I filter for Association Requests using Scapy's sniff:
sniff(iface=INTERFACE, filter="type mgt subtype assoc-req", prn=assoc_req_parse, store=0)
When I run this on my Macbook this error occurs:
Traceback (most recent call last):
File "assoc_req.py", line 63, in <module>
main()
File "assoc_req.py", line 61, in main
sniff(iface=INTERFACE, filter="type mgt subtype assoc-req", prn=assoc_req_parse, store=0)
File "~/env/lib/python3.8/site-packages/scapy/sendrecv.py", line 1036, in sniff
sniffer._run(*args, **kwargs)
File "~/env/lib/python3.8/site-packages/scapy/sendrecv.py", line 906, in _run
sniff_sockets[L2socket(type=ETH_P_ALL, iface=iface,
File "~/env/lib/python3.8/site-packages/scapy/arch/bpf/supersocket.py", line 242, in __init__
super(L2bpfListenSocket, self).__init__(*args, **kwargs)
File "~/env/lib/python3.8/site-packages/scapy/arch/bpf/supersocket.py", line 118, in __init__
attach_filter(self.ins, filter, self.iface)
File "~/env/lib/python3.8/site-packages/scapy/arch/bpf/core.py", line 119, in attach_filter
bp = compile_filter(bpf_filter, iface)
File "~/env/lib/python3.8/site-packages/scapy/arch/common.py", line 128, in compile_filter
raise Scapy_Exception(
scapy.error.Scapy_Exception: Failed to compile filter expression type mgt subtype assoc-req (-1)
The syntax "type mgt subtype assoc-req" is BPF compatible (see man pcap-filter).
For Macbook I set INTERFACE = "en0"
I tried this on a Linux machine with INTERFACE = "wlan0" and all works as expected, Scapy does compile this filter correctly.
My best guess is that Scapy can't detect link-type for en0 to set an 802.11 filter because it treats en0 as an Ethernet 802.3 interface.
Update. When I run sudo tcpdump -Ini en0 type mgt subtype assoc-req it works, it filters for assoc-req without problems.
