Extracting vendor info from Probe Request using Scapy
Trying to extract the vendor information (Apple, Samsung, etc) from Probe Request coming from mobile, So far no luck. Not sure where the corrections to be made to get this info.
Adding my code:
import codecs
from scapy.all import *
from netaddr import *
def handler(p):
if not (p.haslayer(Dot11ProbeResp) or p.haslayer(Dot11ProbeReq) or p.haslayer(Dot11Beacon)):
return
rssi = p[RadioTap].dBm_AntSignal
dst_mac = p[Dot11].addr1
src_mac = p[Dot11].addr2
ap_mac = p[Dot11].addr2
global macf
maco = EUI(src_mac)
try:
macf = maco.oui.registration().org
except NotRegisteredError:
macf = "Not available"
info = f"rssi={rssi:2}dBm, dst={dst_mac}, src={src_mac}, ap={ap_mac}, manf= {macf}"
if p.haslayer(Dot11ProbeReq):
stats = p[Dot11ProbeReq].network_stats()
ssid = str(stats['ssid'])
channel = None
if "channel" in stats:
channel = stats['channel']
print(f"[ProbReq ] {info}")
print(f"ssid = {ssid}, channel ={channel}") #rate= {rates}
sniff(iface="wlan1", prn=handler, store=0)
There are a few things that should be taken into consideration when dealing with your problem.
First, the OUI used by the netaddr 1.3.0 package is outdated.
I have an iPhone 16 with OUI 0C-85-E1. You can check directly in IEEE or here that it is a valid OUI, but it's not updated in the netaddr source.
You can solve this problem using another approach to get OUI info from the web.
oui = src_mac[:8].upper().replace(":", "-")
try:
response = requests.get(f"https://api.macvendors.com/{oui}")
if response.status_code == 200:
macf = response.text
else:
macf = "Not available"
except Exception as e:
macf = "Not available"
But here there's the second problem. Apple uses a private Wi-Fi addresses security functionality that prevents from showing the real OUI on all requests, including probe requests.
Check here when this option is off:
And when it's on:
You can check that OUI 6E-BA-4F it's invalid.
Android has a similar function too. So you will have the same problem.
If your clients use this function there is no way to determine the vendor based on OUI from probe requests.
- Numerically stable softmax
- ModuleNotFoundError, even after pip install
- how to extract the texts after the first h1 Tag?
- Requests and BeautifulSoup to get video length from YouTube
- Python Multiple Turtles Moving (seemingly) Simultaneously
- Stop pyzmq receiver by KeyboardInterrupt
- pandas dataframe update with filter_func
- Getting the name of a variable as a string
- using bottlenose in python to extract product price from Amazon in different locale
- matplotlib multiple axes mixups
- ZMQ socket gracefully termination in Python
- gdown command not working in jupyter notebook in anaconda.cloud
- Can dependency injection be used with django?
- Simple way to measure cell execution time in ipython notebook
- Asyncio future, running Future objects
- Prime factorization using list comprehension in Python
- Store output of subprocess.Popen call in a string
- sqlalchemy.exc.NoReferencedTableError: Foreign key associated with column could not find table
- How to get the Exception (Message and StackStrace) of a Python Azure Function
- Python - regex to grab specific lines from text
- python: How to get real feature name from feature_importances
- Python: Implement a PCA using SVD
- Apply function only on slice of array under jit
- symbol not found in flat namespace '_bcp_batch'
- Print function not working without flush=True when used with the While loop
- SciPy minimise to find inverse function?
- Microservices architecture with Django
- how to escape texts for formatting in python
- How should I read a file line-by-line in Python?
- Sort columns of numpy unitary matrix such that highest element of each column is on the diagonal