search

node-pcap / node_pcap

libpcap bindings for node
MIT License
930 stars 256 forks source link

Warning : no IPV4 address assigned and bad packets #187

Open 4rzael opened 9 years ago

4rzael commented 9 years ago

I'm trying to use node_pcap in order to replace an airodump-ng wrapper.

I set my interface in monitor mode with airmon-ng.

Then, when I try to record with node_pcap, iget this error:

warning: wlan0mon: no IPv4 address assigned - this may not actually work

----

TypeError: undefined is not a function
    at PcapPacket.decode (/home/pi/test_6sense/node_modules/pcap/decode/pcap_packet.js:45:24)
    at Function.decode (/home/pi/test_6sense/node_modules/pcap/decode/index.js:11:29)
    at PcapSession.<anonymous> (/home/pi/test_6sense/index.js:10:25)
    at PcapSession.emit (events.js:95:17)
    at PcapSession.on_packet_ready (/home/pi/test_6sense/node_modules/pcap/pcap.js:98:10)
    at packet_ready (/home/pi/test_6sense/node_modules/pcap/pcap.js:43:14)
    at SocketWatcher.pcap_read_callback [as callback] (/home/pi/test_6sense/node_modules/pcap/pcap.js:63:45)

Here's my code:

'use strict';

var pcap = require('pcap');

var session = pcap.createSession('wlan0mon', 'wlan type mgt subtype probe-req');

session.on('packet', function(rawPkt) {
    console.log('\n----\n');
    try {
        var pkt = pcap.decode.packet(rawPkt);
        return console.log(pkt);
        }
    catch (ex){
        console.log( ex.stack );
    }
});

When I try to use airodump-ng instead, it works.

Any ideas how to fix this ? (and why do we need an IP to scan probe requests ?)

I'm on debian Jessie ARM, node v0.10.40, node_pcap v^2.0.1 (installed with npm)

4rzael commented 9 years ago

Update:

I installed node_pcap from the git repository, and I don't get the error anymore.

I still get the IPv4 warning though, and every packet I receive (I'm monitoring with a wifi dongle) looks like this:

{ link_type: 'LINKTYPE_IEEE802_11_RADIO',
  pcap_header: { tv_sec: 1445872207, tv_usec: 619969, caplen: 120, len: 120 },
  payload: 
   { emitter: undefined,
     headerRevision: 0,
     headerPad: 0,
     headerLength: 36,
     signalStrength: 0,
     frequency: 22551,
     antenna: undefined,
     ieee802_11Frame: 
      { emitter: undefined,
        frameControl: 4160,
        version: 0,
        type: 0,
        subType: 4,
        flags: [Object],
        duration: 0,
        bssid: [Object],
        shost: [Object],
        dhost: [Object],
        fragSeq: 45065,
        beacon: undefined,
        llc: undefined,
        probe: [Object] },
     presentFields: 
      { tsft: true,
        flags: true,
        rate: true,
        channel: true,
        fhss: false,
        signalStrength: true,
        signalNoise: false,
        lockQuality: false,
        txAttenuation: false,
        dbTxAttenuation: false,
        dbmTxPower: false,
        antenna: false,
        dbAntennaSignal: false,
        dbAntennaNoise: false,
        rxFlags: true },
     signalNoise: undefined },
  emitter: undefined }

The emitter is always undefined, the signal strength 0, the bssid {255, 255, 255, 255, 255}, etc ...

The only things changing in the payload are the frequency, the fragSeq and the frameControl.

coffeegist commented 8 years ago

It would be great to see movement in properly decoding IEEE802_11_RADIO packets! I'm getting the same issue as well.

However, I can confirm installing from GitHub takes care of the "Undefined is not a function" problem. I am also noticing that it SEEMS to decode IP traffic decently. Maybe not the management packets as stated above. I haven't gotten to test that part too much.