This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Transmitting a spreadsheet of Wi-Fi MAC addresses for bulk validation testing

0

Looking for a way to take a spreadsheet containing 100 (or more) randomized Wi-Fi MAC addresses and transmit them over Wi-fi using a pre-determined interval, (1 second, 5 seconds etc.) then determine the accuracy of a reciever in detecting the transmitted MAC addresses. Have access to Wireshark and Linux Machines. System and methodology got detecting the signals and archiving them is established. It is the randomized creation and transmission part that is creating difficulties. Thanks in advance.

asked 04 Aug '16, 21:00

t1mcca11's gravatar image

t1mcca11
6112
accept rate: 0%

Can you be more specific regarding the required scenario? In particular, do you want to transmit frames with these addresses as source addresses, destination addresses, transmitter addresses, receiver addresses (or a combination thereof)? Source and destination should be fairly simple to imitate, transmitter almost impossible and receiver would likely require a patched driver (I consider unlikely that a stock driver would be willing to send a frame to a non-associated receiver).

(04 Aug '16, 23:07) sindy

we are trying to validate hardware used to sample wifi MAC addresses and calculate travel times from point A to point B. I believe we just need the Source MAC address to upload to a database from multiple simulated locations to validate the underlying travel time analytics. Bob's answer below will get us moving in the right direection. We will have one transmitter or packet injection source, wireshark and our device. The detected MAC addresses will be compared between the Wireshark database and our devices database for detection percentage and matching validation.

(05 Aug '16, 08:36) t1mcca11

One Answer:

0

This is an interesting test scenario so I agree with @sindy: what are you really trying to do here? This also isn't really a Wireshark question, though the capture and analysis could be.

Packet injection is possible with some wifi cards, though I find it even trickier than just capturing traffic. A couple of places to get started with WiFi injection are:

http://www.aircrack-ng.org/

and in particular

http://www.aircrack-ng.org/doku.php?id=aireplay-ng

I know these tools can work to do packet injection on WiFi. The aireplay tool has an injection test mode that you will certainly want to try first as not all WiFi adapters will do injection properly. Even if they do injection, there is no guarantee that you have control over all the fields. I found it best to have a selection of adapters, and depending on exactly what I want to inject, I try the various adapters and see how the data 'on the wire' (really in the air...) behaves. Sometimes I can get what I need, but not always.

Generally, faking MAC addresses seems to be pretty straightforward on many adapters. Adjusting things like NAV timer, Association ID, or even datarate can be much harder. Perhaps, though, if you only need to vary MAC addresses you have a good chance when the adapter is in monitor mode.

Airtun-ng (part of this same suite) is another tool that can inject. I get different results, sometimes, than with aireplay, so try both to verify results. Having good capture capability for this is critical to validate you can do proper injection.

For the overall problem, once you prove to yourself you can actually inject, is to automate. My plan of attack would be to do a perl or python script on Linux to create the random MAC addresses and then use a simple loop to call the aireplay (or whatever) executable, with arguments changing at each loop iteration. Here is an example command to inject a pcap file on wireless - for this test, I hand-edit the hex bytes in a pcap file to get the packet exactly as I want, then call the executable:

aireplay-ng -2 -v 10 -u 1 -w 0 -m 10 -n 100 -h 00:2A:BF:44:DC:51 -r output1.cap mon0

If I need to send multiple packets, I would look for a CLI option to keep sending, or script up a loop and control the timing that way (i.e. number of iterations, period between frames, etc.) Manipulating the hex bytes in perl or python should be straightforward, so creating an 'on demand' pcap file to use to inject and then injecting it is the task at hand, adjusting the pcap file at each loop iteration through your random mac address list, which could be read from a file or created on demand by the script. There are also some tools for manipulating pcap files that may or may not be useful here (packetforge, etc). As @sindy notes, change which ever address field (you have an option of three or four...) of the chosen 802.11 frame type - Data, QoS Data, Null, QoS-Null, lots of options.

Others with more programming background will likely have better plans on how to automate once you have the actually injection piece working.

I have this notion that OmniPeek will inject WiFI packets, but have never done it so can't be sure. You can check there for a possible Windows solution at www.savvius.com.

answered 05 Aug '16, 03:39

Bob%20Jones's gravatar image

Bob Jones
1.0k2515
accept rate: 21%

Great info. Will be working on this over the weekend.

(05 Aug '16, 08:32) t1mcca11