I am interested in getting the RSSI values if APs using a scapy sniffer. I am using sig_str = -(256-ord(packet.notdecoded[-4:-3]))
to get the RSSI values. However, I am getting -256 for all the APs. The notdecoded part is then 0. Could someone please help me figure this one out?
PS: I have already referenced this relevant post.
https://stackoverflow.com/a/34118234/4804221
TIA!
Prerequisite
Assuming the interface is in monitor mode, and correct channel assigned.
Following example configures iface=wlan0 to monitor mode and listens to channel=6
$ sudo ip link set wlan0 down
$ sudo iw dev wlan0 set type monitor
$ sudo ip link set wlan0 up
$ sudo iw dev wlan0 set channel 6
Python3
RSSI from a packet can be earned by dBm_AntSignal if RadioTap header is correctly sniffed together.
from scapy.all import RadioTap
from scapy.all import sniff
# sniff a packet from the interface
pkt = sniff(iface="wlan0", count=1)
pkt = pkt[0]
# getting the RSSI
radiotap = pkt.getlayer(RadioTap)
rssi = radiotap.dBm_AntSignal
print("RSSI={}".format(rssi)) # RSSI=-84
Python2
Seems like dBm_AntSignal is not working on python2 scapy, following example will work.
extra = pkt.notdecoded
rssi = -(256-ord(extra[-4:-3]))
Hope this helps.
Related
I am trying to simulate network latency for all traffic to a certain ip/url. I tried using a proxy through Charles but the traffic is going through HTTP or SOCKS. I found some information online but it does not seem to work for me. Can anyone see what is wrong with my commands?
#enable pf
pfctl -E
#add a temporary extra ruleset (called "anchor") named "deeelay
(cat /etc/pf.conf && echo "dummynet-anchor \"deeelay\"" && echo "anchor
\"deeelay\"") | sudo pfctl -f -
#add a rule to the deeelay set to send any traffic to endpoint through new rule
echo "dummynet out proto tcp from any to myurl.com pipe 1" |
sudo pfctl -a deeelay -f -
#Add a rule to dummynet pipe 1 to delay every packet by 500ms
sudo dnctl pipe 1 config delay 500
I see this warning when I run the commands:
No ALTQ support in kernel
ALTQ related functions disabled
Is that the issue?
The problem was the proto parameter. The application is not using tcp, it is using another protocol. You can either supply all the protocols you want as a list like so:
proto { tcp udp icmp ipv6 tlsp smp }
Or you can just remove the proto parameter altogether and it will do all protocols.
Hi i have written the bash script for downloading configuration from switches and save it to TFTP server.
snmpset -v 2c -c Zaloznik 192.168.50.22 1.3.6.1.4.1.1991.1.1.2.1.6.0 s test_skript.cfg 1.3.6.1.4.1.1991.1.1.2.1.66.0 x C0A846D2 1.3.6.1.4.1.1991.1.1.2.1.9.0 i 22 >> /dev/null;
But it always tell me this:
Error in packet. Reason: wrongLength (The set value has an illegal
length from what the agent expects) Failed object:
iso.3.6.1.4.1.1991.1.1.2.1.66.0
C0A846D2 is a HEX format of ip 192.168.70.210.
Don't you know how to fix it ? Please help, i have tried many combinations and nothing working.
Thanks.
Problem solved, there was a problem with switches that want to have an info about
type of ip address (ipv4 or ipv6), then ip address of tftp, file name and after that he can send config files to tftp.
So i have to add another snmp OID (ip address type) into the script and then it works.
I have been using go-ping library for the unprivileged ping and calculate various statistics of network in golang.
code snippet is as->
func (p *Ping) doPing() (latency, jitter, packetLoss float64, err error) {
timeout := time.Second*1000
interval := time.Second
count := 5
host := p.ipAddr
pinger, cmdErr := ping.NewPinger(host)
if cmdErr != nil {
glog.Error("Failed to ping " + p.ipAddr)
err = cmdErr
return
}
pinger.Count = count
pinger.Interval = interval
pinger.Timeout = timeout
pinger.SetPrivileged(false)
pinger.Run()
stats := pinger.Statistics()
latency = float64(stats.AvgRtt)
jitter = float64(stats.StdDevRtt)
packetLoss = stats.PacketLoss
return
}
It was working fine but now it has started throwing :-
"Error listening for ICMP packets: socket: permission denied" error.
Anyone knows the reason behind this? Go version I am using is go1.7.4.
This is in the README.md of the library you're using :
This library attempts to send an "unprivileged" ping via UDP. On linux, this must be enabled by setting
sudo sysctl -w net.ipv4.ping_group_range="0 2147483647"
If you do not wish to do this, you can set pinger.SetPrivileged(true) and use setcap to allow your binary using go-ping to bind to raw sockets (or just run as super-user):
setcap cap_net_raw=+ep /bin/goping-binary
See this blog and the Go icmp library for more details.
Hope it helps !
Make sure your setting haven't changed in any way. Using ping from the package still works for me on a 32-bit Ubuntu 16.04 with Go 1.7.4 (linux/386) if I previousely set the net.ipv4.ping_group_range according to the instructions on Github.
Note on Linux Support:
This library attempts to send an "unprivileged" ping via UDP. On linux, this must be enabled by setting
sudo sysctl -w net.ipv4.ping_group_range="0 2147483647"
If you do not wish to do this, you can set pinger.SetPrivileged(true) and use setcap to allow your binary
using go-ping to bind to raw sockets (or just run as super-user):
setcap cap_net_raw=+ep /bin/goping-binary
See this blog
and the Go icmp library for
more details.
I am trying to send an email from R, using the sendmailR package. The code below works fine when I run it on my PC, and I recieve the email. However, when I run it with my macbook pro, it fails with the following error:
library(sendmailR)
from <- sprintf("<sendmailR#%s>", Sys.info()[4])
to <- "<myemail#gmail.com>"
subject <- "TEST"
sendmail(from, to, subject, body,
control=list(smtpServer="ASPMX.L.GOOGLE.COM"))
Error in socketConnection(host = server, port = port, blocking = TRUE) :
cannot open the connection
In addition: Warning message:
In socketConnection(host = server, port = port, blocking = TRUE) :
ASPMX.L.GOOGLE.COM:25 cannot be opened
Any ideas as to why this would work on a PC, but not a mac? I turned the firewall off on both machines.
Are you able to send email via the command-line?
So, first of all, fire up a Terminal and then
$ echo “Test 123” | mail -s “Test” user#domain.com
Look into /var/log/mail.log, or better use
$ tail -f /var/log/mail.log
in a different window while you send your email. If you see something like
... setting up TLS connection to smtp.gmail.com[xxx.xx.xxx.xxx]:587
... Trusted TLS connection established to smtp.gmail.com[xxx.xx.xxx.xxx]:587:\
TLSv1 with cipher RC4-MD5 (128/128 bits)
then you succeeded. Otherwise, it means you have to configure you mailing system. I use postfix with Gmail for two years now, and I never had have problem with it. Basically, you need to grab the Equifax certificates, Equifax_Secure_CA.pem from here: http://www.geotrust.com/resources/root-certificates/. (They were using Thawtee certificates before but they changed last year.) Then, assuming you used Gmail,
Create relay_password in /etc/postfix and put a single line like this (with your correct login and password):
smtp.gmail.com login#gmail.com:password
then in a Terminal,
$ sudo postmap /etc/postfix/relay_password
to update Postfix lookup table.
Add the certificates in /etc/postfix/certs, or any folder you like, then
$ sudo c_rehash /etc/postfix/certs/
(i.e., rehash the certificates with Openssl).
Edit /etc/postfix/main.cf so that it includes the following lines (adjust the paths if needed):
relayhost = smtp.gmail.com:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/relay_password
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = may
smtp_tls_CApath = /etc/postfix/certs
smtp_tls_session_cache_database = btree:/etc/postfix/smtp_scache
smtp_tls_session_cache_timeout = 3600s
smtp_tls_loglevel = 1
tls_random_source = dev:/dev/urandom
Finally, just reload the Postfix process, with e.g.
$ sudo postfix reload
(a combination of start/stop works too).
You can choose a different port for the SMTP, e.g. 465.
It’s still possible to use SASL without TLS (the above steps are basically the same), but in both case the main problem is that your login informations are available in a plan text file... Also, should you want to use your MobileMe account, just replace the Gmail SMTP server with smtp.me.com.
I have 4 PCs which are connected through the LAN. I am making a PHP program that will
differentiate each PC separately and i will keep each pc record.
But when i am getting an IP address i am getting same IP for all. I guess i should retrieve MAC address for all pcs separately, but i don't know how will i fetch MAC address.
I am using Linux OS.
Programing tips will be appreciated.
As far as I know, you cannot do this with PHP alone. However, if you have exec() rights on the server, the you might be able to use:
arp -a ipaddress
Where ipaddress is the IP address of the computer on your LAN. You would need to use something like regex to seperate the MAC address from the rest of the output.
I don't think that the mac-adress is included in the http-header. So it is probably hard to get it via php. I think you're better off trying to fix the ip-issue. Sorry I can't help you more.
Edit:
Actually... searching around a little I found a possible solution:
$mac = `ping -c 1 $ip && arp -a | grep $ip`
You probably have to parse the output though. I get:
xxx.xxx.local (192.168.0.10) at d5:c2:c3:13:a2:b1 [ether] on eth0
When doing arp -a 192.168.0.10
Edit:
Like the post under states, you would need exec-rights.
Edit:
Sorry, just realized that in order for this to work, you would need the ip... Which you don't have.
PEAR’s Net_Ping is a niffty wrapper class for executing ping calls from PHP. You can use it to check if a remote server is responding correctly. The library can be download from here.
pear install Net_Ping-2.4.4
<?php
require_once "Net/Ping.php";
$ping = Net_Ping::factory();
if(PEAR::isError($ping))
echo $ping->getMessage();
else
{
/* Number of packets to send */
$ping->setArgs(array('count' => 4));
$rawData = $ping->ping('google.com');
print_r($rawData);
}
?>