[Chicago] Python traffic analysis idea

Nick Bennett nick at goggl.es
Tue Jan 28 17:37:56 CET 2014


What you're talking about, logging information about WiFi access points,
sounds a lot like wardriving <http://en.wikipedia.org/wiki/Wardriving>.
Even if that's not exactly what you mean, it should point you in some
directions for how to do such things with Python.

I think that one of the most important part of problem solving and research
in this day and age is to get relevant keywords. Searching for "wardriving
python" on DuckDuckGo
<https://duckduckgo.com/?q=wardriving+python>produces a lot of
seemingly relevant results, including:

- a metric tonne of instructions on creating a mobile wardriving device
using RaspberryPi and other low power (consuming) hardware, which reminds
me of Paul Ebreo's talk at the ChiPy
meeting<http://www.chipy.org/meetings/past/>November 2013 at Spartz
"Python <3 Open Source Hardware"
- a ton of stuff related to computer security and penetration testing

What I didn't see in that search was much about writing Python code or
particular modules. I imagine this might be because wardriving is a very
common term I'd associate with non-programmers who want to perform a
complex task without needing to write code. I refined the search on DuckDuckGo
to "python penetration testing
wifi"<https://duckduckgo.com/?q=python+penetration+testing+wifi>and
got some promising directions:

- Fern <http://code.google.com/p/fern-wifi-cracker/> - "a Wireless security
auditing and attack software program written using the Python Programming
Language <http://www.python.org/> and the Python Qt GUI
library<http://www.riverbankcomputing.co.uk/software/pyqt/intro>,
the program is able to crack and recover WEP/WPA/WPS keys and also run
other network based attacks on wireless or ethernet based networks"
- Video: WLAN SSID Sniffer Using Raw Sockets in [10 Lines of]
Python<http://www.securitytube.net/video/7275>

If you don't want to go that far down the rabbit hole, you could watch this
shaky video of a monitor <https://www.youtube.com/watch?v=RVVaWoxHKJo> of a
fellow describing, very amiably and I think very understandably, how to use
Python very simply to get information from kismet on a Raspberry Pi  (for
your viewers, pleease use a tripod and share your code somewhere other
than Google
Docs <https://docs.google.com/file/d/0B1i26IugaGQbZmJBb2pwT2JJSjg/edit>).

As with all things, please use this information responsibly and write tests
for your code.

Nick Bennett
nick at goggl.es


On Tue, Jan 28, 2014 at 10:02 AM, Adrian Buford <
technicallydebatable at gmail.com> wrote:

> They collect the data but don't have options for export. I looked at the
> man pages for both. One had an export Option I couldn't get to work
> On Jan 27, 2014 9:59 PM, "Adrian Buford" <technicallydebatable at gmail.com>
> wrote:
>
>> I'll research tonight and post how I branch off. Thank you.
>> On Jan 27, 2014 8:55 PM, "Daniel Peters" <danieltpeters at gmail.com> wrote:
>>
>>> So, are you looking for how to implement this?  There's a few wifi
>>> sniffing tools on Linux, things like (off the top of my head...) wifilist
>>> and wavemon. wavemon in particular does all of that, you could see if any
>>> of these kinds of tools output in some kind of text format, and then do
>>> what you want with that?
>>>
>>>
>>> On Mon, Jan 27, 2014 at 6:58 PM, Adrian Buford <
>>> technicallydebatable at gmail.com> wrote:
>>>
>>>> Looking for assist on writing a Python based traffic analysis
>>>> script(s). I have the concept drawn but just started digging into coding.
>>>> Any help is appreciated.
>>>>
>>>> Point A > captures bssid,  mac, said, signal strength of AP(x) and
>>>> appends time stamp to logA
>>>>
>>>> Point B > does same and appends to logB
>>>>
>>>> Information is compared between logs and average Point A to Point B
>>>> time is generated based on signal threshold. AP(x) being any device that
>>>> can broadcast such signal. Cellular, mobile hot spot, CTA train (yes they
>>>> do). Idea came from using WigleWiFi this weekend. Was thinking of logging
>>>> via ssh connection to home server. I'm sure accuracy can be improved via
>>>> the great minds here. This idea isn't limited to two points. More points
>>>> will yield better accuracy.
>>>>
>>>> Enough ranting. Thank you. Any help is appreciated.
>>>>
>>>> _______________________________________________
>>>> Chicago mailing list
>>>> Chicago at python.org
>>>> https://mail.python.org/mailman/listinfo/chicago
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Chicago mailing list
>>> Chicago at python.org
>>> https://mail.python.org/mailman/listinfo/chicago
>>>
>>>
> _______________________________________________
> Chicago mailing list
> Chicago at python.org
> https://mail.python.org/mailman/listinfo/chicago
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/chicago/attachments/20140128/5dc452e6/attachment.html>


More information about the Chicago mailing list