Node.js and how to listen to WiFi with it

Reading Time: 3 minutes One advantage of Node.js is the ability to use JavaScript to deploy applications that make use of

Reading Time: 3 minutes

One advantage of Node.js is the ability to use JavaScript to deploy applications that make use of system resources, beyond what a conventional browser allows us to.

In this example we will learn how to listen to WiFi’s Probe Requests using Node.js.


Probe request

There are 2 ways to establish a connection and initiate the communication between an access point (such as a router) and a WiFi device (such as a phone):
• The access point periodically broadcast its SSID to notify the devices that are listening to their presence.
• The device periodically sends the list of its known networks and the access point responds if it sees itself on the list.
In the second case, the notification sent by the device is called Probe Request, and that is what we will try to listen to.

Monitor mode

WiFi cards usually process packets that are addressed to them (according to the MAC address of each packets) and discard the rest. For our case, we want to hear packets that are not explicitly directed to our MAC address (the Probe Requests are sent as broadcast), we must enable what is called Monitor Mode.

In Monitor Mode, the WiFi card processes all traffic that it can listen to, no matter to whom it is addressed to. The driver of the network card is is responsible for implementing one mode or another.

In most cases, it is not possible to use Monitor Mode in Windows, but it’s possible to do so in Linux (depending on the motherboard chipset).
First shut down the network card:

We then enable the Monitor Mode:

And we start up the network card again:

If we see its state, it should be in monitoring mode:


Logging packets

To listen to packets with Node.js use the module:

We start by creating a session, passing as the parameter the name of the interface on which we will listen from and the type of packets we want to capture.

In this example, our interface is called wlan0 and we use the tcpdump format to specify the type of hearing packets.
With the session established, we can implement a handler for the event packet which is triggered with each arriving packet:

rawPacket has the package’s contents as bytes. To decode it to a more user-friendly JSON we can do the following:

We can now log interesting information:

Logging SSID

One piece of data that does not appear when decoding the packet to the JSON is the SSID that is trying to reach the Probe Request. The functionality to bring that figure is not implemented in the pcap module, but looking at the code, using a tool like WireShark and with a little patience, we can know how to get it:

In the Probe Requests, there is a section where values appear in the format:
• Type of data (1 byte)
• Data length (1 byte)
• Data (n bytes according to the previous field’s value)

Promptly at position 50 there should be the type 0, indicating the SSID.
From the 51th position, we can obtain the length of the SSID and iterate each byte from the 52th position to the 52th+ position length, decoding them to characters.
Altogether, it would look like this:

See All Posts