├── README.md ├── WLANPiShark.bat ├── doc ├── WLANPiShark.bat.md └── wlanpishark.py.md ├── images ├── WLANPiShark_Overview.png └── WLANPiShark_Overview.vsdx ├── releases ├── WLANPiShark2-0.01.zip ├── WLANPiShark2-0.03.zip ├── WLANPiShark2-0.04.zip └── WLANPiShark2-0.05.tar.gz └── wlanpishark.py /README.md: -------------------------------------------------------------------------------- 1 | # WLANPiShark2 2 | Scripts to enable Wireshark to be run on various laptop types using the WLANPi as a remote packet sniffer 3 | 4 | **(Seeing "Data written to the pipe is neither a supported pcap format nor pcapng format" messages? See the "Known Issues" section at the bottom of this page)** 5 | 6 | This project is a spin-off of the original [WLANPiShark project](https://github.com/wifinigel/WLANPiShark). The aim of that project was to allow Windows users to be able to use a WLANPi as a Wi-Fi capture device, thus providing an easy way for Windows users to perform packet captures in to Wireshark. However the project relied on a clunky batch file that took quite a a while to start up, making it slow to use. 7 | 8 | This project aims to perform the same task, but far more efficiently, and across several platforms (beyond just Windows). It does this by leveraging a Python script that is pre-installed on to the WLANPi that does much of the device setup heavy lifting, and removes the complexity required in the previous project batch file. 9 | 10 | To initiate the capture, a second script/batch file is executed on the device (e.g. laptop) that wishes to execute the Wirehsark capture, using the WLANPi as a remote probe. 11 | 12 | In this release, there are only 2 scripts: 13 | 14 | - WLANPiShark.bat : the Windows batch file to be run on a Windows machine 15 | - wlanpishark.py : the Python script that is installed on the WLANPi and iscalled from the batch to execute all WLANPi setup commands and initiate a tcpdump stream 16 | 17 | The architecture of the solution is shown in the diagram below: 18 | 19 | ![WLANPiShark Overview](https://github.com/WLAN-Pi/WLANPiShark2/blob/master/images/WLANPiShark_Overview.png) 20 | 21 | It is hoped this more flexible approach will enable easier development for other platforms to utlise the WLANPi as a remote probe capture device. Additional scripts will be added to this project over time to provide remote probe capture capability for other operating systems and software packages. 22 | 23 | The scripts/batch files that are used by this project are listed below. Each has its own dedicated page detailing its installation and operation: 24 | 25 | 26 | - [WLANPiShark.bat](https://github.com/WLAN-Pi/WLANPiShark2/blob/master/doc/WLANPiShark.bat.md) : the Windows batch file to be run on a Windows machine 27 | - [wlanpishark.py](https://github.com/WLAN-Pi/WLANPiShark2/blob/master/doc/wlanpishark.py.md) : Python script that is installed on the WLAPNPi and is called from the batch to execute all WLANPi setup commands and initiate a tcpdump stream 28 | 29 | # Quick Setup 30 | 31 | Here's a quick guide to get you going with WLANPiShark: 32 | 33 | 1. Browse to the web GUI of your WLANPi (http://{IP Addr of your WLANPi}) 34 | 2. Click the "Downloads" link at the top of the page 35 | 3. Click on the "wlanpishark" folder, then the WLANPiShark.bat file to download it 36 | 4. Copy the file to a convenient location on your Windows machine (I'd suggest your home directory) 37 | 5. Edit the WLANPiShark.bat file with Notepad (or similar text editing app) to set up your environment 38 | 6. Run WLANPiShark.bat from a Windows command prompt 39 | 40 | You can find more details about configuring your environment on the following page, but don't worry, its a one-time operation: [WLANPiShark.bat](https://github.com/WLAN-Pi/WLANPiShark2/blob/master/doc/WLANPiShark.bat.md) 41 | 42 | ## Examples 43 | 44 | Capture on channel 36 using a 40MHz channel width: 45 | 46 | ``` 47 | WLANPiShark.bat -c 36 -w 40+ 48 | ``` 49 | 50 | Check config settings: 51 | 52 | ``` 53 | WLANPiShark.bat --diag 54 | ``` 55 | 56 | Use in interactive mode: 57 | 58 | ``` 59 | WLANPiShark.bat --int 60 | ``` 61 | 62 | For more detailed information, see the following page: [WLANPiShark.bat](https://github.com/WLAN-Pi/WLANPiShark2/blob/master/doc/WLANPiShark.bat.md) 63 | 64 | # Install Guide 65 | 66 | (Note this install guide is only requried if you need to install from scratch - all required files are already installed on WLANPi images v1.6.1 and onwards) 67 | 68 | ## wlanpishark.py 69 | 70 | (Note: if you are running WLANPi image v1.6.1 or later, this script is already installed on the WLANPi) 71 | 72 | 1. SSH to your WLANPi (login with the 'wlanpi' user account) 73 | 2. Create a directory called /home/wlanpi/wlanpishark : mkdir ~/wlanpishark 74 | 3. Change in to the newly created directory: cd ./wlanpishark 75 | 4. Copy the wlanpishark.py to the newly created directory on the WLANPi (e.g. use SFTP utlity) 76 | 5. Make the wlanpishark.py script executable : chmod a+x ./wlanpishark.py 77 | 78 | ## WLANPiShark.bat 79 | 80 | 1. Copy the WLANPiShark.bat on to a Windows machine 81 | 2. Edit the file variables to suit the local machine environment (e.g. using Notepad) 82 | 3. Execute the batch file in a Windows command console 83 | 84 | (See the dedicated batch file page for full details: [WLANPiShark.bat](https://github.com/WLAN-Pi/WLANPiShark2/blob/master/doc/WLANPiShark.bat.md)) 85 | 86 | 87 | 88 | # Current Version 89 | 90 | The current version is v0.04. Check your version with the CLI command: 91 | 92 | ``` 93 | WLANPiShark.bat -v 94 | ``` 95 | 96 | # Known Issues 97 | 98 | There have been a few reports of users seeing error messages reported by Wirehark relating to "data written to the pipe not being a supported pcap or pcapng format" being reported by Wireshark. 99 | 100 | This is caused by a newer version of Plink.exe than we originally used in our testing. There are no issues with version 0.7.0. Later versions (i.e. 0.7.1 and later) cause an issue due to a new security checking option ("-no-antispoof"). 101 | 102 | Downgrading your version of Plink (by downloading an older version of Putty) to 0.7.0 fixes the issue. 103 | 104 | A better option is to upgrade your WLANPiShark.bat file to version 0.02 (or later) as it detects your Plink version and works around the Plink issue automatically. There is no need to change anything on the WLANPi, just download the current [WLANPiShark.bat](https://github.com/WLAN-Pi/WLANPiShark2/blob/master/WLANPiShark.bat) file, configure it as per your previous copy on your Windows machine, and run it as before. 105 | 106 | You can check your version of Plink by running "plink.exe -V" from a Windows command prompt. 107 | 108 | # Release Notes 109 | ``` 110 | ################################################################# 111 | # 112 | # Version history; 113 | # 114 | # v0.01 - N.Bowden 17th Feb 2019 115 | # 116 | # Initial release of spin-off from original WLANPIShark 117 | # project. Now relies on having wlanpishark.py file on 118 | # the remote WLANPi to speed up and simplify operations. 119 | # 120 | # v0.02 - N.Bowden 17th July 2019 121 | # 122 | # 1. Several reports of issues which turned out to be 123 | # an issue with a new "-no-antispoof" introduced in 124 | # Plink 0.71. issue did no affect Plink 0.70 125 | # Added version detection and a fix if version 0.71 to 126 | # 0.75 is detected (bit of future proofing in there...) 127 | # 128 | # 2. Added new "--diag" CLI option to do some basic 129 | # checks and dump out config data for bug/issue 130 | # reports 131 | # 132 | # v0.03 - N.Bowden 18th July 2019 133 | # 134 | # 1. Added interactive mode to optionally allow entry of 135 | # channel number & width if INTERACTIVE var set to 136 | # non zero value (set to 1 for instance), or CLI option 137 | # "--int". Props to Paul Manders for the code & idea. Also 138 | # added diagnostics mode via CLI "--diag" option to show 139 | # if config vars configured correctly 140 | # 141 | # v0.04 - N.Bowden/Reuben Eldal 5th Aug 2018 142 | # Reuben supplied code to set date/time of WLANPi to 143 | # match the machine running the batch file so that 144 | # timestamps of captured data reflect current system 145 | # instead of internal WLANPi clock which is inaccurate 146 | # when not NTP sync'ed. Added new script variable and 147 | # CLI parameter to turn feature on or off 148 | # 149 | # v0.05 - N.Bowden/Chris Young 29th Aug 2018 150 | # Thanks to Chris Young for reporting a bug. When setting 151 | # date of WLANPi, I had missed out -no-antispoof command 152 | # when firing up Plink to set date (doh!) 153 | # 154 | # Added full python path to remote python script calls to 155 | # mitigate possible file permission issues in future 156 | # 157 | ################################################################# 158 | ``` 159 | -------------------------------------------------------------------------------- /WLANPiShark.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | setlocal 3 | REM ################################################################# 4 | REM # 5 | REM # This script runs on a Windows 10 machine and will allow 6 | REM # Wireshark on a Windows machine to decode captured frames, 7 | REM # using a WLANPi as a wireless capture device. The Windows machine 8 | REM # machine must have IP connectivity to your WLANPi via its Ethernet 9 | REM # port. Run this script from a Windows command shell (CMD). 10 | REM # 11 | REM # Set the variables below to point at your local copy of 12 | REM # Wireshark and configure the WLANPi credentials & IP address 13 | REM # (Note that the user account on the WLANPi must be an admin 14 | REM # account to allow the sudo command to be executed - the default 15 | REM # account wlanpi/wlanpi works fine. Please use a plain text 16 | REM # editor to make the updates (e.g. Notepad) 17 | REM # 18 | REM # You will need the 'plink.exe' executable that is bundled with 19 | REM # Putty to run this batch file. https://www.putty.org/) 20 | REM # 21 | REM # This batch file needs to be run from a Windows 10 command line 22 | REM # and will stream tcpdump data back to Wireshark on your Windows 23 | REM # machine from a WLANPi, allowing wireless frames decode. This script 24 | REM # was tested with a Comfast CF-912AC adapter plugged in to a WLANPi. 25 | REM # 26 | REM # If using a version of the WLANPi image prior to version 1.5.0, 27 | REM # the best way to use this script with your WLANPi is to hook up a 28 | REM # ethernet cable between your laptop/PC and the WLANPi. Make sure you 29 | REM # do this before powering on your WLANPi. Then, when the WLANPi powers 30 | REM # up, you will see a 169.254.x.x address on the display of your WLANPi. 31 | REM # Enter this address in the WLAN_PI_IP address is the variables area 32 | REM # below. This should be a one-time operation, as the WLANPi should use 33 | REM # the same 169.254.x.x address each time. This operation also assumes 34 | REM # your laptop/PC is set to use DHCP on its ethernet adapter (it will 35 | REM # also uses its own 169.254.x.x address for comms when it gets no 36 | REM # IP address from DHCP). 37 | REM # 38 | REM # If you are using image version 1.5.0 or later of the WLANPi, (you 39 | REM # can check by browsing to a WLANPi & checkout the top of the page) 40 | REM # then Ethernet over USB functionality is built in to the image. This 41 | REM # means that you can use USB to both power the WLANPi and also provide 42 | REM # an IP connection (no more Ethernet connection required!). Note that the 43 | REM # WLANPi display will still show the address 169.254.x.x in this mode, but 44 | REM # a new adapter should appear in the adapter list shown on your laptop. 45 | REM # The new adapter will be assigned an address via DHCP in the range 46 | REM # 192.168.42.0/27, with the WLANPi using an address of 192.168.42.1. If 47 | REM # you have any difficulties with the new Ethernet over USB adapter 48 | REM # appearing in your adapter list (ipconfig), then try a better quality 49 | REM # microUSB to USB cable, as some thinner cables seem to cause issues. 50 | REM # 51 | REM # Note that each time you want to change channels or start a new capture, 52 | REM # you will need to close Wireshark and re-run this script. 53 | REM # 54 | REM # (Suggestions & feedback: wifinigel@gmail.com) 55 | REM # 56 | REM ################################################################# 57 | 58 | REM !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 59 | REM ! 60 | REM ! Set your variables here, but make sure no trailing spaces 61 | REM ! accidentally at end of lines - you WILL have issues! 62 | REM ! 63 | REM ! Remember, 192.168.42.1 is the default WLANPi address when 64 | REM ! using Ethernet over USB. Also, change IW_VER from 4.9 to 65 | REM ! 4.14 to activate 80MHz support 66 | REM !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 67 | set WLAN_PI_USER=wlanpi 68 | set WLAN_PI_PWD=wlanpi 69 | set WLAN_PI_IP=192.168.42.1 70 | set WIRESHARK_EXE=C:\Program Files\Wireshark\Wireshark.exe 71 | set PLINK=C:\Program Files\PuTTY\plink.exe 72 | set WLAN_PI_IFACE=wlan0 73 | set IW_VER=4.9 74 | set INTERACTIVE=0 75 | set TIMESET=1 76 | 77 | REM ############### NOTHING TO SET BELOW HERE ####################### 78 | :init 79 | set "__NAME=%~n0" 80 | set "__VERSION=0.05" 81 | set "__YEAR=2019" 82 | 83 | set "__BAT_FILE=%~0" 84 | set "__BAT_PATH=%~dp0" 85 | set "__BAT_NAME=%~nx0" 86 | 87 | set "CHANNEL_NUMBER=0" 88 | set "CHANNEL_WIDTH=20" 89 | set "FILTER=wlan type mgt or wlan type ctl or wlan type data" 90 | set "SLICE=0" 91 | set "DEBUG=0" 92 | 93 | 94 | :parse 95 | if "%~1"=="" goto :validate 96 | 97 | rem - handle single instance command line args (help, version etc.) 98 | if /i "%~1"=="-h" call :header & goto :usage 99 | if /i "%~1"=="--help" call :header & goto :usage 100 | 101 | if /i "%~1"=="-hh" call :header & goto :extra_help 102 | if /i "%~1"=="--xhelp" call :header & goto :extra_help 103 | 104 | if /i "%~1"=="-v" goto :version 105 | if /i "%~1"=="--version" goto :version 106 | 107 | if /i "%~1"=="-u" goto :upgrade 108 | if /i "%~1"=="--upgrade" goto :upgrade 109 | 110 | if /i "%~1"=="--diag" goto :diag 111 | 112 | if /i "%~1"=="--int" set "INTERACTIVE=1" goto :validate 113 | 114 | 115 | rem If you pass the -d option, Wireshark does not start 116 | if /i "%~1"=="-d" set "DEBUG=1" & shift & goto :parse 117 | 118 | rem - Handle mutliple parameter entries 119 | 120 | rem - This var is passed in from the command line (1-14, 36 - 165) 121 | if /i "%~1"=="--channel" set "CHANNEL_NUMBER=%~2" & shift & shift & goto :parse 122 | if /i "%~1"=="-c" set "CHANNEL_NUMBER=%~2" & shift & shift & goto :parse 123 | 124 | if /i "%~1"=="--width" set "CHANNEL_WIDTH=%~2" & shift & shift & goto :parse 125 | if /i "%~1"=="-w" set "CHANNEL_WIDTH=%~2" & shift & shift & goto :parse 126 | 127 | if /i "%~1"=="--filter" set "FILTER=%~2" & shift & shift & goto :parse 128 | if /i "%~1"=="-f" set "FILTER=%~2" & shift & shift & goto :parse 129 | 130 | if /i "%~1"=="--slice" set "SLICE=%~2" & shift & shift & goto :parse 131 | if /i "%~1"=="-s" set "SLICE=%~2" & shift & shift & goto :parse 132 | 133 | if /i "%~1"=="--ip" set "WLAN_PI_IP=%~2" & shift & shift & goto :parse 134 | if /i "%~1"=="-i" set "WLAN_PI_IP=%~2" & shift & shift & goto :parse 135 | 136 | if /i "%~1"=="--timeset" set "TIMESET=%~2" & shift & shift & goto :parse 137 | if /i "%~1"=="-t" set "TIMESET=%~2" & shift & shift & goto :parse 138 | 139 | shift 140 | goto :parse 141 | 142 | :validate 143 | 144 | rem If interactive mode is chosen, prompt user for values 145 | if NOT "%INTERACTIVE%"=="0" ( 146 | 147 | echo. 148 | echo ##################################################################### 149 | echo WLANPiShark Interactive Mode (Enter "x" to exit, "d" for diags^) 150 | echo ##################################################################### 151 | echo. 152 | echo. 153 | echo Current settings: 154 | echo. 155 | echo Wireshark file location setting: ["%WIRESHARK_EXE%"] 156 | echo Putty plink file location setting: ["%PLINK%"] 157 | echo (Please correct within WLANPiShark.bat file if incorrect^) 158 | echo. 159 | echo WLANPi IP Address setting: [%WLAN_PI_IP%] 160 | echo. 161 | ) 162 | 163 | rem # This weird IF arrangement is to do with variable scoping when 164 | rem # checking the entered value....horrible isn't it? 165 | if NOT "%INTERACTIVE%"=="0" ( 166 | set /p CHANNEL_NUMBER="Enter channel number: " 167 | ) 168 | if "%CHANNEL_NUMBER%"=="x" goto :end 169 | if "%CHANNEL_NUMBER%"=="d" goto :diag 170 | 171 | if NOT "%INTERACTIVE%"=="0" ( 172 | set /p CHANNEL_WIDTH="Enter channel width(20/40+/40-/80): " 173 | ) 174 | if "%CHANNEL_WIDTH%"=="x" goto :end 175 | if "%CHANNEL_WIDTH%"=="d" goto :diag 176 | 177 | rem Check mandatory fields supplied 178 | if "%CHANNEL_NUMBER%"=="0" call :missing_argument "Channel Number" & goto :end 179 | 180 | :width_check 181 | rem Set channel width to correct value to pass to WLANPi 182 | if "%CHANNEL_WIDTH%"=="20" set "CHANNEL_WIDTH=HT20" & goto :timeset_check 183 | if "%CHANNEL_WIDTH%"=="40+" set "CHANNEL_WIDTH=HT40+" & goto :timeset_check 184 | if "%CHANNEL_WIDTH%"=="40-" set "CHANNEL_WIDTH=HT40-" & goto :timeset_check 185 | if not "%IW_VER%"=="4.9" ( 186 | if "%CHANNEL_WIDTH%"=="80" set "CHANNEL_WIDTH=80MHz" & goto :timeset_check 187 | ) 188 | call :incorrect_argument "Channel Width" %CHANNEL_WIDTH% & goto :end 189 | 190 | :timeset_check 191 | rem Check timeset var is valid value 192 | if "%TIMESET%"=="1" goto :main 193 | if "%TIMESET%"=="0" goto :main 194 | call :incorrect_argument "Time Set (Should be 1 or 0)" %TIMESET% & goto :end 195 | 196 | :main 197 | 198 | rem Check if we need to apply a fix due to Plink version 199 | set PLINK_MOD= 200 | 201 | rem Read Plink ver 202 | "%PLINK%" -V > "%TEMP%\plink_ver.txt" 203 | set /P PLINKVER=<"%TEMP%\plink_ver.txt" 204 | del "%TEMP%\plink_ver.txt" 205 | 206 | rem For v0.71 onwards, we need to put in the -no-antispoof 207 | If NOT "%PLINKVER%"=="%PLINKVER:0.71=%" set PLINK_MOD=-no-antispoof 208 | If NOT "%PLINKVER%"=="%PLINKVER:0.72=%" set PLINK_MOD=-no-antispoof 209 | If NOT "%PLINKVER%"=="%PLINKVER:0.73=%" set PLINK_MOD=-no-antispoof 210 | If NOT "%PLINKVER%"=="%PLINKVER:0.74=%" set PLINK_MOD=-no-antispoof 211 | If NOT "%PLINKVER%"=="%PLINKVER:0.75=%" set PLINK_MOD=-no-antispoof 212 | 213 | 214 | if "%DEBUG%"=="1" goto :debug 215 | 216 | echo Starting session to device %WLAN_PI_IP% ... 217 | 218 | rem Don't set time if time setting disabled 219 | IF %TIMESET%==0 goto :nodate 220 | 221 | rem Setting WLANPi time to current time (uses UTC for global compatibility) 222 | rem As this uses Powershell to get UTC time, check Powershell is available 223 | where /q powershell.exe 224 | IF ERRORLEVEL 1 goto :nodate 225 | 226 | powershell.exe (get-date)::Now.ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ssZ') > "%TEMP%\locatime.txt" 227 | set /P datetime=<"%TEMP%\locatime.txt" 228 | "%PLINK%" -ssh %PLINK_MOD% -pw %WLAN_PI_PWD% %WLAN_PI_USER%@%WLAN_PI_IP% "echo %WLAN_PI_PWD% | sudo -S date -s '%datetime%' 2>&1 229 | echo Updated WLANPi time to: %datetime% 230 | 231 | :nodate 232 | 233 | Rem - Start remote commands on WLANPi 234 | "%PLINK%" -ssh %PLINK_MOD% -pw %WLAN_PI_PWD% %WLAN_PI_USER%@%WLAN_PI_IP% "echo %WLAN_PI_PWD% | sudo -S /usr/bin/python /home/wlanpi/wlanpishark/wlanpishark.py -c %CHANNEL_NUMBER% -w %CHANNEL_WIDTH%" -i %WLAN_PI_IFACE% -s %SLICE% -f %FILTER% | "%WIRESHARK_EXE%" -k -i - 235 | 236 | goto :end 237 | 238 | :debug 239 | 240 | if "%CHANNEL_NUMBER%"=="0" call :missing_argument "Channel Number" & goto :end 241 | 242 | echo Starting in debug mode (no Wireshark) 243 | 244 | echo Channel number : %CHANNEL_NUMBER% 245 | echo Channel width: %CHANNEL_WIDTH% 246 | echo Interface: %WLAN_PI_IFACE% 247 | echo Slice: %SLICE% 248 | echo Filter: %FILTER% 249 | echo Plink Ver: %PLINKVER% 250 | echo Plink Mod: %PLINK_MOD% 251 | "%PLINK%" -ssh %PLINK_MOD% -pw %WLAN_PI_PWD% %WLAN_PI_USER%@%WLAN_PI_IP% "echo %WLAN_PI_PWD% | sudo -S /usr/bin/python /home/wlanpi/wlanpishark/wlanpishark.py -c %CHANNEL_NUMBER% -w %CHANNEL_WIDTH%" -i %WLAN_PI_IFACE% -s %SLICE% -d -f %FILTER% 252 | 253 | goto :end 254 | 255 | :header 256 | echo. 257 | echo %__NAME% v%__VERSION% - A Windows batch file to stream tcpdump 258 | echo running on a WLANPi to Wireshark on a Windows machine 259 | echo. 260 | goto :eof 261 | 262 | :usage 263 | echo USAGE: 264 | echo. 265 | IF not "%IW_VER%"=="4.9" ( 266 | echo %__BAT_NAME% [--channel nn] { --width 20 ^| 40+ ^| 40- ^| 80 } { --filter "capture filter"} { --slice nnn } { --ip nnn.nnn.nnn.nnn } { --timeset 0 ^| 1 } 267 | echo. 268 | echo %__BAT_NAME% [-c nn] { -w 20 ^| 40+ ^| 40- ^| 80 } { -f "capture filter"} { -s nnn } { -i nnn.nnn.nnn.nnn } { -t 0 ^| 1 } 269 | 270 | ) ELSE ( 271 | echo %__BAT_NAME% [--channel nn] { --width 20 ^| 40+ ^| 40- } { --filter "capture filter"} { --slice nnn } { --ip nnn.nnn.nnn.nnn } { --timeset 0 ^| 1 } 272 | echo. 273 | echo %__BAT_NAME% [-c nn] { -w 20 ^| 40+ ^| 40- } { -f "capture filter"} { -s nnn } { -i nnn.nnn.nnn.nnn} { -t 0 ^| 1 } 274 | ) 275 | echo. 276 | echo. %__BAT_NAME% -h, --help shows basic help 277 | echo. %__BAT_NAME% -hh, --xhelp shows extra help 278 | echo. %__BAT_NAME% -v, --version shows the version 279 | echo. %__BAT_NAME% --diag shows diagnostic info 280 | echo. %__BAT_NAME% --int run in interactive mode 281 | IF "%IW_VER%"=="4.9" ( 282 | echo. %__BAT_NAME% -u, --upgrade shows how to enable 80MHz capture 283 | ) 284 | echo. 285 | echo (To run permanently in interactive mode, set the INTERACTIVE variable to INTERACTIVE=1^) 286 | echo. 287 | goto :end 288 | 289 | :extra_help 290 | echo HELP: 291 | echo. 292 | if not "%IW_VER%"=="4.9" ( 293 | echo %__BAT_NAME% [--channel nn] { --width 20 ^| 40+ ^| 40- ^| 80 } { --filter "capture filter"} { --slice nnn } { --ip nnn.nnn.nnn.nnn } { --timeset 0 ^| 1 } 294 | echo. 295 | echo %__BAT_NAME% [-c nn] { -w 20 ^| 40+ ^| 40- ^| 80 } { -f "capture filter"} { -s nnn } { -i nnn.nnn.nnn.nnn} { -t 0 ^| 1 } 296 | 297 | ) ELSE ( 298 | echo %__BAT_NAME% [--channel nn] { --width 20 ^| 40+ ^| 40- } { --filter "capture filter"} { --slice nnn } { --ip nnn.nnn.nnn.nnn } { --timeset 0 ^| 1 } 299 | echo. 300 | echo %__BAT_NAME% [-c nn] { -w 20 ^| 40+ ^| 40- } { -f "capture filter"} { -s nnn } { -i nnn.nnn.nnn.nnn} { -t0 ^| 1 } 301 | ) 302 | echo. 303 | echo. %__BAT_NAME% -h, --help shows basic help 304 | echo. %__BAT_NAME% -hh, --xhelp shows extra help 305 | echo. %__BAT_NAME% -v, --version shows the version 306 | echo. %__BAT_NAME% --diag shows diagnostic info 307 | echo. %__BAT_NAME% --int run in interactive mode 308 | IF "%IW_VER%"=="4.9" ( 309 | echo. %__BAT_NAME% -u, --upgrade shows how to enable 80MHz capture 310 | ) 311 | echo. 312 | echo (To run permanently in interactive mode, set the INTERACTIVE variable to INTERACTIVE=1^) 313 | echo. 314 | echo Command Line Capture Options: 315 | echo. 316 | echo --channel or -c : (Mandatory) Channel number to capture (1-13, 36-165) 317 | echo. 318 | echo --width or -w : (Optional) Channel width to be used for capture 319 | if not "%IW_VER%"=="4.9" ( 320 | echo Available values: 20, 40+, 40-, 80 ^(default: 20Mhz^) 321 | ) else ( 322 | echo Available values: 20, 40+, 40- ^(default: 20Mhz^) 323 | ) 324 | echo. 325 | echo --filter or -f : (Optional) tcpdump capture filter (must be enclosed in quotes) 326 | echo Examples: 327 | echo "wlan type mgt" - capture only management frames 328 | echo "wlan type ctl" - capture only control frames 329 | echo "wlan type mgt subtype beacon" - capture only beacon frames 330 | echo. 331 | echo See more details at: http://wifinigel.blogspot.com/2018/04/wireshark-capture-filters-for-80211.html 332 | echo. 333 | echo --slice or -s : (Optional) Slice captured frames to capture only headers and reduce size of capture 334 | echo file. Provide value for number of bytes to be captured per frame. 335 | echo. 336 | echo --ip or -i : (Optional) IP address of WLANPi. Note that if this is ommitted, the hard coded version in the 337 | echo batch file itself will be used 338 | echo. 339 | echo --timeset or -t : (Optional) Set clock on WLANPi to match Windows machine running WLANPiShark.bat 340 | echo 0 = turn feature off, 1 = turn feature on (default) 341 | echo. 342 | echo Example: 343 | echo. 344 | echo 1. Capture all frames on channel 36: 345 | echo. 346 | echo WLANPiShark.bat -c 36 347 | echo. 348 | echo 2. Capture the first 200 bytes of beacon frames on 20MHz channel 48: 349 | echo. 350 | echo WLANPiShark.bat -c 48 -w 20 -s 200 -f "wlan type mgt subtype beacon" 351 | echo. 352 | if not "%IW_VER%"=="4.9" ( 353 | echo 3. Capture on 80MHz channel with base channel of 36 ^(i.e. 36,40,44,48^) 354 | echo. 355 | echo WLANPiShark.bat -c 36 -w 80 356 | echo. 357 | ) 358 | echo Bugs: 359 | echo Please report to wifinigel@gmail.com (please supply "WLANPiShark.bat --diag" output) 360 | echo. 361 | echo More Information: 362 | echo Visit: https://github.com/WLAN-Pi/WLANPiShark2 363 | echo. 364 | goto :end 365 | 366 | :upgrade 367 | echo. 368 | echo. To upgrade this script to support 80MHz captures, edit this file 369 | echo to change the IW_VER variable from: 370 | echo. 371 | echo set IW_VER=4.9 372 | echo. 373 | echo to: 374 | echo. 375 | echo set IW_VER=4.14 376 | echo. 377 | echo Ensure you are running at least version 4.14 of 'iw' first! 378 | echo (SSH to WLANPi and run : sudo iw --version) 379 | echo. 380 | goto :end 381 | 382 | :diag 383 | 384 | echo. 385 | echo -------------------- WLANPIShark Diagnostics ------------------------ 386 | echo . 387 | rem Check Plink file 388 | echo ========================== 389 | echo Plink checks 390 | echo ========================== 391 | echo Plink file path: %PLINK% 392 | if exist "%PLINK%" ( 393 | echo File check: Plink file detected OK 394 | ) else ( 395 | echo File check: Plink file not detected - please check path configured 396 | ) 397 | 398 | "%PLINK%" -V > %TEMP%\plink_ver.txt 399 | set /P PLINKVER=<%TEMP%\plink_ver.txt 400 | del %TEMP%\plink_ver.txt 401 | echo Version check: %PLINKVER% 402 | 403 | rem Check Wireshark file 404 | echo ========================== 405 | echo Wireshark checks 406 | echo ========================== 407 | echo Wireshark file path: %WIRESHARK_EXE% 408 | if exist "%WIRESHARK_EXE%" ( 409 | echo File check: Wireshark file detected OK 410 | ) else ( 411 | echo File check: Wireshark file not detected - please check path configured 412 | ) 413 | 414 | "%WIRESHARK_EXE%" -v > %TEMP%\ws_ver.txt 415 | set /P WSVER=<%TEMP%\ws_ver.txt 416 | del %TEMP%\ws_ver.txt 417 | echo Version check: %WSVER% 418 | 419 | rem Dump vars 420 | echo ========================== 421 | echo Configured variables 422 | echo ========================== 423 | echo WLANPi username: %WLAN_PI_USER% 424 | echo WLANPi user account pwd: %WLAN_PI_PWD% 425 | echo WLANPi IP address: %WLAN_PI_IP% 426 | echo WLANPi wireless LAN interface name: %WLAN_PI_IFACE% 427 | echo IW version: %IW_VER% 428 | echo Set WLANPi time: %TIMESET% 429 | 430 | goto :end 431 | 432 | :version 433 | echo. 434 | echo. %__BAT_NAME% 435 | echo Version: %__VERSION% 436 | echo. 437 | goto :eof 438 | 439 | :missing_argument 440 | echo. 441 | echo **** Error: Missing required argument: %~1 **** 442 | echo. 443 | call :usage & goto :eof 444 | 445 | :incorrect_argument 446 | echo. 447 | echo **** Error: Incorrect argument supplied for %~1 : %~2 **** 448 | echo. 449 | call :usage & goto :eof 450 | 451 | :end 452 | exit /B 453 | 454 | REM ################################################################# 455 | REM # 456 | REM # Version history; 457 | REM # 458 | REM # v0.01 - N.Bowden 17th Feb 2019 459 | REM # 460 | REM # Initial release of spin-off from original WLANPIShark 461 | REM # project. Now relies on having wlanpishark.py file on 462 | REM # the remote WLANPi to speed up and simplify operations. 463 | REM # 464 | REM # v0.02 - N.Bowden 17th July 2019 465 | REM # 466 | REM # 1. Several reports of issues which turned out to be 467 | REM # an issue with a new "-no-antispoof" introduced in 468 | REM # Plink 0.71. issue did no affect Plink 0.70 469 | REM # Added version detection and a fix if version 0.71 to 470 | REM # 0.75 is detected (bit of future proofing in there...) 471 | REM # 472 | REM # 2. Added new "--diag" CLI option to do some basic 473 | REM # checks and dump out config data for bug/issue 474 | REM # reports 475 | REM # 476 | REM # v0.03 - N.Bowden 18th July 2019 477 | REM # 478 | REM # 1. Added interactive mode to optionally allow entry of 479 | REM # channel number & width if INTERACTIVE var set to 480 | REM # non zero value (set to 1 for instance), or CLI option 481 | REM # "--int". Props to Paul Manders for the code & idea. Also 482 | REM # added diagnostics mode via CLI "--diag" option to show 483 | REM # if config vars configured correctly 484 | REM # 485 | REM # v0.04 - N.Bowden/Reuben Eldal 5th Aug 2018 486 | REM # Reuben supplied code to set date/time of WLANPi to 487 | REM # match the machine running the batch file so that 488 | REM # timestamps of captured data reflect current system 489 | REM # instead of internal WLANPi clock which is inaccurate 490 | REM # when not NTP sync'ed. Added new script variable and 491 | REM # CLI parameter to turn feature on or off 492 | REM # 493 | REM # v0.05 - N.Bowden/Chris Young 29th Aug 2018 494 | REM # Thanks to Chris Young for reporting a bug. When setting 495 | REM # date of WLANPi, I had missed out -no-antispoof command 496 | REM # when firing up Plink to set date (doh!) 497 | REM # 498 | REM # 499 | REM # Added full python path to remote python script calls to 500 | REM # mitigate possible file permission issues in future 501 | REM # 502 | REM ################################################################# 503 | 504 | -------------------------------------------------------------------------------- /doc/WLANPiShark.bat.md: -------------------------------------------------------------------------------- 1 | # WLANPiShark 2 | 3 | This is a windows bat file to be used in conjunction with a WLANPi device. It is run from a Windows command prompt and will start a remote streamed capture from a WLANPi device to Wireshark on a Windows machine running this bat file. This allows a Windows machine to run an over the air wireless capture, using the WLANPi as a remote sensor. 4 | 5 | The file requires some minor configuration using a simple text editor such as notepad to configure it for your Windows machine. The WLANPi requires no configuration - this batch files has been created specifically to ensure that no changes need to be made by the user on the WLANPi device. You can build a WLANPi as per the instructions at [http://WLANPi.com] and use this batch file with WLANPi the out of the box config. 6 | 7 | Here is a blog post that describes how to use this script with a WLANPi in more detail: [https://wifinigel.blogspot.com/2019/01/wlanpishark-wireless-capture-with.html] 8 | 9 | Here are the README details from the batch file (which you can view by opening the batch file itself with a text editor) and it is strongly recommended that you review this prior to using this script: 10 | 11 | ``` 12 | ################################################################ 13 | 14 | This script runs on a Windows 10 machine and will allow 15 | Wireshark on a Windows machine to decode captured frames, 16 | using a WLANPi as a wireless capture device. The Windows machine 17 | machine must have IP connectivity to your WLANPi via its Ethernet 18 | port. Run this script from a Windows command shell (CMD). 19 | 20 | Set the variables below to point at your local copy of 21 | Wireshark and configure the WLANPi credentials & IP address 22 | (Note that the user account on the WLANPi must be an admin 23 | account to allow the sudo command to be executed - the default 24 | account wlanpi/wlanpi works fine. Please use a plain text 25 | editor to make the updates (e.g. Notepad) 26 | 27 | You will need the 'plink.exe' executable that is bundled with 28 | Putty to run this batch file. https://www.putty.org/) 29 | 30 | This batch file needs to be run from a Windows 10 command line 31 | and will stream tcpdump data back to Wireshark on your Windows 32 | machine from a WLANPi, allowing wireless frames decode. This script 33 | was tested with a Comfast CF-912AC adapter plugged in to a WLANPi. 34 | 35 | If using a version of the WLANPi image prior to version 1.5.0, 36 | the best way to use this script with your WLANPi is to hook up a 37 | ethernet cable between your laptop/PC and the WLANPi. Make sure you 38 | do this before powering on your WLANPi. Then, when the WLANPi powers 39 | up, you will see a 169.254.x.x address on the display of your WLANPi. 40 | Enter this address in the WLAN_PI_IP address is the variables area 41 | below. This should be a one-time operation, as the WLANPi should use 42 | the same 169.254.x.x address each time. This operation also assumes 43 | your laptop/PC is set to use DHCP on its ethernet adapter (it will 44 | also uses its own 169.254.x.x address for comms when it gets no 45 | IP address from DHCP). 46 | 47 | If you are using image version 1.5.0 or later of the WLANPi, (you 48 | can check by browsing to a WLANPi & checkout the top of the page) 49 | then Ethernet over USB functionality is built in to the image. This 50 | means that you can use USB to both power the WLANPi and also provide 51 | an IP connection (no more Ethernet connection required!). Note that the 52 | WLANPi display will still show the address 169.254.x.x in this mode, but 53 | a new adapter should appear in the adapter list shown on your laptop. 54 | The new adapter will be assigned an address via DHCP in the range 55 | 192.168.42.0/27, with the WLANPi using an address of 192.168.42.1. If 56 | you have any difficulties with the new Ethernet over USB adapter 57 | appearing in your adapter list (ipconfig), then try a better quality 58 | microUSB to USB cable, as some thinner cables seem to cause issues. 59 | 60 | Note that each time you want to change channels or start a new capture, 61 | you will need to close Wireshark and re-run this script. 62 | 63 | (Suggestions & feedback: wifinigel@gmail.com) 64 | 65 | ################################################################ 66 | ``` 67 | 68 | ## Configuration 69 | 70 | There are a few variable you will need to set before running the batch file on your Windows machine - do this by editing the batch file with a simple text editor such as Notepad: 71 | 72 | ``` 73 | set WLAN_PI_USER=wlanpi 74 | set WLAN_PI_PWD=wlanpi 75 | set WLAN_PI_IP=192.168.42.1 76 | set WIRESHARK_EXE=C:\Program Files\Wireshark\Wireshark.exe 77 | set PLINK=C:\Program Files (x86)\PuTTY\plink.exe 78 | set WLAN_PI_IFACE=wlan0 79 | set IW_VER=4.9 80 | set INTERACTIVE=0 81 | ``` 82 | ## Usage 83 | 84 | ``` 85 | WLANPiShark v0.03 - A Windows batch file to stream tcpdump 86 | running on a WLANPi to Wireshark on a Windows machine 87 | 88 | USAGE: 89 | 90 | WLANPiShark.bat [--channel nn] { --width 20 | 40+ | 40- } { --filter "capture filter"} { --slice nnn } { --ip nnn.nnn.nnn.nnn } 91 | 92 | WLANPiShark.bat [-c nn] { -w 20 | 40+ | 40- } { -f "capture filter"} { -s nnn } { -i nnn.nnn.nnn.nnn} 93 | 94 | WLANPiShark.bat -h, --help shows basic help 95 | WLANPiShark.bat -hh, --xhelp shows extra help 96 | WLANPiShark.bat -v, --version shows the version 97 | WLANPiShark.bat --diag shows diagnostic info 98 | WLANPiShark.bat --int run in interactive mode 99 | WLANPiShark.bat -u, --upgrade shows how to enable 80MHz capture 100 | 101 | (To run permanently in interactive mode, set the INTERACTIVE variable to INTERACTIVE=1) 102 | 103 | ``` 104 | ## Additional Help 105 | 106 | ``` 107 | WLANPiShark v0.03 - A Windows batch file to stream tcpdump 108 | running on a WLANPi to Wireshark on a Windows machine 109 | 110 | HELP: 111 | 112 | WLANPiShark.bat [--channel nn] { --width 20 | 40+ | 40- } { --filter "capture filter"} { --slice nnn } { --ip nnn.nnn.nnn.nnn } 113 | 114 | WLANPiShark.bat [-c nn] { -w 20 | 40+ | 40- } { -f "capture filter"} { -s nnn } { -i nnn.nnn.nnn.nnn} 115 | 116 | WLANPiShark.bat -h, --help shows basic help 117 | WLANPiShark.bat -hh, --xhelp shows extra help 118 | WLANPiShark.bat -v, --version shows the version 119 | WLANPiShark.bat --diag shows diagnostic info 120 | WLANPiShark.bat --int run in interactive mode 121 | WLANPiShark.bat -u, --upgrade shows how to enable 80MHz capture 122 | 123 | (To run permanently in interactive mode, set the INTERACTIVE variable to INTERACTIVE=1) 124 | 125 | Command Line Capture Options: 126 | 127 | --channel or -c : (Mandatory) Channel number to capture (1-13, 36-165) 128 | 129 | --width or -w : (Optional) Channel width to be used for capture 130 | Available values: 20, 40+, 40- (default: 20Mhz) 131 | 132 | --filter or -f : (Optional) tcpdump capture filter (must be enclosed in quotes) 133 | Examples: 134 | "wlan type mgt" - capture only management frames 135 | "wlan type ctl" - capture only control frames 136 | "wlan type mgt subtype beacon" - capture only beacon frames 137 | 138 | See more details at: http://wifinigel.blogspot.com/2018/04/wireshark-capture-filters-for-80211.html 139 | 140 | --slice or -s : (Optional) Slice captured frames to capture only headers and reduce size of capture 141 | file. Provide value for number of bytes to be captured per frame. 142 | 143 | --ip or -i : (Optional) IP address of WLANPi. Note that if this is ommitted, the hard coded version in the 144 | batch file itself will be used 145 | 146 | Example: 147 | 148 | 1. Capture all frames on channel 36: 149 | 150 | WLANPiShark.bat -c 36 151 | 152 | 2. Capture the first 200 bytes of beacon frames on 20MHz channel 48: 153 | 154 | WLANPiShark.bat -c 48 -w 20 -s 200 -f "wlan type mgt subtype beacon" 155 | 156 | Bugs: 157 | Please report to wifinigel@gmail.com (please supply "WLANPiShark.bat --diag" output) 158 | 159 | More Information: 160 | Visit: https://github.com/WLAN-Pi/WLANPiShark2 161 | 162 | ``` 163 | 164 | ## Filtering 165 | For more information about capture filters, please see my blog article at: [http://wifinigel.blogspot.com/2018/04/wireshark-capture-filters-for-80211.html]. The syntax shown for Wireshark capture filters in that article is the same as is required for the filter syntax used with this script. 166 | 167 | ## Screenshots 168 | 169 | ![Screenshot1](https://github.com/wifinigel/WLANPiShark/blob/master/screenshot1.png) 170 | 171 | ![Screenshot2](https://github.com/wifinigel/WLANPiShark/blob/master/screenshot2.png) 172 | 173 | ## Caveats 174 | - Note that this is work in progress and I cannot guarantee its reliability, despite my very best efforts - use at your own risk. 175 | 176 | 177 | -------------------------------------------------------------------------------- /doc/wlanpishark.py.md: -------------------------------------------------------------------------------- 1 | # wlanpyshark.py 2 | 3 | This is a companion Python script that resides on the WLANPi to simplify and speed-up the whole launch process. Users will not normally need to modify this script as it is activated by the batch file script on the Windows machine running the capture. 4 | 5 | This file will normally be distributed as part of the WLANPi standard image, so will not need to be loaded by an end-user. 6 | 7 | # Usage 8 | 9 | ``` 10 | 11 | Usage: 12 | 13 | wlanpishark.py -i -c -w -s -f 14 | wlanpishark.py -h 15 | 16 | Command line options: 17 | 18 | -c Sets channel to capture on (valid values 1-13, 36-165) 19 | -i Sets name of wireless interface on WLANPi (usually wlan0 with one adapter attached) 20 | -w Set channel width to capture (valid values: 20, 40+, 40-, 80MHz 21 | -s Frame capture slice size (0 = no slice, any other numeric value specifies slice size in bytes) 22 | -f Filter definition to specify frames captured (uses tcpdump filter syntax - e.g. "wlan type mgt subtype beacon") 23 | -h Help page 24 | 25 | ``` 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /images/WLANPiShark_Overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WLAN-Pi/WLANPiShark2/f115b28b42ea487d65c3c6f768ffbea6f24a02d2/images/WLANPiShark_Overview.png -------------------------------------------------------------------------------- /images/WLANPiShark_Overview.vsdx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WLAN-Pi/WLANPiShark2/f115b28b42ea487d65c3c6f768ffbea6f24a02d2/images/WLANPiShark_Overview.vsdx -------------------------------------------------------------------------------- /releases/WLANPiShark2-0.01.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WLAN-Pi/WLANPiShark2/f115b28b42ea487d65c3c6f768ffbea6f24a02d2/releases/WLANPiShark2-0.01.zip -------------------------------------------------------------------------------- /releases/WLANPiShark2-0.03.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WLAN-Pi/WLANPiShark2/f115b28b42ea487d65c3c6f768ffbea6f24a02d2/releases/WLANPiShark2-0.03.zip -------------------------------------------------------------------------------- /releases/WLANPiShark2-0.04.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WLAN-Pi/WLANPiShark2/f115b28b42ea487d65c3c6f768ffbea6f24a02d2/releases/WLANPiShark2-0.04.zip -------------------------------------------------------------------------------- /releases/WLANPiShark2-0.05.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WLAN-Pi/WLANPiShark2/f115b28b42ea487d65c3c6f768ffbea6f24a02d2/releases/WLANPiShark2-0.05.tar.gz -------------------------------------------------------------------------------- /wlanpishark.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | ''' 3 | wlanpishark.py - Script to stream TCP dump to stdout on a WLANPi 4 | 5 | This script needs to called via an SSH session from a remote machine 6 | (e.g. running Windows, Mac or Linux) that starts an SSH session, calls 7 | this script and pipes the output in to Wireshark. 8 | 9 | For more info, please see https://github.com/WLAN-Pi/WLANPiShark2 10 | 11 | ''' 12 | 13 | import sys 14 | import os 15 | import getopt 16 | import subprocess 17 | 18 | __author__ = 'Nigel Bowden' 19 | __version__ = '0.05' 20 | __email__ = 'wifinigel@gmail.com' 21 | __status__ = 'beta' 22 | 23 | # we must be root to run this script - exit with msg if not 24 | if not os.geteuid()==0: 25 | print("\n#####################################################################################") 26 | print("You must be root to run this script (use 'sudo wlanpishark.py') - exiting" ) 27 | print("#####################################################################################\n") 28 | sys.exit() 29 | 30 | # Initialize variables in case we do not get any parameters passed to us 31 | WLAN_PI_IFACE = 'wlan0' 32 | CHANNEL_WIDTH = 'HT20' 33 | CHANNEL_NUMBER = '36' 34 | SLICE = '0' 35 | FILTER = ' ' 36 | DEBUG = False 37 | 38 | def usage(): 39 | 40 | print("\n Usage:\n") 41 | print(" wlanpishark.py -i -c -w -s -f ") 42 | print(" wlanpishark.py -h") 43 | print ("\n Command line options:\n") 44 | print(" -c Sets channel to capture on (valid values 1-13, 36-165)") 45 | print(" -i Sets name of wireless interface on WLANPi (usually wlan0 with one adapter attached)") 46 | print(" -w Set channel width to capture (valid values: 20, 40+, 40-, 80MHz") 47 | print(" -s Frame capture slice size (0 = no slice, any other numeric value specifies slice size in bytes)") 48 | print(' -f Filter definition to specify frames captured (uses tcpdump filter syntax - e.g. "wlan type mgt subtype beacon")') 49 | print(' -h Help page') 50 | 51 | print(" ") 52 | sys.exit() 53 | 54 | # process the CLI parameters passed to this script 55 | 56 | try: 57 | opts, args = getopt.getopt(sys.argv[1:],'i:w:c:s:f:hdv') 58 | except getopt.GetoptError: 59 | print("\nOops...syntaxt error, please re-check: \n") 60 | usage() 61 | 62 | if DEBUG: 63 | print("Received args: ") 64 | print(sys.argv[1:]) 65 | 66 | for opt, arg in opts: 67 | if opt == '-h': 68 | usage() 69 | elif opt == ("-d"): 70 | DEBUG = True 71 | elif opt == ("-v"): 72 | print("\nwlanpishark.py version: {}\n".format(__version__)) 73 | sys.exit() 74 | elif opt == ("-i"): 75 | WLAN_PI_IFACE = arg 76 | elif opt in ("-w"): 77 | CHANNEL_WIDTH = arg 78 | elif opt in ("-c"): 79 | CHANNEL_NUMBER = arg 80 | elif opt in ("-i"): 81 | WLAN_PI_IFACE = str(arg) 82 | elif opt in ("-s"): 83 | SLICE = arg 84 | elif opt in ("-f"): 85 | # horrible kludge to get rest of cli params due to useage of shell 86 | filter_args = [arg] + args 87 | filter_str = " ".join(filter_args) 88 | FILTER = '"{}"'.format(filter_str) 89 | 90 | # These are the commands to get the WLANPi ready to stream the tcpdump data 91 | commands_list = [ 92 | [ 'Killing old tcpdump processes...', '/usr/bin/pkill -f tcpdump > /dev/null 2>&1'], 93 | [ 'Killing processes that may interfere with airmon-ng...', 'airmon-ng check kill > /dev/null 2>&1' ], 94 | [ 'Bringing WLAN card up...', 'ifconfig {} up'.format(WLAN_PI_IFACE) ], 95 | [ 'Setting wireless adapter to monitor mode', 'iw {} set monitor none'.format(WLAN_PI_IFACE) ], 96 | [ 'Setting wireless adapter to channel {} (channel width {})'.format(CHANNEL_NUMBER, CHANNEL_WIDTH), 'iw {} set channel {} {}'.format(WLAN_PI_IFACE, CHANNEL_NUMBER, CHANNEL_WIDTH) ], 97 | 98 | ] 99 | 100 | # execute each command in turn 101 | for command in commands_list: 102 | 103 | if DEBUG: 104 | print(command[0]) 105 | print("Command : " + str(command[1])) 106 | 107 | try: 108 | cmd_output = subprocess.call(command[1], shell=True) 109 | if DEBUG: 110 | print("Command output: " + str(cmd_output)) 111 | except Exception as ex: 112 | if DEBUG: 113 | print("Error executing command: {} (Error msg: {})".format(command[1], ex)) 114 | 115 | # Launch tcpdump using passed parameters (unless we're running in debug) 116 | if DEBUG == False: 117 | msg = 'Lauching tcpdump...' 118 | subprocess.call('tcpdump -n -i {} -U -s {} -w - {}'.format(WLAN_PI_IFACE, SLICE, FILTER), shell=True) 119 | --------------------------------------------------------------------------------