I am very new to network and packet sniffing. What I am trying to do is sniffing the wifi network and print out all packets with their types and subtypes. What I have tried so far is using scapy with Python and the code is running on a raspberry pi with wifi adapter in monitor mode.
A strange behavior I discovered is in many cases when the packet type is 1 the addr2 (sender/source MAC address) was be missing. I simply get 'None' value in the console output.
Below is part of code I tried to capture all packets:
def PacketHandler(pkt):
if pkt.haslayer(Dot11):
print('Pkt type: ', pkt.type, 'Pkt subtype: ', pkt.subtype)
deviceList.append((pkt.addr2, datetime.fromtimestamp(pkt.time).strftime('%H:%M:%S')))
for i in range(args.numOfEp):
print("This is epoch: " + str(i))
sniff(iface=args.iface, prn=PacketHandler, timeout=args.epoch)
I am only interested in capturing sender MAC for now so I used pkt.addr2 here. Below is a part of the output: enter image description here
I have also checked many articles online and none of them seem to explain if and when the addr2 MAC address may be omitted in certain type of packets. Maybe my code isn't correct? Please give me some idea why this is happening. It will even be better if you can point out some papers or publications which address this issue. Thanks a lot in advance!