I'm using esp32 to capture WiFi packets. I manage to capture all packets and even EAPOL, from which the password is easily derived. However, when trying to decrypt Data packets nothing comes out. As I understand it they are garbled or cut off. Is there any way around this.
how do you do that?
share your code
#include "esp_wifi.h"
#include <WiFi.h>
#include <Arduino.h>
#include <TimeLib.h>
#include <PCAP.h>
PCAP pcap = PCAP();
void sniffer(void *buf, wifi_promiscuous_pkt_type_t type){
wifi_promiscuous_pkt_t* pkt = (wifi_promiscuous_pkt_t*)buf;
wifi_pkt_rx_ctrl_t ctrl = (wifi_pkt_rx_ctrl_t)pkt->rx_ctrl;
uint32_t timestamp = now(); // current timestamp
uint32_t microseconds = (unsigned int)(micros() % 1000000U);
pcap.newPacketSerial(timestamp, microseconds, ctrl.sig_len, pkt->payload); //send packet via Serial
}
void setup() {
Serial.begin(921600);
delay(2000);
wifi_promiscuous_filter_t filter = {
.filter_mask = WIFI_PROMIS_FILTER_MASK_ALL,
};
esp_wifi_set_promiscuous_filter(&filter);
wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
esp_wifi_init(&cfg);
esp_wifi_set_mode(WIFI_MODE_AP);
esp_wifi_start();
esp_wifi_set_channel(13, WIFI_SECOND_CHAN_NONE);
Serial.println("<<START>>");
pcap.startSerial();
esp_wifi_set_promiscuous(true);
esp_wifi_set_promiscuous_rx_cb(sniffer);
}
void loop() {
}
so you use Wireshark on the other end ?
(I never used that library, cool project)
Yeah. I use wireshark. I can share .pcap.
Indeed that's cool. I've been using Wireshark for about 25 years, and I do quite a bit of network stuff with the ESP32, but I hadn't considered there may be code for capturing Wireshark traces on the ESP32 itself. I'm going to look into using it.
I hope you will be able to solve the problem with malformed or clipped frames. If you do, could you please share the solution?
managed to get rid of the warning about damaged packets by reducing the length by 4
1 Like
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.