2 * parse.c - parsing of pcap packages
4 * author: hackbard@hackdaworld.dyndns.org
11 /* all the parsing stuff will go here
13 * different protocols should get to seperated files though ...
16 unsigned int int_s(unsigned int val) {
20 swapped=(val&0x000000ff)<<24;
21 swapped|=(val&0x0000ff00)<<8;
22 swapped|=(val&0x00ff0000)>>8;
23 swapped|=(val&0xff000000)>>24;
28 int switch_active_state(char *state) {
48 void parse_package(unsigned char *ptr,const struct pcap_pkthdr *pcap_header,const unsigned char *pkg) {
55 unsigned char *package=NULL;
58 //t_frame2_hdr *f2hdr;
59 //t_frame1_hdr *f1hdr;
60 t_beacon_fb *beacon_fb;
62 t_prism_hdr *prismhdr=NULL;
64 char string[MESSAGE_MAX];
65 char sc[MAX_SYSCALL_CHARS];
73 memset(&new_sta,0,sizeof(t_sta));
77 /* prism or ieee802.11 header ? */
78 if(info->mode&MODE_IEEE80211) {
79 package=(unsigned char *)pkg;
82 else if(info->mode&MODE_PRISM) {
83 package=(unsigned char *)pkg+sizeof(t_prism_hdr);
84 prismhdr=(t_prism_hdr *)pkg;
88 if(FCTL_TYPE(package[0])==FCTL_TYPE_MGMT) {
92 if(FCTL_STYPE(package[0])==FCTL_STYPE_BEACON) {
93 f3hdr=(t_frame3_hdr *)package;
94 beacon_fb=(t_beacon_fb *)(package+sizeof(t_frame3_hdr));
96 memcpy(new_sta.addr,f3hdr->addr2,ADDR_LEN);
97 memcpy(new_sta.bssid,f3hdr->addr3,ADDR_LEN);
98 ret=list_search_data(&(info->sniffed_sta),&new_sta,ADDR_LEN);
99 if((ret==L_EMPTY_LIST)|(ret==L_NO_SUCH_ELEMENT)) {
100 list_add_element(&(info->sniffed_sta),&new_sta,sizeof(t_sta));
101 sta=(t_sta *)info->sniffed_sta.current->data;
104 else sta=(t_sta *)info->sniffed_sta.current->data;
106 memcpy(sta->ssid,beacon_fb->ssid,beacon_fb->ssid_length);
107 if((CAP_INFO_ESS(beacon_fb->cap_info))&
108 (CAP_INFO_IBSS(beacon_fb->cap_info)==0)) sta->ap=AP;
109 if(CAP_INFO_PRIVACY(beacon_fb->cap_info)) sta->wep=WEP;
111 switch_active_state(&(sta->active));
112 if(info->mode&MODE_IEEE80211) sta->sq=0;
113 else if(info->mode&MODE_PRISM)
114 sta->sq=(prismhdr->signal.data)-(prismhdr->noise.data);
115 strncpy(string,"last: beacon, source: ",MESSAGE_MAX);
116 for(i=0;i<ADDR_LEN;i++)
117 snprintf(&string[22+3*i],4,"%02x%c",sta->addr[i],
118 (i==ADDR_LEN-1)?'.':':');
119 string[22+3*ADDR_LEN+1]=0;
120 display_console(info,string);
122 snprintf(sc,MAX_SYSCALL_CHARS,
123 "flite 'access point found: %s'",
126 if(sta->wep&WEP) strncpy(sc,"flite ' crypted'",MAX_SYSCALL_CHARS);
127 else strncpy(sc,"flite 'not crypted'",MAX_SYSCALL_CHARS);
135 else if(FCTL_TYPE(package[0])==FCTL_TYPE_CTRL) {
137 display_console(info,"last: got control frame");
141 else if(FCTL_TYPE(package[0])==FCTL_TYPE_DATA) {
144 //if(FCTL_STYPE(package[0])==FCTL_STYPE_DATA) {
145 if(FCTL_TODS(package[0])&FCTL_FROMDS(package[0])) {
146 f4hdr=(t_frame4_hdr *)package;
147 data=package+sizeof(t_frame4_hdr);
148 memcpy(new_sta.addr,f4hdr->addr4,ADDR_LEN);
152 f3hdr=(t_frame3_hdr *)package;
153 data=package+sizeof(t_frame3_hdr);
154 if(FCTL_TODS(package[0])) {
155 memcpy(new_sta.addr,f3hdr->addr2,ADDR_LEN);
156 memcpy(new_sta.bssid,f3hdr->addr1,ADDR_LEN);
158 else if(FCTL_FROMDS(package[0])) {
159 memcpy(new_sta.addr,f3hdr->addr3,ADDR_LEN);
160 memcpy(new_sta.bssid,f3hdr->addr2,ADDR_LEN);
163 memcpy(new_sta.addr,f3hdr->addr2,ADDR_LEN);
164 memcpy(new_sta.bssid,f3hdr->addr3,ADDR_LEN);
168 ret=list_search_data(&(info->sniffed_sta),&new_sta,ADDR_LEN);
169 if((ret==L_EMPTY_LIST)|(ret==L_NO_SUCH_ELEMENT)) {
170 list_add_element(&(info->sniffed_sta),&new_sta,sizeof(t_sta));
171 sta=(t_sta *)info->sniffed_sta.current->data;
174 else sta=(t_sta *)info->sniffed_sta.current->data;
176 ret=list_count(&(info->sniffed_sta));
177 list_reset(&(info->sniffed_sta));
179 cmp_sta=(t_sta *)info->sniffed_sta.current->data;
180 if(!memcmp(cmp_sta->bssid,sta->bssid,ADDR_LEN)) {
181 if(FCTL_FROMDS(package[0]))
182 snprintf(sta->ssid,MAX_SSID_LEN,"<- %s",cmp_sta->ssid);
183 else if(FCTL_TODS(package[0]))
184 snprintf(sta->ssid,MAX_SSID_LEN,"-> %s",cmp_sta->ssid);
186 snprintf(sta->ssid,MAX_SSID_LEN,"<> %s",cmp_sta->ssid);
189 list_next(&(info->sniffed_sta));
194 switch_active_state(&(sta->active));
195 if(info->mode&MODE_IEEE80211) sta->sq=0;
196 else if(info->mode&MODE_PRISM)
197 sta->sq=(prismhdr->signal.data)-(prismhdr->noise.data);
199 strcpy(sc,"flite 'station found by data package'");
203 strcpy(sc,"flite 'wds package'");
206 memcpy(sta->snap,data,10);
207 if((data[0]==0xaa)&(data[1]==0xaa)&(data[2]==0x03)&
208 (data[3]==0x00)&(data[4]==0x00)&(data[5]==0x00)) {
210 strcpy(sc,"flite 'not crypted'");
215 strcpy(sc,"flite ' crypted'");
222 display_console(info,"last: got data frame");
225 if(info->dump_handle!=NULL) pcap_dump((unsigned char *)(info->dump_handle),pcap_header,pkg);