search

rust-pcap / pcap

Rust language pcap library
Apache License 2.0
617 stars 142 forks source link

How to capture 802.11 frame packets on Windows in monitor mode #321

Open AnjeloPeiris711 opened 9 months ago

AnjeloPeiris711 commented 9 months ago

I'm currently working on a project where I need to capture 802.11 packets using the pcap library . I enable Monitor Mode using wlanhelper.exe

here sample of mi code

use pcap::*;
fn capture_wpa2_handshake(
    interface_index:usize
) {
    // List available devices and choose the one you want
    let device = Device::list().unwrap()[interface_index].clone();
    // Choose the device (you may need to change the index based on your setup)

    // Open the selected device for capturing
    let mut cap = device.open().unwrap();
    let mut savefile = cap.savefile("test.pcap").unwrap();
    // Keep capturing until the 4-way handshake is complete
    let mut handshake_complete = false;
    // Set a filter to capture only TCP packets
    cap.filter("ether proto 0x888e", true).unwrap();
    while !handshake_complete {
        if let Ok(packet) = cap.next_packet() {
            // Process the packet, check if it's part of the WPA2 4-way handshake
            // You need to implement the logic to identify EAPOL-Key messages
            // and keep track of the handshake state
            println!("Received packet: {:?}", packet);

            // Check if the WPA2 4-way handshake is complete
            // You need to implement the logic to detect the completion of the handshake
        handshake_complete = is_wpa2_handshake_complete(&packet);
        // handshake_complete = true;
        savefile.write(&packet);
        }

    }
    println!("WPA2 4-way handshake complete!");
}

The problem I face I can't capture any packets using pcap, but Wireshark works fine.

Wojtek242 commented 8 months ago

Can I just ask if you double checked (with debug logs or something) that you indeed open the capture on the right interface?

AnjeloPeiris711 commented 8 months ago

Thank you for your detailed response! Yes, I double-checked if my captured interface was the right one or not. However, I think this is the problem.

image

So I use Rust's cc package and write my own c program using pcap.h, and now I can capture Beacon Packets with the help of the pcap_set_rfmon function 🥴.