From: hackbard Date: Mon, 20 Jun 2005 23:16:51 +0000 (+0000) Subject: associate sta with ssid of ap's X-Git-Url: https://hackdaworld.org/gitweb/?a=commitdiff_plain;h=092d5875054be009b3baeb2830e1fccf1c894b88;p=my-code%2Fhdw-sniff.git associate sta with ssid of ap's --- diff --git a/TODO b/TODO index 80d37a2..ee1ff7a 100644 --- a/TODO +++ b/TODO @@ -2,7 +2,6 @@ todo ---- sniffer: -- connect sta's with associated ap's - parse ctrl frames - get ssid from (re)associations and connect to (hidden) ap - fix display (if #sta/ap exceeds number of lines) diff --git a/main.c b/main.c index d26fbf2..1542621 100644 --- a/main.c +++ b/main.c @@ -216,8 +216,8 @@ int usage(void) { puts("\t\t-m \tieee80211 or prism"); puts("\t\t-d \twlan0,eth0"); puts("\t\t-l "); - puts("\t\t-k \t(string)"); - puts("\t\t-D \t(dump packages to file)"); + //puts("\t\t-k \t(string)"); + puts("\t\t-D \t(dump packages to file (pcap format))"); puts("\t\t-h \tdisplay this help message"); puts(""); @@ -286,10 +286,8 @@ int main(int argc, char **argv) { ++i; break; case 'D': - if((info.dump_fd=open(argv[i+1],O_RDWR|O_CREAT))!=0) - printf("dump file -> %s\n",argv[i+1]); - else - puts("warning: can't dump to file."); + printf("dump file -> %s\n",argv[i+1]); + strncpy(info.dump_file,argv[i+1],128); ++i; break; case 'd': @@ -337,6 +335,14 @@ int main(int argc, char **argv) { pcap_fd=pcap_fileno(info.pcap_handle); /* -> non blocking? */ + /* pcap dump */ + if(strcmp(info.dump_file,"")) { + if((info.dump_handle=pcap_dump_open(info.pcap_handle,info.dump_file))==NULL) { + puts("pcap open dump file failed"); + return -23; + } + } + /* socket fd for channel hopping */ info.channel_hop_fd=socket(AF_INET,SOCK_DGRAM,0); @@ -381,6 +387,8 @@ int main(int argc, char **argv) { list_shutdown(&(info.sniffed_sta)); input_shutdown(&(info.input)); display_shutdown(&(info.display)); + + if(info.dump_handle!=NULL) pcap_dump_close(info.dump_handle); puts(""); puts(""); diff --git a/main.h b/main.h index d89d90e..0c49128 100644 --- a/main.h +++ b/main.h @@ -82,8 +82,8 @@ typedef struct s_info { unsigned char mode; /* ieee802.11/prism mode */ char device[MAX_DEV_CHARS]; /* sniffed devie */ int log_fd; /* file descriptor for logfile */ - int pcap_fd; /* fd for reading pcap events */ - int dump_fd; /* fd for dumping received packages */ + char dump_file[128]; + pcap_dumper_t *dump_handle; int current_channel; int channel_hop_fd; pcap_t *pcap_handle; diff --git a/parse.c b/parse.c index 494ac06..c4a8891 100644 --- a/parse.c +++ b/parse.c @@ -50,6 +50,7 @@ void parse_package(unsigned char *ptr,const struct pcap_pkthdr *pcap_header,cons t_info *info; int i; t_sta new_sta; + t_sta *cmp_sta; t_sta *sta; unsigned char *package=NULL; t_frame4_hdr *f4hdr; @@ -73,15 +74,6 @@ void parse_package(unsigned char *ptr,const struct pcap_pkthdr *pcap_header,cons new=0; foo=0; - if(info->dump_fd!=0) { - ret=write(info->dump_fd,pcap_header,sizeof(struct pcap_pkthdr)); - if(ret!=sizeof(struct pcap_pkthdr)) - display_console(info,"warning, pcap header write failed!"); - ret=write(info->dump_fd,package,pcap_header->caplen); - if(ret!=pcap_header->caplen) - display_console(info,"warning, package write failed!"); - } - /* prism or ieee802.11 header ? */ if(info->mode&MODE_IEEE80211) { package=(unsigned char *)pkg; @@ -172,6 +164,7 @@ void parse_package(unsigned char *ptr,const struct pcap_pkthdr *pcap_header,cons memcpy(new_sta.bssid,f3hdr->addr3,ADDR_LEN); } } + ret=list_search_data(&(info->sniffed_sta),&new_sta,ADDR_LEN); if((ret==L_EMPTY_LIST)|(ret==L_NO_SUCH_ELEMENT)) { list_add_element(&(info->sniffed_sta),&new_sta,sizeof(t_sta)); @@ -179,6 +172,23 @@ void parse_package(unsigned char *ptr,const struct pcap_pkthdr *pcap_header,cons new=1; } else sta=(t_sta *)info->sniffed_sta.current->data; + if(!(sta->ap)) { + ret=list_count(&(info->sniffed_sta)); + list_reset(&(info->sniffed_sta)); + for(i=0;isniffed_sta.current->data; + if(!memcmp(cmp_sta->bssid,sta->bssid,ADDR_LEN)) { + if(FCTL_FROMDS(package[0])) + snprintf(sta->ssid,MAX_SSID_LEN,"<- %s",cmp_sta->ssid); + else if(FCTL_TODS(package[0])) + snprintf(sta->ssid,MAX_SSID_LEN,"-> %s",cmp_sta->ssid); + else + snprintf(sta->ssid,MAX_SSID_LEN,"<> %s",cmp_sta->ssid); + break; + } + list_next(&(info->sniffed_sta)); + } + } // fill in stuff ... sta->count_data++; switch_active_state(&(sta->active)); @@ -212,5 +222,6 @@ void parse_package(unsigned char *ptr,const struct pcap_pkthdr *pcap_header,cons display_console(info,"last: got data frame"); } + if(info->dump_handle!=NULL) pcap_dump((unsigned char *)(info->dump_handle),pcap_header,pkg); } diff --git a/parse.h b/parse.h index 9814b01..9278dc3 100644 --- a/parse.h +++ b/parse.h @@ -70,17 +70,17 @@ typedef struct s_prism_hdr { t_prism_val frame_len; } __attribute__ ((packed)) t_prism_hdr; -#define FCTL_VER(X) ((X&0x0003)) -#define FCTL_TYPE(X) ((X&0x000c)>>2) -#define FCTL_STYPE(X) ((X&0x00f0)>>4) -#define FCTL_TODS(X) ((X&0x0100)>>8) -#define FCTL_FROMDS(X) ((X&0x0200)>>9) -#define FCTL_MOREFRAG(X) ((X&0x0400)>>10) -#define FCTL_RETRY(X) ((X&0x0800)>>11) -#define FCTL_PWRMGT(X) ((X&1000)>>12) -#define FCTL_MOREDATA(X) ((X&0x2000)>>13) -#define FCTL_WEP(X) ((X&0x4000)>>14) -#define FCTL_ORDER(X) ((X&0x800)>>15) +#define FCTL_VER(X) (((*(u16 *)&X)&0x0003)) +#define FCTL_TYPE(X) (((*(u16 *)&X)&0x000c)>>2) +#define FCTL_STYPE(X) (((*(u16 *)&X)&0x00f0)>>4) +#define FCTL_TODS(X) (((*(u16 *)&X)&0x0100)>>8) +#define FCTL_FROMDS(X) (((*(u16 *)&X)&0x0200)>>9) +#define FCTL_MOREFRAG(X) (((*(u16 *)&X)&0x0400)>>10) +#define FCTL_RETRY(X) (((*(u16 *)&X)&0x0800)>>11) +#define FCTL_PWRMGT(X) (((*(u16 *)&X)&1000)>>12) +#define FCTL_MOREDATA(X) (((*(u16 *)&X)&0x2000)>>13) +#define FCTL_WEP(X) (((*(u16 *)&X)&0x4000)>>14) +#define FCTL_ORDER(X) (((*(u16 *)&X)&0x800)>>15) #define FCTL_TYPE_MGMT 0 #define FCTL_TYPE_CTRL 1