[Chicago] Python traffic analysis idea

Adrian Buford technicallydebatable at gmail.com
Tue Jan 28 22:29:09 CET 2014 

I think that is probably the most accurate way of looking at it. Looking at
scapy now
On Jan 28, 2014 2:29 PM, "Nick Bennett" <nick at goggl.es> wrote:

> Steve,
>
> Your idea makes sense when you're the owner of the network and have
> control over the access points. I think what Adrian is talking about is
> more along the lines of network surveys of all WLAN access points whether
> they're in your control or not, and specifically with the goal of using
> Python to get access to pertinent details and log them in any way.
>
> Nick Bennett
> nick at goggl.es
>
>
> On Tue, Jan 28, 2014 at 2:20 PM, Steve Schwarz <steve at agilitynerd.com>wrote:
>
>> Maybe I'm missing something but why not a basic web app (even a CGI
>> script) that the "Points" HTTP POST to? Then you can process the data at
>> post or store centrally for further processing. You can use urllib2 or
>> python-requests to do the POST with authentication. HTTP(S) is async and
>> sufficiently secure for this data - unless you are sending a real lot of
>> data/packets.
>>
>> Best Regards,
>> Steve
>>
>>
>> On Tue, Jan 28, 2014 at 11:28 AM, Adrian Buford <
>> technicallydebatable at gmail.com> wrote:
>>
>>> The issue isn't finding code to perform the task. The issue is getting
>>> the results to a log. I cannot find anything in that direction. I would put
>>> the idea in the same category as wardriving but with an added purpose. I am
>>> a daily user of kali and pentoo  I even went as far as reading the man
>>> pages on the Aircrack-ng suite to see if there was anything I overlooked.
>>> I've looked at Fern also. You are probably right. This is something I may
>>> need to hash out with my own code completely
>>>  On Jan 28, 2014 10:38 AM, "Nick Bennett" <nick at goggl.es> wrote:
>>>
>>>> What you're talking about, logging information about WiFi access
>>>> points, sounds a lot like wardriving<http://en.wikipedia.org/wiki/Wardriving>.
>>>> Even if that's not exactly what you mean, it should point you in some
>>>> directions for how to do such things with Python.
>>>>
>>>> I think that one of the most important part of problem solving and
>>>> research in this day and age is to get relevant keywords. Searching
>>>> for "wardriving python" on DuckDuckGo<https://duckduckgo.com/?q=wardriving+python>produces a lot of seemingly relevant results, including:
>>>>
>>>> - a metric tonne of instructions on creating a mobile wardriving device
>>>> using RaspberryPi and other low power (consuming) hardware, which reminds
>>>> me of Paul Ebreo's talk at the ChiPy meeting<http://www.chipy.org/meetings/past/>November 2013 at Spartz "Python <3 Open Source Hardware"
>>>> - a ton of stuff related to computer security and penetration testing
>>>>
>>>> What I didn't see in that search was much about writing Python code or
>>>> particular modules. I imagine this might be because wardriving is a very
>>>> common term I'd associate with non-programmers who want to perform a
>>>> complex task without needing to write code. I refined the search on DuckDuckGo
>>>> to "python penetration testing wifi"<https://duckduckgo.com/?q=python+penetration+testing+wifi>and got some promising directions:
>>>>
>>>> - Fern <http://code.google.com/p/fern-wifi-cracker/> - "a Wireless
>>>> security auditing and attack software program written using the Python
>>>> Programming Language <http://www.python.org/> and the Python Qt GUI
>>>> library <http://www.riverbankcomputing.co.uk/software/pyqt/intro>, the
>>>> program is able to crack and recover WEP/WPA/WPS keys and also run other
>>>> network based attacks on wireless or ethernet based networks"
>>>> - Video: WLAN SSID Sniffer Using Raw Sockets in [10 Lines of] Python<http://www.securitytube.net/video/7275>
>>>>
>>>> If you don't want to go that far down the rabbit hole, you could watch this
>>>> shaky video of a monitor <https://www.youtube.com/watch?v=RVVaWoxHKJo>of a fellow describing, very amiably and I think very understandably, how
>>>> to use Python very simply to get information from kismet on a Raspberry Pi
>>>> (for your viewers, pleease use a tripod and share your code somewhere other
>>>> than Google Docs<https://docs.google.com/file/d/0B1i26IugaGQbZmJBb2pwT2JJSjg/edit>
>>>> ).
>>>>
>>>> As with all things, please use this information responsibly and write
>>>> tests for your code.
>>>>
>>>> Nick Bennett
>>>> nick at goggl.es
>>>>
>>>>
>>>> On Tue, Jan 28, 2014 at 10:02 AM, Adrian Buford <
>>>> technicallydebatable at gmail.com> wrote:
>>>>
>>>>> They collect the data but don't have options for export. I looked at
>>>>> the man pages for both. One had an export Option I couldn't get to work
>>>>>  On Jan 27, 2014 9:59 PM, "Adrian Buford" <
>>>>> technicallydebatable at gmail.com> wrote:
>>>>>
>>>>>> I'll research tonight and post how I branch off. Thank you.
>>>>>> On Jan 27, 2014 8:55 PM, "Daniel Peters" <danieltpeters at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> So, are you looking for how to implement this?  There's a few wifi
>>>>>>> sniffing tools on Linux, things like (off the top of my head...) wifilist
>>>>>>> and wavemon. wavemon in particular does all of that, you could see if any
>>>>>>> of these kinds of tools output in some kind of text format, and then do
>>>>>>> what you want with that?
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Jan 27, 2014 at 6:58 PM, Adrian Buford <
>>>>>>> technicallydebatable at gmail.com> wrote:
>>>>>>>
>>>>>>>> Looking for assist on writing a Python based traffic analysis
>>>>>>>> script(s). I have the concept drawn but just started digging into coding.
>>>>>>>> Any help is appreciated.
>>>>>>>>
>>>>>>>> Point A > captures bssid,  mac, said, signal strength of AP(x) and
>>>>>>>> appends time stamp to logA
>>>>>>>>
>>>>>>>> Point B > does same and appends to logB
>>>>>>>>
>>>>>>>> Information is compared between logs and average Point A to Point B
>>>>>>>> time is generated based on signal threshold. AP(x) being any device that
>>>>>>>> can broadcast such signal. Cellular, mobile hot spot, CTA train (yes they
>>>>>>>> do). Idea came from using WigleWiFi this weekend. Was thinking of logging
>>>>>>>> via ssh connection to home server. I'm sure accuracy can be improved via
>>>>>>>> the great minds here. This idea isn't limited to two points. More points
>>>>>>>> will yield better accuracy.
>>>>>>>>
>>>>>>>> Enough ranting. Thank you. Any help is appreciated.
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Chicago mailing list
>>>>>>>> Chicago at python.org
>>>>>>>> https://mail.python.org/mailman/listinfo/chicago
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Chicago mailing list
>>>>>>> Chicago at python.org
>>>>>>> https://mail.python.org/mailman/listinfo/chicago
>>>>>>>
>>>>>>>
>>>>> _______________________________________________
>>>>> Chicago mailing list
>>>>> Chicago at python.org
>>>>> https://mail.python.org/mailman/listinfo/chicago
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> Chicago mailing list
>>>> Chicago at python.org
>>>> https://mail.python.org/mailman/listinfo/chicago
>>>>
>>>>
>>> _______________________________________________
>>> Chicago mailing list
>>> Chicago at python.org
>>> https://mail.python.org/mailman/listinfo/chicago
>>>
>>>
>>
>>
>> --
>> Best Regards,
>> Steve
>> Blogs: http://agilitynerd.com/  http://tech.agilitynerd.com/
>> Dog Agility Search: http://googility.com/
>> Dog Agility Courses: http://agilitycourses.com/
>> http://www.facebook.com/AgilityNerd
>>
>> _______________________________________________
>> Chicago mailing list
>> Chicago at python.org
>> https://mail.python.org/mailman/listinfo/chicago
>>
>>
>
> _______________________________________________
> Chicago mailing list
> Chicago at python.org
> https://mail.python.org/mailman/listinfo/chicago
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/chicago/attachments/20140128/9ec19222/attachment.html>

More information about the Chicago mailing list