Results 1 to 7 of 7

Thread: Get all WiFi stations (AP or Non AP)

  1. #1

    Default Get all WiFi stations (AP or Non AP)

    We need to track all WiFi stations whether AP or Non-AP in one of our applications. Can anyone please guide us how this can be achieved. For this purpose we have already bought the AirPcap adapter. We have got both WinPcap and AirPcap development resources. We have also tried out the samples provided by the AirPcap package but none of the sample applications provide our desired result. They only provide raw 802.11 packets. Is there any way to do so?

    Your help will be highly apprectiated.

  2. Default

    Hi, I believe I spoke with you on the phone. Hope the information I provide will be of some use to you.

    In an ad-hoc network the station that initializes the network creates a vitrual mac address. The mac address isn't the same as the physical mac address, but a randomly generated one allowing each of the client stations to broadcast the same BSSID. They're all broadcasting on the same channel.

    With the AirPcap adapter you should be able to apply some filters that show exactly what you would like to see. You can filter by the IBSS mac address and see each of the devices communicating.

    Here is a list of some useful filters for Wireshark:

    Wireshark Capture Filters

    Here is a useful video:

    Introduction to Wireshark

  3. #3

    Default

    Yes Trent you are absolutely right. But actually we want to achieve it programmatically. Wireshark is just a tool for tracking 802.11 packets. How can we acheive it via WinPcap or AirPCap API. Is there any way to get those packets in our own application, the way Wireshark displays them.

  4. #4

    Default

    appsys, Have you used the AirPCap api/dll to get the raw packets into your app ? I have had a quick play and got most of the basics working in a c++ app. Once you have the raw packet, you can then decode the packet. every packet will have the basic src/dst "mac" address in the clear, so you can use that.

    I have not read the tech specs for the packet formats for any of the 802.11bgn packets, just had a play. What I found is the first 2 bytes ID the packet type. Then based on that, the 3 Address (SRC,DST ans BSSID) will have a different order.

    If you find a good packet format doc, let me know.
    Last edited by mwalker; 12-21-2009 at 05:19 AM.

  5. #5

    Default

    Some more info...

    Been playing with this a little and can provide a litte more info.
    Once you have got the Packet from the AirPCap drivers, you will need to find the start of the IEEE packet or the "data" section. To do this it will be after the radio tap header, let me know if you want a little more detail on that bit.

    These offsets are assuming 0 is the first byte in the IEEE/Data packet

    C code
    ProtocolVersion = (AirFrame.Data[0]) & 0x03;
    PacketType = (AirFrame.Data[0] >> 2) & 0x03;
    PacketSubType = (AirFrame.Data[0] >> 4) & 0x0F;
    TDS = (AirFrame.Data[1] >> 0) & 0x01;
    FDS = (AirFrame.Data[1] >> 1) & 0x01;
    MoreFragments = (AirFrame.Data[1] >> 2) & 0x01;
    Retransmission = (AirFrame.Data[1] >> 3) & 0x01;
    PowerManagement = (AirFrame.Data[1] >> 4) & 0x01;
    MoreData = (AirFrame.Data[1] >> 5) & 0x01;
    WEPMode = (AirFrame.Data[1] >> 6) & 0x01;
    StrictOrder = (AirFrame.Data[1] >> 7) & 0x01;

    Once you have the flags, use the TDS,FDS "boolean" fields
    TDS "To the Distribution System" AP
    FDS "From...."

    So far have found this to be true, but let me know if its not.
    This was worked out by using Wireshark and my code then checking with the 802.11 packet format data that I have...

    The 4 cases will be

    FDS = flase and TDS = true // To the AP
    - BSSID IEEE[4] - IEEE [9]
    - SrcMac IEEE[10] - IEEE[15]
    - DstMac IEEE[16] - IEEE[21]

    FDS = true and TDS = false // From AP
    - DstMac IEEE[ 4] - IEEE[ 9]
    - BSSID IEEE[10] - IEEE[15]
    - SrcMac IEEE[16] - IEEE[21]

    FDS = false and TDS = false // AD-Hoc (could be broadcast
    - DstMac IEEE[ 4] - IEEE[ 9]
    - SrcMac IEEE[10] - IEEE[15]
    - BSSID IEEE[16] - IEEE[21]

    FDS = true and TDS = true // WDS from one AP to a 2nd AP - Radio to Radio
    - DstRadioMac IEEE[ 4] - IEEE[ 9]
    - SrcRadioMac IEEE[10] - IEEE[15]
    - DstMac IEEE[16] - IEEE[21]

  6. #6

    Smile Done!

    Mwalker, thanks a lot for providing us such a useful information. Now our project is almost comlplete. Your initial guidance provided us a base to start things up.

    Actually Radio tap and 802.11 frames provided us all of our required fields. We specifically parsed 802.11 Management frames (Beacon, Probe etc.) to get required fields. And radio tap provided us Signal Quality and strength parameters etc.

    If you have any questions regarding this, I will be very pleased to help you out.

    Thanks once again for your support.

  7. #7

    Default

    Happy to help. Good to hear you got it all going.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •