Processing WiFi packets with Scapy using Python 3



Scapy is a well known python program that allows to send, sniff, dissect and forge network packets.

In this tutorial we are going to analyze saved capture files, we don't recommend using scapy for realtime analysis since it loses too many packets.

We recommend using virtualenv. If you don't know what a virtualenv is, please check this python+virtualenv tutorial.

Step 1: Install of scapy

pip install Dot11, scapy

Step 2: Packet processing to extract essid, bssid, channel and cpability

Next we are going to create a python function called read_packets, which is where we will process each packet. read_packets has a parameter with a filename of the saved wifi traffic.

from scapy.all import Dot11Elt, Dot11Beacon, rdpcap

def read_packets(filename):
    packets = rdpcap(filename)
    for packet in packets:
        if p.haslayer(Dot11Beacon):
            # [Dot11Elt] tells scapy to dig a specific layer
            essid = packet[Dot11Elt].info
            # [Dot11] tells scapy to dig a specific layer
            bssid = packet[Dot11].addr3
            channel = int(ord(p[Dot11Elt:3].info))
            # The capability of the wifi packet can be obtained with:
            capability = p.sprintf("{Dot11Beacon:%Dot11Beacon.cap%}\

Observation: Scapy uses Python dictionaries to represet packets. Each packet layer is a child dictionary of the previous layer.