I'm trying to write a simple C code with WinPcap to broadcast a beacon packet and capture it in all nearby WiFi units. The code I'm using is very similar to the ones available at WinPcap[1].
The code runs fine if I create an ad-hoc network connection and join all the computers into it. However, this process of creating and joining to an ad-hoc network is cumbersome. It would be much better if, regardless of what network each computer is in, the beacon packets would be broadcasted and captured once the code is running.
As simple as this problem might sound, after some searching it seems that this is not possible to be done on windows (unless re-writing drivers or maybe the kernel):
Raw WiFi Packets with WinPcap[2]
Sending packets without network connection[3]
Does winpcap/libpcap allow me to send raw wireless packets?[4]
Basically, it would be necessary to use the WiFi in monitor mode, which is not supported in Windows[5]. Therefore, if the computers are not in the same network connection, the packets will be discarded.
1st Issue
I'm still intriguing, beacon and probe request packets are a normal traffic across the network. How they could be being sent and received constantly but the user is not allowed to write a program to do so? How to reconcile that?
2nd Issue
Does anyone has experience with Managed Wifi API[6]? I've heard that it might help.
3rd Issue
Acrylic WiFi[7] claims to have developed a NDIS driver which support monitor mode under Windows. Does anyone has experience with this software? Is it possible to integrate with C codes?
4th Issue
Is it possible to code such Wifi beacon on Linux? and on Android?
www.winpcap.org/docs/docs_412/html/main.html
stackoverflow.com/questions/34454592/raw-wifi-packets-with-winpcap/34461313?noredirect=1#comment56674673_34461313
stackoverflow.com/questions/25631060/sending-packets-without-network-connection-wireless-adapter
stackoverflow.com/questions/7946497/does-winpcap-libpcap-allow-me-to-send-raw-wireless-packets
en.wikipedia.org/wiki/Monitor_mode#Operating_system_support
managedwifi.codeplex.com/
www.acrylicwifi.com/
Couple questions I will try to answer. Mgmt and Ctrl packets are used for running a wifi network and don't contain data, I would not call these normal packets. Windows used to(I think still does) convert data packets into ethernet frames and pass it up the stack. Beacon and Probe Req pkts are not necessary for TCP/IP stack to work, ie. web browsers don't need beacon frames to get your web page. Most OS's need minimal info from mgmt/ctrl pkts to help a user interact with a wifi adapter, most mgmt/ctrl pkts only are useful to the driver(and low level os components) to figure how to interact with the network. This way the wifi adapters look and act like ethernet adapters to high level os components.
Never had any experience with Managed Wifi API or Acrylic, so can't give you any feedback.
Most analyzers that capture and send packets do it in 2-3 separate modes mainly because of hardware. Wifi adapters can be in listen mode(promiscuous mode and/or monitor mode) or adapter mode. To capture network traffic you need to listen and not send, ie. if someone sends a pkt while you are sending you miss that traffic. In order to capture(or send) traffic you will need a custom NDIS driver in windows, on linux many of them already do. Checkout wireshark or tshark, they use winpcap to capture pkts in windows and there are some adapters they recommend to use to capture pkts.
Yes it is possible to send a beacon on linux, ie. Aireplay. I know its possible to capture traffic on Android but you it needs to have rooted or custom firmware, which I would believe also means you can send custom pkts. If you are simply trying to send a pkt it might be easier to capture some traffic in tshark or wireshark and use something like aireplay to resend that traffic. You could also edit the packet with a hex editor to tune it to what you need.
Related
Hey Stackoverflow community :)
Im looking into making a camera stream video from a an RC device into a computer using wifi.
After considering all of the options I had Im left with two:
use UDP to transfer video in packets
use packet injection and packet sniffing on the receiving device.
I was wondering what are the pros and cons of each method (for that specific purpose of video transmission)?
after looking around I found many implementations for both ways but nowhere have they specified why one is better than the other.
few things that I have not mentioned:
I know UDP does not have error correction which can make the video weird- I dont care about the quality of the video as long as it will be recognizeable.
I dont want to use connection based protocol (TPC, etc)- I dont want to wait for handshake when I get disconnected.
thanks :)
I'm trying to do a similar thing. My take on this is basically when you use the wifi cards in monitor mode (i.e. using packet sniffing/injection) you don't actually need to be connected to that network. Typically, you still need to be connected to an Access point as a client then you can communicate using UDP through that connection. But, in this case, the UDP messages are routed to the Wifi cards and the packets are injected out without being associated with any client. Then, any 'client' just has to sniff or listen on that same channel to get the transmission. So the benefit is not only does UDP not check for lost frames/etc, but also in this case you don't need to be connected to the network to get the packets.
In my case, this is preferable, since basically you will need to connect to the AP in the former case and that would require more capable hardware on the receiver side typically (more range is needed for the association part since you need to send messages back over TCP essentially to get it connected).
FYI here are the links/repos I am using and it also is a reference to what I am talking about
https://docs.px4.io/master/en/tutorials/video_streaming_wifi_broadcast.html
https://github.com/svpcom/wifibroadcast
I am using an off the shelf 'solution' in the short term, the Accsoon Cineye Air, which basically transmits HDMI 300ft line of sight over WiFi. You need an android phone to receive it, and basically I'm using the Vysor application (paid version is $40) to mirror the screen to my desktop. It works, but the latency is still more than I want : 60ms at least from the cineeye, so you can drive it around but its not as quick as DJI which is around 30-40ms ), which is my goal.
I want to capture and send some packets to the access point for testing purposes. I have the packet captures made via wireshark but I do not know how to proceed to be able to send these packets from my macbook.
I tried things like scapy, colasoft etc, but they do not seem to work as they require an external wifi adapter to be able to relay these packets outwards.
Two main questions:
Is it possible to send custom packets from macbook to a required access point. (Without using external network adapter).
If yes, what are some tooling/Scripting options that I can look at ? Any recommendations?
I am networking novice so please pardon me if the question is trivial. Thank you!
Your builtin Wifi adapter likely does not support Wifi injection.
You can check this by googling the Wifi chip that is within your computer (there are various methods to get that info depending on your OS) whether it supports Wifi injection or not.
So yeah, you'll likely need an external card (check the specs before buying it)
I am able to capture only the packets routed through my NIC, but I want to sniff all the packets from other PC(s) connected to the same local wireless network. I am using Wireshark, but it cannot sniff the packets from the remote IP(s) connected to the same local network (created by a wireless router).
You haven't provided much detail about your capture setup - in particular what OS your capture PC is running or what hardware you have. The best advice I can give you to start with is to visit the Wireshark WLAN (IEEE 802.11) capture setup wiki page and carefully read its contents, particularly those sections that best relate to your system. At the very least, you will need to be able to place your wireless NIC into monitor mode, and the method by which you do that is OS dependent, so do visit that wiki page for more details.
If you happen to be running Windows and you are unable to place your NIC into monitor mode using Wireshark or you don't have an adaptor (such as an Airpcap adaptor) capable of capturing the traffic, or npcap doesn't work for you, then you might want to try other tools besides Wireshark, such as Microsoft's Network Monitor or their newer Message Analyzer capture tools.
Lastly, if nothing else works, then you might want to visit the Wireshark Tools wiki page to try to find other potential tools that might work for you in your particular capture environment.
You can use the Cain and Abel sniffing tool. It is very easy one. You can sniff packets by Cain and Abel and log them using WireShark.
You can download it from https://web.archive.org/web/20190603235413/http://www.oxid.it/cain.html
in my college lab all the PCs are connected via LAN by L2 switch. i want to capture the http data packets by wireshark but it is only showing the interface of my own PC. so how can i capture the packets of other PCs.
can somebody tell me working of wireshark?
It is in the nature of switches that you will only see either broadcast packets or traffic that has your MAC address as a destination, that is one of the crucial differences between a switch and a hub.
It is possible for most switches to be configured to copy traffic from one port to another, this is commonly done for monitoring purposes, but that has to be done via administrative access to the device.
You can manipulate the switch's behavior by means of ARP-Spoofing. But be cautious! Doing so might be seen as a criminal act.
So be sure that you're allowed to do so in the lab, sometimes that's OK if it serves the educational purpose. Ask your supervisor or the school's administrator.
My weapon of choice for such things is Ettercap.
A far less intrusive approach would be to use one of your own switches and configure it to forward all traffic. Then you can connect one port as an uplink to the lab's switch, one port to the device under test and one port to your machine running wireshark. (I would recommend using tcpdump for capturing, though.) If you don't have a manageable switch at hand, you can also use a router running OpenWRT.
To explain what I would like to get, here's an example.
Let's say, we have a PC with one NIC. It has single IP address 172.16.0.1.
Using VLC, we start a udp stream to 172.16.0.1:1234, then launch another copy of VLC and connect to udp://#172.16.0.1:1234. Now we'll see our video streaming.
If you run sniffer, you will see packets from 172.16.0.1:some_random_port to 172.16.0.1:1234 on loopback. There's no trafic on our NIC.
What I want to do is to stream and receive udp in the same computer, like VLC does it. But the main problem is that pcap can only pcap_open() a real device, it can't work with loopback.
Is it possible to solve that problem?
P.S. I'm using Windows and WinPcap, unlike Linux version, it can send packets.
If you just want to send and receive UDP packets, I would suggest just using regular Winsock sockets, just as you'd use regular sockets on UN*X; using WinPcap requires that you re-implement IP and UDP, and won't let you send to another socket on the same machine under Windows (or on at least some versions of UN*X, either).
If you want to watch the traffic you're sending, unfortunately WinPcap won't help, as it relies on packets being sent out and received from NDIS (its driver plugs into NDIS), and that doesn't happen for packets sent from one socket on a machine to another socket on the same machine.
(Note, BTW, that libpcap can send packets on Linux and *BSD and Mac OS X and Solaris and Digital/Tru64 UNIX, for example, and has been able to do so for several years; older versions of libpcap didn't support it, but the versions available for the past few years can. However, as per my first paragraph, it would not make sense to use libpcap to send and receive regular UDP packets on those OSes, just as it makes no sense to use WinPcap for that purpose on Windows.)