-
Notifications
You must be signed in to change notification settings - Fork 226
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ubuntu: No /dev/bpf*
#3
Comments
Having the same issue.
|
A few thoughts. From my experience on OSX the If you need to run I just had a Raspberry Pi plugged in the other day and should have tested this -- please let me know about your progress! Thanks :) |
Having the same issue with Ubuntu 16.04.
Running these also seems to have (temporarily) broken my wifi connection (or perhaps it was just coincidence -- any insights?) |
Thanks @selva-oscura it sounds like there's no need for anything like Something you can try is commenting out the The idea is that some packets only say what gateway they are using, not what BSSID they are using, so it's helpful (but possibly not essential) to look for the gateway. If you comment out that line, the script will continue to run, but may not find enough packets. Please let me know how it works for you! Also: regarding temporarily "breaking" wifi, this has been my experience too, that |
I commented out line 59 (return), added sudo to the tcpdump (cmd) on line 72, and ran with
I wasn't knocked offline this time, but despite a plethora of wifi users around, no joy on getting mac addresses. Any ideas? |
@selva-oscura thanks for sticking with me on this! My first thought is that it's strange to see "23/1000" in the output. It looks like maybe you quit the app early (with One thing you can try is inserting some print statements in the code. I added a few for you in this branch: https://github.com/kylemcdonald/FreeWifi/tree/verbose Try running with the To run tcpdump by itself, start by looking at this code
Where wlan0 is your wireless interface. You should see packets scrolling by. What we're looking for is:
If you see some packets that match what we're looking for, try pasting them here. It might just be that the regular expression I wrote to parse tcpdump doesn't work on the version of tcpdump that you have, and we'll need to prepare a new regex. |
Still no luck. With the new fork, I get
With the original one, I'm getting
In none of these cases did I CTRL-C out. The 23 and the 2 (in one case) are how far it went before the program stopped. My computer doesn't use wlan0. Do I need to edit the file or pass my computer's equivalent? When I manually run
Without verbose,
running
While I saw my MAC address when I checked On this particular wifi network (and not the two previous), I noticed being disconnected from the network and getting the message:
Any thoughts? And thank you. |
Ok, I think we're a lot closer to discovering the problem. But the solution might require some additional work. I ran the script on a Raspberry Pi to verify that it generally works, and there were a few real changes I had to make. I've pushed those changes to master, so grab the new code when you get a chance. But let's walk through what you've found. One of the commands you wrote isn't going to work as you'd expect: All the output you've posted so far includes
So it sounds like by default your version of tcpdump is only capturing the first few bytes of the packet. We can change this by adding Note: before posting any of the output of tcpdump publicly, be aware that people may be able to use that information to figure out approximately where you are located by cross-referencing the wireless network names against databases like wigle. Regarding the gateway being unavailable, I changed the logic for how that is done, so it might also work for you now. The script should do a better job of detecting the wireless interface automatically too, and if it doesn't select the right one you can set it manually with Finally, it looks like your tcpdump is quitting in the middle of running. This is where it gets a little more complicated. Usually when you want to run an interface in monitor mode it just works, but sometimes other background processes can interrupt and cause tcpdump to quit. One way around this is to use another tool called aircrack-ng to detect which processes might be interrupting your sniffing, and kill them. First install aircrack-ng, then run the command If you still get 0 results, there's a chance that there is way more management traffic than data traffic in your area, and you need to increase the number of packets you are watching for with Good luck :) |
Hi. I tried all your advices but i don't still get any user on network. I get "Sniffing finished early." error. The internet connection is interrupted when i run "sudo python wifi-users.py" command. I think i get this error because of interruption. How can i pass this problem? |
Thank you for your persistence.
after running Even running with 10,000 => no luck
One thing of note, there were Gateway IP and MAC addresses showing after the available gateways bit, though a quick perusal of your new code makes me think that that is apparently due to a change in your code rather than a change in what is being detected. Poking around the code, I removed the -I from cmd, and it ceased to finish early.
and added
There definitely is data passing through, but I grant I don't really know what to make of it it. Two examples below (the specific numbers have been a bit scrambled ):
|
@selva-oscura ok! i think we're making progress :) it looks like the my suspicion is that you have a different version of tcpdump, and that it has a different format for the output compared to my version. could you run the follow:
the first thing my code looks for is the beacon frames from the wireless AP, to figure out what the wireless AP's MAC address is. i'm guessing that this part should probably work: if ssid in line:
bssid_matches = bssid_re.search(line)
if bssid_matches:
bssid = bssid_matches.group(1)
if 'Broadcast' not in bssid:
network_macs.add(EUI(bssid)) i would try modifying it to print out three helpful things, to check if it's properly extracting the MAC address from that line: if ssid in line:
print('Found a line that includes the SSID {}: {}'.format(ssid, line)) # 1
bssid_matches = bssid_re.search(line)
if bssid_matches:
bssid = bssid_matches.group(1)
if 'Broadcast' not in bssid:
network_macs.add(EUI(bssid))
print('Beacon MAC address found: {}'.format(bssid)) # 2
else:
print('Beacon MAC address not found.') # 3 i think this part is probably working. then we want to get deeper. let's take this part: if length_match:
length = int(length_match.group(1))
mac_matches = tcpdump_mac_re.findall(line)
if mac_matches:
macs = set([EUI(match[1]) for match in mac_matches])
leftover = macs - network_macs
if len(leftover) < len(macs):
for mac in leftover:
data_totals[mac] += length
client_macs.add(mac) and add five lines: if length_match:
print('Found a line that includes the word "length": {}'.format(line)) # 1
length = int(length_match.group(1))
mac_matches = tcpdump_mac_re.findall(line)
if mac_matches:
print('Data MAC addresses found:') # 2
macs = set([EUI(match[1]) for match in mac_matches])
for mac in macs: # 3
print('- {}'.format(mac)) # 4
leftover = macs - network_macs
if len(leftover) < len(macs):
for mac in leftover:
data_totals[mac] += length
client_macs.add(mac)
else:
print('Data MAC addresses not found.') # 5 if you are getting lots of |
I cloned the current version of the repo, made the recommended changes, ran
My wifi did reset (disconnect and reconnect) after running this. |
What would be the Linux equivalent of
/dev/bpf*
? At least on Ubuntu there are no such filesThe text was updated successfully, but these errors were encountered: