Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to capture 802.11 frame packets on Windows in monitor mode #321

Open
AnjeloPeiris711 opened this issue Jan 6, 2024 · 2 comments
Open

How to capture 802.11 frame packets on Windows in monitor mode #321

AnjeloPeiris711 opened this issue Jan 6, 2024 · 2 comments

Comments

@AnjeloPeiris711
Copy link

I'm currently working on a project where I need to capture 802.11 packets using the pcap library . I enable Monitor Mode using wlanhelper.exe

here sample of mi code

use pcap::*;
fn capture_wpa2_handshake(
    interface_index:usize
) {
    // List available devices and choose the one you want
    let device = Device::list().unwrap()[interface_index].clone();
    // Choose the device (you may need to change the index based on your setup)


    // Open the selected device for capturing
    let mut cap = device.open().unwrap();
    let mut savefile = cap.savefile("test.pcap").unwrap();
    // Keep capturing until the 4-way handshake is complete
    let mut handshake_complete = false;
    // Set a filter to capture only TCP packets
    cap.filter("ether proto 0x888e", true).unwrap();
    while !handshake_complete {
        if let Ok(packet) = cap.next_packet() {
            // Process the packet, check if it's part of the WPA2 4-way handshake
            // You need to implement the logic to identify EAPOL-Key messages
            // and keep track of the handshake state
            println!("Received packet: {:?}", packet);

            // Check if the WPA2 4-way handshake is complete
            // You need to implement the logic to detect the completion of the handshake
        handshake_complete = is_wpa2_handshake_complete(&packet);
        // handshake_complete = true;
        savefile.write(&packet);
        }

    }
    println!("WPA2 4-way handshake complete!");
}

The problem I face I can't capture any packets using pcap, but Wireshark works fine.
@Wojtek242
Copy link
Collaborator

Can I just ask if you double checked (with debug logs or something) that you indeed open the capture on the right interface?

@AnjeloPeiris711
Copy link
Author

Thank you for your detailed response! Yes, I double-checked if my captured interface was the right one or not. However, I think this is the problem.

image

So I use Rust's cc package and write my own c program using pcap.h, and now I can capture Beacon Packets with the help of the pcap_set_rfmon function 🥴.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Wojtek242 @AnjeloPeiris711