In this series of blogposts we will cover advanced, security focused, aspects of the ESP8266 /ESP32 SoCs such as sniffing and injecting 802.11 and bluetooth packets, building proof-of-concept network implant devices, etc.
- Wifi Channel Analyzer Mac
- Wifi Sniffer For Mac
- Wifi Sniffer Software
- Free Wifi Analyzer For Mac
- Mac Wifi Analyzer
The ESP8266 is a low-cost Wi-Fi capable system-on-chip with full TCP/IP stack produced by Espressif Systems. It features a Tensilica L106 32-bit RISC processor, reaching a maximum clock speed of 160 MHz.
A software packet sniffing tool requires that the host computer’s network adapter is in promiscuous mode. Issuing a Ping with the right IP address but the wrong MAC address for each computer on the network should spot the hosts that are in promiscuous mode and therefore likely to be in use for packet sniffing. Mac OS X has a native WiFi analyzer tool that has many new features. A great new addition is the free built-in Wi-Fi scanner tool, that also has wifi stumbler to find and discover nearby Wi-Fi networks. You can look at the screenshot below for an example of the free Mac WiFi analyzer. ESP32 WiFi MAC Scanner/Sniffer (promiscuous). Sniffs WiFi Packets in promiscuous mode, Identifies Known Mac addresses and keeps track of how long they have been in proximity.
It integrates several peripheral interfaces via its 17 GPIO (General Purpose I/O) ports, which can be assigned to various functions, such as:
- There are many applications that enable WiFi sniffing on a Mac as well. We are going to use a free WiFi sniffer named KisMAC to see how you go about capturing WiFi traffic. Capturing WiFi Traffic with a Wireless Network Sniffer. We are going to go through the steps required to capture WiFi traffic using the KisMAC software WiFi sniffer for the Mac.
- Download Wifi Sniffer Mac Software Advertisement AirGrab WiFi Radar v.1.7.39 AirGrab WiFi Radar is a tool to display information about Apple Airport base stations and other WiFi wireless access points.
- Hardware and Software SPI interface
- I2C Interface
- I2S Interface
- Universal Asynchronous Receiver Transmitter (UART)
- Pulse-Width Modulation (PWM)
- IR Remote Control
- 10 bit resolution ADC (Analog-to-Digital Converter)
Sniffer interface
The ESP8266 SDK API features a promiscuous mode which can be used to capture IEEE 802.11 packets in the air, with some limitations though. It will only decode 802.11b/g/n HT20 packets (20Mhz channel bandwidth), not supporting HT40 packets or LDPC. For those, it will only return their length and other (scarce) low-level information, but no additional decoding will be performed.
Data structures
Several data structures are used (but not exposed, i.e. they need to be explicitly declared in the user program) by the SDK to represent these two kinds of packets:
Sniffer-related API functions
The ESP8266 SDK provides the following sniffing-related functions, which can be found at
/include/user_interface.h
:void wifi_promiscuous_enable(uint8 promiscuous)
Enables the promiscuous mode; to do so the chip must be both in
Station
mode first and disconnected from any AP.The
uint8 promiscuous
parameter enables (1
) and disables(0
) this mode.void wifi_set_promiscuous_rx_cb(wifi_promiscuous_cb_t cb)
Registers the callback function which will be called when a data packet is received.
The callback function will get two parameters: a pointer to the buffer memory containing the received packet and its length. The latter determines the type of the received packet:
- Management packets. Length will be
sizeof(wifi_pkt_mgmt_t)
. The buffer will hold awifi_pkt_mgmt_t
structure, containing:wifi_pkt_rx_ctrl_t
structure- A buffer containing the 802.11 packet
cnt
will be1
len
will be the length of the buffer
- Data packets. The buffer will hold a
wifi_pkt_data_t
structure, containing:wifi_pkt_rx_ctrl_t
structurebuf
contains the 802.11 headercnt
how many packets are inbuf
lenseq
contains one or morestruct LenSeq
, providing the following data:- total packet length
- both source and destination MAC addresses
- Unsupported packets. Length will be
sizeof(wifi_pkt_rx_ctrl_t)
. Either the received packet is not supported or it was badly formed/received.
void wifi_promiscuous_set_mac(const uint8_t *address)
Sets a destination MAC address filter for the sniffer, which will filter out every packet except those addressed to the specified MAC or to the broadcast (
FF:FF:FF:FF:FF:FF
).Sample:
uint8 wifi_get_channel(void)
Returns the current Wi-Fi channel.
Writing a simple packet sniffer
Environment setup
Full code is available on GitHub as a PlatformIO project.
It was tested on a Adafruit HUZZAH feather board, with the Arduino framework, using ESP8266 SDK version 1.3.0.
IEEE802.11
A standard 802.11 frame contains a layer 2 MAC header, followed by a variable length frame body and a 32 bit checksum (FCS):
There are several different types of packets:
Wifi Channel Analyzer Mac
- Management
- Control
- Data
- Misc
Our simple sniffer will parse and print out the information contained in the frame header; additionally it will extract the SSID from beacon frames:
Wifi Sniffer For Mac
Program flow
By calling
wifi_set_promiscuous_rx_cb()
we can specify the callback function that will be called when the network interface receives a new packet.The overall program flow will be:
- Initialisation
- Initialise serial interface
- Enable promiscuous mode
- Set sniffer callback
- Set wifi channel (or implement channel hopping via hardware timers)
- Print output table header
- Main loop
- Does nothing: just waits for the callback to be triggered
- Callback function
- Initialise pointers to data structures within the raw packet
- Extract and parse the information contained in the different fields
- Format and output
Due to the blocking nature of the callback function, it is not a good idea to perform too much process in it, because we might lose packets in the meantime. However, this simple example is focused on demonstrating the SDK calls usage rather than in efficiency.
The initialisation phase will be implemented on the
setup()
function:Our callback function will then parse each raw packet (
buff
) as follows:Data structures
In order to parse the packets the following data structures were used:
MAC header
MAC header frame control
Beacon frame
Packet types and subtypes
References/Bibliography/Useful links
Like this post? Sign up for our newsletter!
- Advertisement
- AirGrab WiFi Radar v.1.7.39AirGrab WiFi Radar is a tool to display information about Apple Airport base stations and other WiFi wireless access points. Using AirGrab WiFi Radar you can determine most popular WiFi channels and select optimal channel for your.
- Pass Wifi v.2015PASSWORD WIFI is the software specially developed for accessing the set of wireless communication protocols through a global and refined analysis of the connections.
- Wifi Password Decryptor v.2015PASSWORD WIFI is the software specially developed for accessing the set of wireless communication protocols through a global and refined analysis of the connections.
- SoftPerfect WiFi Guard v.2.1.2A specialised network scanner that helps to protect and keep your WiFi network secure. It scans your wireless network at set intervals and alerts you immediately if it has found any new or unknown connected devices that could belong to an intruder.
- Start Hotspot Cloud WiFi Software v.2.1.0Start Hotspot Cloud WiFi Software is a robust and cost effective solution suitable for any hospitality deployment. It controls user Internet access, sets limits, processes payments, engages users, provides powerful analytics and more!
- WiFi Scanner for Mac OS v.1.1A free 802.11 wireless scanner and connection manager for Mac OS X 10.6 Snow Leopard or later. This will detect access points and clients in ad-hoc mode if the SSID is being broadcasted. It can be used for wireless site surveys, wireless discovery, ...
- Wifiner – WiFi Analyzer v.1.0Wifiner is an indispensable solution for Wi-Fi site surveys, analysis and troubleshooting of your current Wi-Fi network.
- RSS Sniffer v.02A Java Swing application which monitors RSS feeds you added with keywords to filter. Blink window if new topic is found and the app is not on the top. Also supports email ...
- Air Photo Server for Mac OS X Leopard v.1.0Air Photo Server is the free server component, companion to Air Photo on iPhone or iPod Touch. It enables direct wireless printing from iPhone over local wifi network.
Wifi Sniffer Software
- Portable Penetrator v.8.0Portable Penetrator is a complete solution for securing your wireless network and identifying any security flaws before hackers have a chance to do so. This wifi security software provides detailed reports, exposing security issues before it is too ...
- AirGrab Password PRO v.1.0.39The AirGrab Password PRO allows you to create random passwords that are highly secure and extremely difficult to crack or guess due to an optional combination of lower and upper case letters, numbers and other symbols.
- AirGrab Network Packet Analyzer v.1.2.39AirGrab Network Packet Analyzer is a professional network analyzer (also known as protocol analyzer and packet sniffer), Network Packet Analyzer performs real-time packet capturing, network monitoring, advanced protocol analyzing and much more.
- Canon PIXMA MP620 Driver v.10.26.2.0Canon PIXMA MP620 Driver 10.26.2.0 offers you a free yet useful Mac OS X driver installer package for the Canon PIXMA MP620 photo all-in-one device. Print wirelessly from anywhere in the house via WiFi. Want to go computer-free? Or, network it via ...
- Talkie v.1.0.1Talkie 1.0.1 is developed to be an essential program which allows you to offer push-to-talk communication over a local WiFi or Ethernet network, from your menubar that is required: any others connected to the same network and running Talkie for Mac ...
- Peak Express for Mac OS v.6.2Turn good recordings into great recordings.Instant Editing: Want to turn good recordings into great recordings? With our optional Peak Express software, you can WiFi-transfer iProRecorder files from your iPhone to your Mac in seconds '†and ...
- AP Grapher for Mac OS v.1.2.1A freeware program for Mac OS X which searches for and displays nearby wireless (AirPort/WiFi) access points along with information about their percent availability, maximum signal strength, and last contact time. The grapher window allows you to ...
- AirGrab Network Packet Analyzer for Mac OS v.0.9A professional network analyzer (also known as protocol analyzer and packet sniffer), AirGrab Network Packet Analyzer performs real-time packet capturing, network monitoring, advanced protocol analyzing, in-depth packet decoding. It allows you to ...
- Firewall Tester v.0.9The Firewall Tester is a tool designed for testing firewalls' filtering policies. It includes an Intrusion Detection System testing feature, along with a packet generator tool and a sniffer. Unlike common firewall testing tools or packet generators, ...
- JavaNetSim v.0.41javaNetSim (Java Network Simulator) - it's a fork of a project jFirewallSim. The main goal of javaNetSim is creating a software to simulate various TCP/IP networks based on Ethernet, WiFi, PPP, ...
- JNetStream Protocol Decoder v.32jNetStream is a sniffer and a protocol analyzer. Includes applications and library. 100s of protocols are defined. Includes scripting. It is appropriate for custom protocol development, grad students, and network teachers/professors. Full SDK ...
Free Wifi Analyzer For Mac
Wifi Sniffer software by TitlePopularityFreewareLinuxMac
Mac Wifi Analyzer
Today's Top Ten Downloads for Wifi Sniffer
- RSS Sniffer A Java Swing application which monitors RSS feeds you added
- Shellfire VPN Surf anonymously - Encrypted connection - Access Hulu, .
- AirGrab WiFi Radar AirGrab WiFi Radar is a tool to display information
- Wifi Password Decryptor PASSWORD WIFI is the software specially developed for
- NetWorx NetWorx is a powerful tool for measuring network connection
- Pass Wifi PASSWORD WIFI is the software specially developed for
- SoftPerfect WiFi Guard A specialised network scanner that helps to protect and keep
- QR-Code Maker Freeware Use QR-Code Studio to create QR codes for free. An assistant
- AirGrab Network Packet Analyzer AirGrab Network Packet Analyzer is a professional network
- MM3-WebAssistant - Proxy Offline Browser - Archives visited web pages with your browser to be used