0

I'm able to sniff RTS packets without a problem. I'm also able to utilize 'sendp' to send CTS packets. What I'm unable to figure out is how to have Scapy sniff RTS packets and reply to those RTS's with a crafted CTS in real-time. The intent is to send a CTS for every RTS that my AWUS036ACH can hear regardless of the intended device.

import os
import time
from threading import Thread
from scapy.layers.all import Dot11,Dot11Elt,RadioTap,sniff,sendp

def change_channel():
    ch = 1
    while True:
        try:
            os.system(f"iwconfig {iface} channel {ch}")
            ch = ch % 14 + 1
            time.sleep(1)
        except KeyboardInterrupt:
            break

if __name__ == "__main__":
    iface = "wlan0"
    channel_changer = Thread(target=change_channel)
    channel_changer.daemon = True
    channel_changer.start()

def PacketHandler(packet):
    if packet.haslayer(Dot11):
        if packet.type==1 and packet.subtype==11:
            rts_list.append(bssid)
            bssid = packet[Dot11].addr2
            print("MAC: %s" %(bssid))

sniff(iface=iface, prn=PacketHandler)

i=1
while 1:
    time.sleep(.100)
    i = i + 1

    dot11 = Dot11(type=1, subtype=12, addr1=bssid,ID=0x99)
    pkt = RadioTap()/dot11
    sendp(pkt,iface=iface, realtime=True)
rhax07
  • 11
  • 1

1 Answers1

0

Why don't you try to add sendp inside your PacketHandler function? The logic goes like this:

  1. PacketHandler is called upon every received frame
  2. You check whether it's an RTS frame, extract all of the necessary info you need to send a CTS frame
  3. Call sendp with received info

There are ways to write ARP response utilities, take a look for ideas.

My concern is whether it's possible to send a frame while your adapter is put in monitor mode. Unfortunately I can't test it right now.

Recommendation. Try to use BPF filter with sniff. It goes like this: sniff(iface=iface, filter="type ctl subtype rts", prn=PacketHandler) And get rid of testing for frame type inside you PacketHandler. This way you will filter for RTS on a kernel level thus performance is increased. Scapy itself can easily miss RTS frames in a dense wireless environment. For more BPF filters applied to 802.11 check man pcap-filter.

ttl256
  • 46
  • 4
  • Thank you for the assistance and recommendation. I've moved the sendp inside the PacketHandler function, but I'm not quite sure how much of that function I'd need to remove in order to replace it with your recommended BPF filter. I guess I'm asking which lines specifically test for frame type? – rhax07 Feb 04 '21 at 18:26