0

I would like to distinguish the behavior of users to use a (public) Wi-Fi access point. It would be possible to access the log files of the access point, but I don't have the authority to.

Alternatively, I set this experiment for sniffing (sensing) the Wi-Fi packets:

There is an access point; there are many users, too

I set Wi-Fi sensors built on Raspberry Pi to collect the Wi-Fi packets from the users and AP.

Simply, As the MAC address of destination and origin were the device and the AP, the device was thought to be using the AP when it was sent and received by the data frame (not the management frame).

However, there are four sub-types in the data frame. Although not sure, QoS NULL and QoS data do not appear to be using data.

In this situation, do you have any ideas to detect the usage of WiFi AP by sniffing the packet? All of data frame can be considered to determine the usage of Wi-Fi AP?

MarianD
  • 244
  • 1
  • 2
  • 7
jhyeon
  • 103
  • 3
  • 1
    If you're looking for users who are doing sketchy things on access points, then there will always be at least one: yourself :) – Conor Mancone Sep 06 '20 at 17:01

1 Answers1

1

Some tools can already do this, notably airodump-ng, which will show a list of clients and the network they are currently associated with. The tool can filter by open networks.

QoS data is typically used for the data, but will usually be unintelligible due to encryption, and would need to be processed by another dissector in order to see the payload anyway.

multithr3at3d
  • 12,355
  • 3
  • 29
  • 42