* different protocols should get to seperated files though ...
*/
+unsigned int int_s(unsigned int val) {
+
+ unsigned int swapped;
+
+ swapped=(val&0x000000ff)<<24;
+ swapped|=(val&0x0000ff00)<<8;
+ swapped|=(val&0x00ff0000)>>8;
+ swapped|=(val&0xff000000)>>24;
+
+ return swapped;
+}
+
int switch_active_state(char *state) {
switch(*state) {
return 23;
}
-void parse_package(unsigned char *ptr,const struct pcap_pkthdr *pcap_header,const unsigned char *package) {
+void parse_package(unsigned char *ptr,const struct pcap_pkthdr *pcap_header,const unsigned char *pkg) {
t_info *info;
int i;
t_sta new_sta;
+ t_sta *cmp_sta;
t_sta *sta;
- //t_frame4_hdr *f4hdr;
+ unsigned char *package=NULL;
+ t_frame4_hdr *f4hdr;
t_frame3_hdr *f3hdr;
//t_frame2_hdr *f2hdr;
//t_frame1_hdr *f1hdr;
t_beacon_fb *beacon_fb;
+ unsigned char *data;
+ t_prism_hdr *prismhdr=NULL;
int ret;
char string[MESSAGE_MAX];
char sc[MAX_SYSCALL_CHARS];
unsigned char new;
+ unsigned char foo;
info=(t_info *)ptr;
memset(&new_sta,0,sizeof(t_sta));
new=0;
+ foo=0;
- if(info->dump_fd!=0) {
- ret=write(info->dump_fd,pcap_header,sizeof(struct pcap_pkthdr));
- if(ret!=sizeof(struct pcap_pkthdr))
- display_console(info,"warning, pcap header write failed!");
- ret=write(info->dump_fd,package,pcap_header->caplen);
- if(ret!=pcap_header->caplen)
- display_console(info,"warning, package write failed!");
+ /* prism or ieee802.11 header ? */
+ if(info->mode&MODE_IEEE80211) {
+ package=(unsigned char *)pkg;
+ prismhdr=NULL;
+ }
+ else if(info->mode&MODE_PRISM) {
+ package=(unsigned char *)pkg+sizeof(t_prism_hdr);
+ prismhdr=(t_prism_hdr *)pkg;
}
-
- /* maybe there is offset to the actual ieee802.11 frame,
- for example prism header ...
- in that case, hack the source! */
/* management */
if(FCTL_TYPE(package[0])==FCTL_TYPE_MGMT) {
beacon_fb=(t_beacon_fb *)(package+sizeof(t_frame3_hdr));
// check sta
memcpy(new_sta.addr,f3hdr->addr2,ADDR_LEN);
+ memcpy(new_sta.bssid,f3hdr->addr3,ADDR_LEN);
ret=list_search_data(&(info->sniffed_sta),&new_sta,ADDR_LEN);
if((ret==L_EMPTY_LIST)|(ret==L_NO_SUCH_ELEMENT)) {
list_add_element(&(info->sniffed_sta),&new_sta,sizeof(t_sta));
if(CAP_INFO_PRIVACY(beacon_fb->cap_info)) sta->wep=WEP;
sta->count_mgmt++;
switch_active_state(&(sta->active));
+ if(info->mode&MODE_IEEE80211) sta->sq=0;
+ else if(info->mode&MODE_PRISM)
+ sta->sq=(prismhdr->signal.data)-(prismhdr->noise.data);
strncpy(string,"last: beacon, source: ",MESSAGE_MAX);
for(i=0;i<ADDR_LEN;i++)
snprintf(&string[22+3*i],4,"%02x%c",sta->addr[i],
/* data */
else if(FCTL_TYPE(package[0])==FCTL_TYPE_DATA) {
info->count_d++;
+
+ //if(FCTL_STYPE(package[0])==FCTL_STYPE_DATA) {
+ if(FCTL_TODS(package[0])&FCTL_FROMDS(package[0])) {
+ f4hdr=(t_frame4_hdr *)package;
+ data=package+sizeof(t_frame4_hdr);
+ memcpy(new_sta.addr,f4hdr->addr4,ADDR_LEN);
+ foo=1;
+ }
+ else {
+ f3hdr=(t_frame3_hdr *)package;
+ data=package+sizeof(t_frame3_hdr);
+ if(FCTL_TODS(package[0])) {
+ memcpy(new_sta.addr,f3hdr->addr2,ADDR_LEN);
+ memcpy(new_sta.bssid,f3hdr->addr1,ADDR_LEN);
+ }
+ else if(FCTL_FROMDS(package[0])) {
+ memcpy(new_sta.addr,f3hdr->addr3,ADDR_LEN);
+ memcpy(new_sta.bssid,f3hdr->addr2,ADDR_LEN);
+ }
+ else {
+ memcpy(new_sta.addr,f3hdr->addr2,ADDR_LEN);
+ memcpy(new_sta.bssid,f3hdr->addr3,ADDR_LEN);
+ }
+ }
+
+ ret=list_search_data(&(info->sniffed_sta),&new_sta,ADDR_LEN);
+ if((ret==L_EMPTY_LIST)|(ret==L_NO_SUCH_ELEMENT)) {
+ list_add_element(&(info->sniffed_sta),&new_sta,sizeof(t_sta));
+ sta=(t_sta *)info->sniffed_sta.current->data;
+ new=1;
+ }
+ else sta=(t_sta *)info->sniffed_sta.current->data;
+ if(!(sta->ap)) {
+ ret=list_count(&(info->sniffed_sta));
+ list_reset(&(info->sniffed_sta));
+ for(i=0;i<ret;i++) {
+ cmp_sta=(t_sta *)info->sniffed_sta.current->data;
+ if(!memcmp(cmp_sta->bssid,sta->bssid,ADDR_LEN)) {
+ if(FCTL_FROMDS(package[0]))
+ snprintf(sta->ssid,MAX_SSID_LEN,"<- %s",cmp_sta->ssid);
+ else if(FCTL_TODS(package[0]))
+ snprintf(sta->ssid,MAX_SSID_LEN,"-> %s",cmp_sta->ssid);
+ else
+ snprintf(sta->ssid,MAX_SSID_LEN,"<> %s",cmp_sta->ssid);
+ break;
+ }
+ list_next(&(info->sniffed_sta));
+ }
+ }
+ // fill in stuff ...
+ sta->count_data++;
+ switch_active_state(&(sta->active));
+ if(info->mode&MODE_IEEE80211) sta->sq=0;
+ else if(info->mode&MODE_PRISM)
+ sta->sq=(prismhdr->signal.data)-(prismhdr->noise.data);
+ if(new) {
+ strcpy(sc,"flite 'station found by data package'");
+ system(sc);
+ if(foo) {
+ sta->wds=1;
+ strcpy(sc,"flite 'wds package'");
+ system(sc);
+ }
+ memcpy(sta->snap,data,10);
+ if((data[0]==0xaa)&(data[1]==0xaa)&(data[2]==0x03)&
+ (data[3]==0x00)&(data[4]==0x00)&(data[5]==0x00)) {
+ sta->wep=0;
+ strcpy(sc,"flite 'not crypted'");
+ system(sc);
+ }
+ else {
+ sta->wep=WEP;
+ strcpy(sc,"flite ' crypted'");
+ system(sc);
+ }
+ }
+
+ //}
+
display_console(info,"last: got data frame");
}
+ if(info->dump_handle!=NULL) pcap_dump((unsigned char *)(info->dump_handle),pcap_header,pkg);
}