This project aims to design a software able to classify Wi-Fi encrypted traffic, using Pyshark for analyze online and offline traffic.
The classification is performed with respect to a trained model.
The project was developed by Matteo Falconi and Mattia Iamundo as part of the Wireless Internet course at Politecnico di Milano.
A list of requirements is available here.
It is possible to train the model, perform offline classification and performe online classification.
It is possible to configure the training data, specifing in the input_data.json file the MAC addresses of the Station and of the Access Point and the training set. The training set should be already prepared: with only DATA packets filtered, and should be placed in the /training_captures folder.
In order to create your own trained model, delete the trained_model.sav file in the /learner folder
Perform classification over a .pcapng file:
python main.py -type 0 -f filepath -sta Station_MAC_Address -ap AccessPoint_MAC_Address
MAC addresses should be in the form XX:XX:XX:XX:XX:XX
Perform classification over packets captured live in monitor mode:
python main.py -type 1 -i interface -sta Station_MAC_Address -ap AccessPoint_MAC_Address -t Live_Capture_Timeout
MAC addresses should be in the form XX:XX:XX:XX:XX:XX
Interface should be eth0, wlan0 ecc.
Live capture Timout is set to 20 by default and it is an optional argument. It is expressed in seconds, and it expresses the time between each prediction in online classification.