summaryrefslogtreecommitdiff
Unidiff
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--noncore/net/wellenreiter/daemon/source/sniffer.cc18
1 files changed, 14 insertions, 4 deletions
diff --git a/noncore/net/wellenreiter/daemon/source/sniffer.cc b/noncore/net/wellenreiter/daemon/source/sniffer.cc
index 65c8579..be64d67 100644
--- a/noncore/net/wellenreiter/daemon/source/sniffer.cc
+++ b/noncore/net/wellenreiter/daemon/source/sniffer.cc
@@ -1,337 +1,347 @@
1/* 1/*
2 * rfmon mode sniffer 2 * rfmon mode sniffer
3 * This works only with cisco wireless cards with an rfmon 3 * This works only with cisco wireless cards with an rfmon
4 * able driver and not with wifi stuff. 4 * able driver and not with wifi stuff.
5 * 5 *
6 * $Id$ 6 * $Id$
7 */ 7 */
8 8
9#include "config.hh" 9#include "config.hh"
10#include "cardmode.hh" 10#include "cardmode.hh"
11#include "sniffer.hh" 11#include "sniffer.hh"
12#include "ieee802_11.hh" 12#include "ieee802_11.hh"
13#include "extract.hh" 13#include "extract.hh"
14 14
15int main(void) 15int main(void)
16 { 16 {
17 if(card_into_monitormode (SNIFFER_DEVICE, CARD_TYPE_NG) < 0) 17 if(card_into_monitormode (SNIFFER_DEVICE, CARD_TYPE_NG) < 0)
18 return 0; 18 return 0;
19 start_sniffing (SNIFFER_DEVICE); 19 start_sniffing (SNIFFER_DEVICE);
20 20
21 return 1; 21 return 1;
22} 22}
23 23
24int start_sniffing (char * device) 24int start_sniffing (char * device)
25{ 25{
26 26
27 pcap_t *handletopcap; 27 pcap_t *handletopcap; /* The handle to the libpcap */
28 char errbuf[PCAP_ERRBUF_SIZE]; 28 char errbuf[PCAP_ERRBUF_SIZE]; /* The errorbuffer of libpacap */
29 struct pcap_pkthdr header; /* The packet header from pcap*/
30 const u_char *packet; /* The actual packet content*/
29 31
30 /* opening the pcap for sniffing */ 32 /* opening the pcap for sniffing */
31 handletopcap = pcap_open_live(device, BUFSIZ, 1, 1000, errbuf); 33 handletopcap = pcap_open_live(device, BUFSIZ, 1, 1000, errbuf);
32 34
33 #ifdef HAVE_PCAP_NONBLOCK 35 #ifdef HAVE_PCAP_NONBLOCK
34 pcap_setnonblock(handletopcap, 1, errstr); 36 pcap_setnonblock(handletopcap, 1, errstr);
35 #endif 37 #endif
36 /*start scanning */ 38 /*start scanning */
37 pcap_loop(handletopcap,-1,process_packets,NULL); 39 //pcap_loop(handletopcap,-1,process_packets,NULL);
40 /* Loope endless */
41 while(1)
42 {
43 /* Grab one single packet */
44 packet = pcap_next(handletopcap, &header);
45
46 /* process the packet */
47 process_packets(NULL,&header,*&packet);
48 }
38 49
39 printf("\nDone processing packets... wheew!\n"); 50 printf("\nDone processing packets... wheew!\n");
40 return 1; 51 return 1;
41} 52}
42 53
43void process_packets(u_char *useless,const struct pcap_pkthdr* pkthdr,const u_char* packet) 54void process_packets(u_char *useless,const struct pcap_pkthdr* pkthdr,const u_char* packet)
44{ 55{
45 u_int caplen = pkthdr->caplen; 56 u_int caplen = pkthdr->caplen;
46 u_int length = pkthdr->len; 57 u_int length = pkthdr->len;
47 u_int16_t fc; 58 u_int16_t fc;
48 u_int HEADER_LENGTH; 59 u_int HEADER_LENGTH;
49 60
50 /* pinfo holds all interresting information for us */ 61 /* pinfo holds all interresting information for us */
51 struct packetinfo pinfo; 62 struct packetinfo pinfo;
52 struct packetinfo *pinfoptr; 63 struct packetinfo *pinfoptr;
53 pinfoptr=&pinfo; 64 pinfoptr=&pinfo;
54 65
55 pinfoptr->isvalid = 0; 66 pinfoptr->isvalid = 0;
56 pinfoptr->pktlen = pkthdr->len; 67 pinfoptr->pktlen = pkthdr->len;
57 68
58 if (caplen < IEEE802_11_FC_LEN) 69 if (caplen < IEEE802_11_FC_LEN)
59 { 70 {
60 /* This is a garbage packet, because is does not long enough 71 /* This is a garbage packet, because is does not long enough
61 to hold a 802.11b header */ 72 to hold a 802.11b header */
62 pinfoptr->isvalid = 0; 73 pinfoptr->isvalid = 0;
63 return; 74 return;
64 } 75 }
65 76
66 /* Gets the framecontrol bits (2bytes long) */ 77 /* Gets the framecontrol bits (2bytes long) */
67 fc = EXTRACT_LE_16BITS(packet); 78 fc = EXTRACT_LE_16BITS(packet);
68 79
69 HEADER_LENGTH = GetHeaderLength(fc); 80 HEADER_LENGTH = GetHeaderLength(fc);
70 81
71 if (caplen < HEADER_LENGTH) 82 if (caplen < HEADER_LENGTH)
72 { 83 {
73 /* This is a garbage packet, because it is not long enough 84 /* This is a garbage packet, because it is not long enough
74 to hold a correct header of its type */ 85 to hold a correct header of its type */
75 pinfoptr->isvalid = 0; 86 pinfoptr->isvalid = 0;
76 return; 87 return;
77 } 88 }
78 89
79 /* Decode 802.11b header out of the packet */ 90 /* Decode 802.11b header out of the packet */
80 if (decode_80211b_hdr(packet,pinfoptr) == 0) 91 if (decode_80211b_hdr(packet,pinfoptr) == 0)
81 { 92 {
82 /* Justification of the ofset to further process the packet */ 93 /* Justification of the ofset to further process the packet */
83 length -= HEADER_LENGTH; 94 length -= HEADER_LENGTH;
84 caplen -= HEADER_LENGTH; 95 caplen -= HEADER_LENGTH;
85 packet += HEADER_LENGTH; 96 packet += HEADER_LENGTH;
86 } 97 }
87 else 98 else
88 { /* Something is wrong,could not be a correct packet */ 99 { /* Something is wrong,could not be a correct packet */
89 return; 100 return;
90 } 101 }
91 102
92 switch (FC_TYPE(fc)) 103 switch (FC_TYPE(fc))
93 { 104 {
94 /* Is it a managemnet frame? */ 105 /* Is it a managemnet frame? */
95 case T_MGMT: 106 case T_MGMT:
96 switch (FC_SUBTYPE(fc)) 107 switch (FC_SUBTYPE(fc))
97 { /* Is it a beacon frame? */ 108 { /* Is it a beacon frame? */
98 case ST_BEACON: 109 case ST_BEACON:
99 if (handle_beacon(fc, packet,pinfoptr) ==0) 110 if (handle_beacon(fc, packet,pinfoptr) ==0)
100 { 111 {
101 printf ("\n\tOn network : %s",pinfoptr->ssid);
102 if (!strcmp(pinfoptr->desthwaddr,"ff:ff:ff:ff:ff:ff") == 0) 112 if (!strcmp(pinfoptr->desthwaddr,"ff:ff:ff:ff:ff:ff") == 0)
103 { 113 {
104 /* Every beacon must have the broadcast as destination 114 /* Every beacon must have the broadcast as destination
105 so it must be a shitti packet */ 115 so it must be a shitti packet */
106 pinfoptr->isvalid = 0; 116 pinfoptr->isvalid = 0;
107 return; 117 return;
108 } 118 }
109 119
110 if (pinfoptr->cap_ESS == pinfoptr->cap_IBSS) 120 if (pinfoptr->cap_ESS == pinfoptr->cap_IBSS)
111 { 121 {
112 /* Only one of both are possible, so must be 122 /* Only one of both are possible, so must be
113 a noise packet, if this comes up */ 123 a noise packet, if this comes up */
114 pinfoptr->isvalid = 0; 124 pinfoptr->isvalid = 0;
115 return; 125 return;
116 } 126 }
117 if (pinfoptr->channel < 1 || pinfoptr->channel > 14) 127 if (pinfoptr->channel < 1 || pinfoptr->channel > 14)
118 { 128 {
119 /* Only channels between 1 and 14 are possible 129 /* Only channels between 1 and 14 are possible
120 others must be noise packets */ 130 others must be noise packets */
121 pinfoptr->isvalid = 0; 131 pinfoptr->isvalid = 0;
122 return; 132 return;
123 } 133 }
124 134
125 /* Here should be the infos to the gui issued */ 135 /* Here should be the infos to the gui issued */
126 if (pinfoptr->cap_ESS == 1 &&pinfoptr->cap_IBSS ==0) 136 if (pinfoptr->cap_ESS == 1 &&pinfoptr->cap_IBSS ==0)
127 { 137 {
128 printf ("\nHave found an accesspoint:"); 138 printf ("\nHave found an accesspoint:");
129 } 139 }
130 else if(pinfoptr->cap_ESS == 0 && pinfoptr->cap_IBSS == 1) 140 else if(pinfoptr->cap_ESS == 0 && pinfoptr->cap_IBSS == 1)
131 { 141 {
132 printf ("\nHave found an AD-HOC station:"); 142 printf ("\nHave found an AD-HOC station:");
133 143
134 } 144 }
135 if (strcmp (pinfoptr->ssid,NONBROADCASTING) ==0) 145 if (strcmp (pinfoptr->ssid,NONBROADCASTING) ==0)
136 { 146 {
137 printf ("\n\tOn a non-broadcasting network"); 147 printf ("\n\tOn a non-broadcasting network");
138 } 148 }
139 else 149 else
140 { 150 {
141 printf ("\n\tOn network : %s",pinfoptr->ssid); 151 printf ("\n\tOn network : %s",pinfoptr->ssid);
142 } 152 }
143 printf ("\n\tLen SSID : %d",pinfoptr->ssid_len); 153 printf ("\n\tLen SSID : %d",pinfoptr->ssid_len);
144 printf ("\n\tOn Channel : %d",pinfoptr->channel); 154 printf ("\n\tOn Channel : %d",pinfoptr->channel);
145 printf ("\n\tEncryption : %s", pinfoptr->cap_WEP ? "ON" : "OFF"); 155 printf ("\n\tEncryption : %s", pinfoptr->cap_WEP ? "ON" : "OFF");
146 printf ("\n\tMacaddress : %s",pinfoptr->sndhwaddr); 156 printf ("\n\tMacaddress : %s",pinfoptr->sndhwaddr);
147 printf ("\n\tBssid : %s",pinfoptr->bssid); 157 printf ("\n\tBssid : %s",pinfoptr->bssid);
148 printf ("\n\tDest : %s\n",pinfoptr->desthwaddr); 158 printf ("\n\tDest : %s\n",pinfoptr->desthwaddr);
149 } 159 }
150 break; 160 break;
151 default: 161 default:
152 printf("Unknown IEEE802.11 frame subtype (%d)",FC_SUBTYPE(fc)); 162 printf("Unknown IEEE802.11 frame subtype (%d)",FC_SUBTYPE(fc));
153 break; 163 break;
154 } /* End of switch over different mgt frame types */ 164 } /* End of switch over different mgt frame types */
155 165
156 break; 166 break;
157 case T_CTRL: 167 case T_CTRL:
158 //decode_control_frames(fc, packet); 168 //decode_control_frames(fc, packet);
159 printf ("Its a control frame"); 169 printf ("Its a control frame");
160 break; 170 break;
161 case T_DATA: 171 case T_DATA:
162 //decode_data_frames(fc, packet); 172 //decode_data_frames(fc, packet);
163 printf ("Its a date frame"); 173 printf ("Its a date frame");
164 break; 174 break;
165 default: 175 default:
166 printf("Unknown IEEE802.11 frame type (%d)",FC_TYPE(fc)); 176 printf("Unknown IEEE802.11 frame type (%d)",FC_TYPE(fc));
167 break; 177 break;
168 } 178 }
169} 179}
170 180
171 181
172/* This decodes the 802.11b frame header out of the 802.11b packet 182/* This decodes the 802.11b frame header out of the 802.11b packet
173 all the infos is placed into the packetinfo structure */ 183 all the infos is placed into the packetinfo structure */
174int decode_80211b_hdr(const u_char *p,struct packetinfo *ppinfo) 184int decode_80211b_hdr(const u_char *p,struct packetinfo *ppinfo)
175{ 185{
176 const struct mgmt_header_t *mgthdr = (const struct mgmt_header_t *) p; 186 const struct mgmt_header_t *mgthdr = (const struct mgmt_header_t *) p;
177 ppinfo->fcsubtype = FC_SUBTYPE(mgthdr->fc); 187 ppinfo->fcsubtype = FC_SUBTYPE(mgthdr->fc);
178 188
179 /* Get the sender, bssid and dest mac address */ 189 /* Get the sender, bssid and dest mac address */
180 etheraddr_string(mgthdr->bssid,ppinfo->bssid); 190 etheraddr_string(mgthdr->bssid,ppinfo->bssid);
181 etheraddr_string(mgthdr->da,ppinfo->desthwaddr); 191 etheraddr_string(mgthdr->da,ppinfo->desthwaddr);
182 etheraddr_string(mgthdr->sa,ppinfo->sndhwaddr); 192 etheraddr_string(mgthdr->sa,ppinfo->sndhwaddr);
183 ppinfo->fc_wep = FC_WEP(mgthdr->fc); 193 ppinfo->fc_wep = FC_WEP(mgthdr->fc);
184 return 0; 194 return 0;
185} 195}
186 196
187 197
188void etheraddr_string(register const u_char *ep,char * text) 198void etheraddr_string(register const u_char *ep,char * text)
189{ 199{
190 static char hex[] = "0123456789abcdef"; 200 static char hex[] = "0123456789abcdef";
191 register u_int i, j; 201 register u_int i, j;
192 register char *cp; 202 register char *cp;
193 char buf[sizeof("00:00:00:00:00:00")]; 203 char buf[sizeof("00:00:00:00:00:00")];
194 cp = buf; 204 cp = buf;
195 if ((j = *ep >> 4) != 0) 205 if ((j = *ep >> 4) != 0)
196 *cp++ = hex[j]; 206 *cp++ = hex[j];
197 *cp++ = hex[*ep++ & 0xf]; 207 *cp++ = hex[*ep++ & 0xf];
198 for (i = 5; (int)--i >= 0;) { 208 for (i = 5; (int)--i >= 0;) {
199 *cp++ = ':'; 209 *cp++ = ':';
200 if ((j = *ep >> 4) != 0) 210 if ((j = *ep >> 4) != 0)
201 *cp++ = hex[j]; 211 *cp++ = hex[j];
202 *cp++ = hex[*ep++ & 0xf]; 212 *cp++ = hex[*ep++ & 0xf];
203 } 213 }
204 *cp = '\0'; 214 *cp = '\0';
205 strcpy(text,buf); 215 strcpy(text,buf);
206} 216}
207 217
208int handle_beacon(u_int16_t fc, const u_char *p,struct packetinfo *ppinfo) 218int handle_beacon(u_int16_t fc, const u_char *p,struct packetinfo *ppinfo)
209{ 219{
210 struct mgmt_body_t pbody; 220 struct mgmt_body_t pbody;
211 int offset = 0; 221 int offset = 0;
212 222
213 /* Get the static informations out of the packet */ 223 /* Get the static informations out of the packet */
214 memset(&pbody, 0, sizeof(pbody)); 224 memset(&pbody, 0, sizeof(pbody));
215 memcpy(&pbody.timestamp, p, 8); 225 memcpy(&pbody.timestamp, p, 8);
216 offset += 8; 226 offset += 8;
217 pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset); 227 pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset);
218 offset += 2; 228 offset += 2;
219 pbody.capability_info = EXTRACT_LE_16BITS(p+offset); 229 pbody.capability_info = EXTRACT_LE_16BITS(p+offset);
220 offset += 2; 230 offset += 2;
221 231
222 /* Gets the different flags out of the capabilities */ 232 /* Gets the different flags out of the capabilities */
223 ppinfo->cap_ESS = CAPABILITY_ESS(pbody.capability_info); 233 ppinfo->cap_ESS = CAPABILITY_ESS(pbody.capability_info);
224 ppinfo->cap_IBSS = CAPABILITY_IBSS(pbody.capability_info); 234 ppinfo->cap_IBSS = CAPABILITY_IBSS(pbody.capability_info);
225 ppinfo->cap_WEP = CAPABILITY_PRIVACY(pbody.capability_info); 235 ppinfo->cap_WEP = CAPABILITY_PRIVACY(pbody.capability_info);
226 236
227 /* Gets the tagged elements out of the packets */ 237 /* Gets the tagged elements out of the packets */
228 while (offset + 1 < ppinfo->pktlen) 238 while (offset + 1 < ppinfo->pktlen)
229 { 239 {
230 switch (*(p + offset)) 240 switch (*(p + offset))
231 { 241 {
232 case E_SSID: 242 case E_SSID:
233 memcpy(&(pbody.ssid),p+offset,2); offset += 2; 243 memcpy(&(pbody.ssid),p+offset,2); offset += 2;
234 if (pbody.ssid.length > 0) 244 if (pbody.ssid.length > 0)
235 { 245 {
236 memcpy(&(pbody.ssid.ssid),p+offset,pbody.ssid.length); offset += pbody.ssid.length; 246 memcpy(&(pbody.ssid.ssid),p+offset,pbody.ssid.length); offset += pbody.ssid.length;
237 pbody.ssid.ssid[pbody.ssid.length]='\0'; 247 pbody.ssid.ssid[pbody.ssid.length]='\0';
238 if (strcmp((char *)pbody.ssid.ssid,"")==0) 248 if (strcmp((char *)pbody.ssid.ssid,"")==0)
239 { 249 {
240 ppinfo->ssid = NONBROADCASTING; 250 ppinfo->ssid = NONBROADCASTING;
241 } 251 }
242 else 252 else
243 { 253 {
244 ppinfo->ssid = (char *)pbody.ssid.ssid; 254 ppinfo->ssid = (char *)pbody.ssid.ssid;
245 } 255 }
246 ppinfo->ssid_len = pbody.ssid.length; 256 ppinfo->ssid_len = pbody.ssid.length;
247 } 257 }
248 break; 258 break;
249 259
250 case E_CHALLENGE: 260 case E_CHALLENGE:
251 memcpy(&(pbody.challenge),p+offset,2); offset += 2; 261 memcpy(&(pbody.challenge),p+offset,2); offset += 2;
252 if (pbody.challenge.length > 0) 262 if (pbody.challenge.length > 0)
253 { 263 {
254 memcpy(&(pbody.challenge.text),p+offset,pbody.challenge.length); offset += pbody.challenge.length; 264 memcpy(&(pbody.challenge.text),p+offset,pbody.challenge.length); offset += pbody.challenge.length;
255 pbody.challenge.text[pbody.challenge.length]='\0'; 265 pbody.challenge.text[pbody.challenge.length]='\0';
256 } 266 }
257 break; 267 break;
258 case E_RATES: 268 case E_RATES:
259 memcpy(&(pbody.rates),p+offset,2); offset += 2; 269 memcpy(&(pbody.rates),p+offset,2); offset += 2;
260 if (pbody.rates.length > 0) { 270 if (pbody.rates.length > 0) {
261 memcpy(&(pbody.rates.rate),p+offset,pbody.rates.length); offset += pbody.rates.length; 271 memcpy(&(pbody.rates.rate),p+offset,pbody.rates.length); offset += pbody.rates.length;
262 } 272 }
263 break; 273 break;
264 case E_DS: 274 case E_DS:
265 memcpy(&(pbody.ds),p+offset,3); offset +=3; 275 memcpy(&(pbody.ds),p+offset,3); offset +=3;
266 ppinfo->channel = pbody.ds.channel; 276 ppinfo->channel = pbody.ds.channel;
267 break; 277 break;
268 case E_CF: 278 case E_CF:
269 memcpy(&(pbody.cf),p+offset,8); offset +=8; 279 memcpy(&(pbody.cf),p+offset,8); offset +=8;
270 break; 280 break;
271 case E_TIM: 281 case E_TIM:
272 memcpy(&(pbody.tim),p+offset,2); offset +=2; 282 memcpy(&(pbody.tim),p+offset,2); offset +=2;
273 memcpy(&(pbody.tim.count),p+offset,3); offset +=3; 283 memcpy(&(pbody.tim.count),p+offset,3); offset +=3;
274 if ((pbody.tim.length -3) > 0) 284 if ((pbody.tim.length -3) > 0)
275 { 285 {
276 memcpy((pbody.tim.bitmap),p+(pbody.tim.length -3),(pbody.tim.length -3)); 286 memcpy((pbody.tim.bitmap),p+(pbody.tim.length -3),(pbody.tim.length -3));
277 offset += pbody.tim.length -3; 287 offset += pbody.tim.length -3;
278 } 288 }
279 break; 289 break;
280 default: 290 default:
281 291
282 offset+= *(p+offset+1) + 2; 292 offset+= *(p+offset+1) + 2;
283 break; 293 break;
284 } /* end of switch*/ 294 } /* end of switch*/
285 } /* end of for loop */ 295 } /* end of for loop */
286 return 0; 296 return 0;
287 297
288} /* End of handle_beacon */ 298} /* End of handle_beacon */
289 299
290 300
291static int GetHeaderLength(u_int16_t fc) 301static int GetHeaderLength(u_int16_t fc)
292{ 302{
293 int iLength=0; 303 int iLength=0;
294 304
295 switch (FC_TYPE(fc)) { 305 switch (FC_TYPE(fc)) {
296 case T_MGMT: 306 case T_MGMT:
297 iLength = MGMT_HEADER_LEN; 307 iLength = MGMT_HEADER_LEN;
298 break; 308 break;
299 case T_CTRL: 309 case T_CTRL:
300 switch (FC_SUBTYPE(fc)) { 310 switch (FC_SUBTYPE(fc)) {
301 case CTRL_PS_POLL: 311 case CTRL_PS_POLL:
302 iLength = CTRL_PS_POLL_LEN; 312 iLength = CTRL_PS_POLL_LEN;
303 break; 313 break;
304 case CTRL_RTS: 314 case CTRL_RTS:
305 iLength = CTRL_RTS_LEN; 315 iLength = CTRL_RTS_LEN;
306 break; 316 break;
307 case CTRL_CTS: 317 case CTRL_CTS:
308 iLength = CTRL_CTS_LEN; 318 iLength = CTRL_CTS_LEN;
309 break; 319 break;
310 case CTRL_ACK: 320 case CTRL_ACK:
311 iLength = CTRL_ACK_LEN; 321 iLength = CTRL_ACK_LEN;
312 break; 322 break;
313 case CTRL_CF_END: 323 case CTRL_CF_END:
314 iLength = CTRL_END_LEN; 324 iLength = CTRL_END_LEN;
315 break; 325 break;
316 case CTRL_END_ACK: 326 case CTRL_END_ACK:
317 iLength = CTRL_END_ACK_LEN; 327 iLength = CTRL_END_ACK_LEN;
318 break; 328 break;
319 default: 329 default:
320 iLength = 0; 330 iLength = 0;
321 break; 331 break;
322 } 332 }
323 break; 333 break;
324 case T_DATA: 334 case T_DATA:
325 if (FC_TO_DS(fc) && FC_FROM_DS(fc)) 335 if (FC_TO_DS(fc) && FC_FROM_DS(fc))
326 iLength = 30; 336 iLength = 30;
327 else 337 else
328 iLength = 24; 338 iLength = 24;
329 break; 339 break;
330 default: 340 default:
331 printf("unknown IEEE802.11 frame type (%d)", 341 printf("unknown IEEE802.11 frame type (%d)",
332 FC_TYPE(fc)); 342 FC_TYPE(fc));
333 break; 343 break;
334 } 344 }
335 345
336 return iLength; 346 return iLength;
337} 347}