How to get the beacon's information of another AP?

开发者_如何学编程Assuming I have two APs. I want one AP to monitor another AP's beacon information, such as whether that AP is buffering traffic, TSF and everything contained in the beacon. They can monitor each. I found with iwlist scan, we can get TSF of other APs, but I don't know how iwlist scan can get the beacon information even though I have read the source code. My wireless driver is ath9k.

Do you have any ideas about it? How to extract some information from the scanned beacon frame? Thank you.

If you want to sniff and analyze beacons you need to set up monitor mode on your interface and set the channel to the AP channel.

You can do that with iw utility for example

iw wlan0 set monitor otherbss
iw wlan0 set channel X

To figure out the AP channel just scan with something like

iw wlan0 scan

If your hardware and driver support monitor mode you should be able to run Wireshark and see beacons of the AP. To write a utility which parses beacons and monitors events you can use libpcap or bindings for it in python for example.

wpa_supplicant, which is widely used wifi middleware, provides BSS command to get AP information like TSF and IEs.

With wpa_cli, you can send commands to wpa_supplicant.

The following is the example obtaining tsf value by leveraging wpa_cli. (Assume interface name is wlan0)

wpa_cli -iwlan0 scan
Wpa_cli -iwlan0 scan_result
# (Find out bss id of APs you want to get tsf.)
wpa_cli -iwlan0 bss "bss id"

If you want to do it in your code, refer wpa_ctrl.c on Internet.

You need to have a wireless card that supports monitor mode and an understanding of 802.11 frames.

Having said that there are libraries like libpcap and libtins that enable you to easily capture and perform analysis or operations on packets.

I have used libtins ( http://libtins.github.io/ ) and would recommend you to have a look at it. It is an easy to use library for C++ and with an example on beacon frames itself ( http://libtins.github.io/examples/beacon-display/ ).