I'm trying to use SCAPY to create a sniffing program to demonstrate 802.11 device association[s] and roles within an 802.11 network.
SCAPY has simple functions to identify Beacon frames, probe requests and probe responses. I'm trying to dig a bit deeper than that and do my own evaluation based upon the DS status to show all other traffic association[s].
What I cannot do it determine how to get the value of the DS status (00, 01,10,11). If determined, then I can handle the frame accordingly to get SOURCE, BSSID, RECEIVER, TRANSMITTER and DESTINATION to suit my code.
I have found that I should be able to get DS Status with tshark (wlan.fc.ds) so, if required, I could pass the frame to a tshark derived process; but I'd firstly like to attempt to do it all using SCAPY as I've only just started coding using SCAPY with PYTHON and I don't want to jump to other MAC frame analytical programs at the first hurdle.
In addition to creating my program to demonstrate device associations; I'm also using it as a tool means for me to learn more about 802.11, PYTHON and SCAPY therefore I wish to dig into each frame a bit, grouping them on the DS state. Thanks, Bob
Scapy's source code reveals that the To DS and From DS values reside within FCField (which stands for Frame Control Field):
class Dot11(Packet):
name = "802.11"
fields_desc = [
BitField("subtype", 0, 4),
BitEnumField("type", 0, 2, ["Management", "Control", "Data", "Reserved"]),
BitField("proto", 0, 2),
FlagsField("FCfield", 0, 8, ["to-DS", "from-DS", "MF", "retry", "pw-mgt", "MD", "wep", "order"]),
ShortField("ID",0),
MACField("addr1", ETHER_ANY),
Dot11Addr2MACField("addr2", ETHER_ANY),
Dot11Addr3MACField("addr3", ETHER_ANY),
Dot11SCField("SC", 0),
Dot11Addr4MACField("addr4", ETHER_ANY)
]
Therefore, once you've got hold of a Dot11 packet, you can inspect its DS status via the following code:
DS = pkt.FCfield & 0x3
to_DS = DS & 0x1 != 0
from_DS = DS & 0x2 != 0
来源:https://stackoverflow.com/questions/30811426/scapy-python-get-802-11-ds-status