0

Running everything on kali.
I found all wifi networks nearby and their BSSIDs. I am using a network card with monitor mode on. Now I want to find all clients that connected to that specific BSSID

Here is how this achieved with airodump-ng

airodump-ng -d "target's BSSID" -c "target's channel number" "wireless adapter monitor mode name"

I want to achieve the same effect using scapy.

Can't find any proper reference to achieve that.

Thanks

Alexander Gorelik
  • 3,985
  • 6
  • 37
  • 53
  • This might be relevant: https://stackoverflow.com/questions/38487752/scapy-2-7-3-in-monitor-mode. You probably want to disclose your OS. – Ross Jacobs Mar 17 '21 at 20:04
  • 1
    Using `from scapy.layers import dot11`, this should be semi-straight-forward. With an interface in monitor mode, you can see the raw 802.11 headers. You'd just need to look at all the frames coming in, filter out the ones with the wrong BSSID/irrelevant content, then look to see what MACs are associated with those frames. – Carcigenicate Mar 19 '21 at 14:03
  • When I've needed to see how to manipulate frames/packets, I'll load up a REPL, sniff some of the packets using `sniff`, do `packets[0].show()` to some packets to see a breakdown of the fields, and then try to manipulate the packets in the REPL. So far, it's proven to be a good way to figure out how to use scapy to manipulate traffic. – Carcigenicate Mar 19 '21 at 14:08
  • I was going to post an answer, but it's too flawed to be worth it. [Here's](https://gist.github.com/carcigenicate/f278a6e3260766c7a0dca68486c7f5cb) what I was going to post though. – Carcigenicate Mar 20 '21 at 00:15

1 Answers1

-1

NMap also has a python library that makes scanning much simpler. You can find the documentation here.

For example this is what a ping scan would look like:

 import nmap3 as nm
 nmap = nm.NmapScanTechniques()
 results = nm.nmap_ping_scan()
Nate Mendes
  • 1
  • 3