1

I have written a sniffer using scapy. It tries to get the probe request packets. My program runs fine for about 8-10 mins, then, it suddenly stops sniffing the probe requests after throwing socket closed warning. I didn't find any information regarding this on google. Why am i getting this error?

ERROR:

WARNING: Socket <scapy.arch.linux.L2ListenSocket object at 0x15c4140> failed with ''. It was closed.

Steps:

  1. Enter monitor mode:
ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up
  1. Run airodump-ng in background:
airodump-ng wlan0 &
  1. Run my script
./my_script.py

Output:

[  329.993891] device wlan0 entered promiscuous mode
02-Jun-2021, 23:12:04 , ff:ff:ff:ff:ff:ff <mac_address> dbm_signal= -91 , freq= 2427 , 802.11 Probe Request ---> 
Unknown OUI --- Unknown OUI
.
.
. (After about 8-10 minutes)
.
.
[  898.806823] device wlan0 left promiscuous mode
WARNING: Socket <scapy.arch.linux.L2ListenSocket object at 0x12d4200> failed with ''. It was closed.

My script has nothing but this normal scapy code for accessing mac address of both client and ap, ssid and channel etc as shown below. Then just printing these.

            dot11_layer = pkt.getlayer(Dot11)                                
            addr1= dot11_layer.addr1
            addr2= dot11_layer.addr2
            payload_name= dot11_layer.payload.name
            ssid= pkt[Dot11Elt].info.decode()
Sourabrt
  • 2,126
  • 2
  • 8
  • 22
  • The `-ng` suite tends to mess with the state of the card afaik. I wouldn't try to run `scapy` code on the same wireless interface that `airodump-ng` is on. – Carcigenicate Jun 02 '21 at 20:31
  • @Carcigenicate: I ran this script without airodump-ng as well. I didn't get as many packets as i did when I had airodump-ng running because channel hopping isn't taking place. But even then, my script just gives this warning and hangs after about 10 minutes. My script has nothing but this normal scapy code for accessing mac address of both client and ap, ssid and channel etc. ``` dot11_layer = pkt.getlayer(Dot11) addr1= dot11_layer.addr1 addr2= dot11_layer.addr2 payload_name= dot11_layer.payload.name ssid= pkt[Dot11Elt].info.decode() ``` – Sourabrt Jun 03 '21 at 04:45
  • If you want, I can give you some simple Python code I wrote that carries out channel hopping so you don't need to rely on an external program, for the sake of simplifying. I can't explain the crash though, sorry. – Carcigenicate Jun 03 '21 at 12:09
  • @Carcigenicate: If you can, that'll be really great. Thank you. – Sourabrt Jun 03 '21 at 12:27
  • [Here's](https://gist.github.com/carcigenicate/b2f9b1247e2ea8fbae793d9211f3e8a6) a quick gist a made with the code. You may want to double check the output of `get_supported_channels` just in case your machine gives different output for `iwlist`. – Carcigenicate Jun 03 '21 at 13:48

0 Answers0