalink_name_to_val($type);
Net::Pcap::set_datalink( $WiFiobject, $w802 );
unless ( defined $WiFiobject ) {
    die 'Unable to create packet capture on device ', $dev, ' - ', $er
+r;
}
die 'Unable to perform packet capture'
  unless Net::Pcap::loop( $WiFiobject, -1, \&syn_packets, '' );
print Dumper ($WiFiobject);

Net::Pcap::close($WiFiobject);

sub syn_packets {
    my ( $user_data, $header, $packet ) = @_;
    my $macaddr = NetPacket::Ethernet->decode($packet);
    print "$macaddr->{'src_mac'},  $macaddr->{'dest_mac'}\n";

}
[download]

Comment on Re^5: Net::Pcap with wireless Select or Download Code

Replies are listed 'Best First'.
Re^6: Net::Pcap with wireless by trevelyn (Novice) on Oct 26, 2009 at 02:40 UTC
works perfectly with wired ethernet. I can do that with the first version i posted, but when i use wireless i get errors `Unable to look up device information for wifi - wifi: no IPv4 address +assigned at catchme-ng.pl line 17.` [download] so i comment that part out and it sniffs! But it thinks all source MAC addresses are elite: `wifi: addr/mask -> / 000031333337, 440000009000 000031333337, 440000009000 ^C` [download] :( I feel like i am so close. I just need to sniff MAC addresses from wireless packets (ALL). like Airodump-ng does.	[reply] [d/l] [select]
Re^7: Net::Pcap with wireless by traveler (Parson) on Nov 02, 2009 at 23:18 UTC
in khen1950fx's code `my $dev = find_device($ARGV[0]);` says that the name "wifi" printed in the error message is retrieved from `$ARGV[0]`. You call your device `wlan0` not `wifi`. Maybe try `wlan0` as the argument?	[reply] [d/l] [select]