X-Git-Url: https://hackdaworld.org/gitweb/?p=my-code%2Fhdw-sniff.git;a=blobdiff_plain;f=parse.c;h=151c9f52038955d066f4d57d14d9527d9cffef9c;hp=f60dc044fd97c1ba73f539f5504e26319768524c;hb=48833c4a97516456062f2ee1d9839aa15e74f929;hpb=ce967f4d1e3dc10cda58062bc21aaf264e1a0f81 diff --git a/parse.c b/parse.c index f60dc04..151c9f5 100644 --- a/parse.c +++ b/parse.c @@ -6,7 +6,6 @@ */ #include "parse.h" -//#include "802.11b.h" #include "main.h" /* all the parsing stuff will go here @@ -14,27 +13,116 @@ * different protocols should get to seperated files though ... */ +int switch_active_state(char *state) { + + switch(*state) { + case '-': + *state='\\'; + break; + case '\\': + *state='|'; + break; + case '|': + *state='/'; + break; + default: + *state='-'; + break; + } + + return 23; +} + void parse_package(unsigned char *ptr,const struct pcap_pkthdr *pcap_header,const unsigned char *package) { - t_info *info; - int i; - - info=(t_info *)ptr; - - info->count++; - - printf("---> package %d --- %s\n", - info->count, - ctime((const time_t*)&(pcap_header->ts.tv_sec))); - if(info->mode&MODE_ASCIIOUT) { - puts("content in ascii:"); - for(i=0;icaplen;i++) printf("%c ",package[i]); - puts(""); - } - if(info->mode&MODE_HEXOUT) { - puts("content in ascii:"); - for(i=0;icaplen;i++) printf("%x ",package[i]); - puts(""); - } + t_info *info; + int i; + t_sta new_sta; + t_sta *sta; + //t_frame4_hdr *f4hdr; + t_frame3_hdr *f3hdr; + //t_frame2_hdr *f2hdr; + //t_frame1_hdr *f1hdr; + t_beacon_fb *beacon_fb; + int ret; + char string[MESSAGE_MAX]; + char sc[MAX_SYSCALL_CHARS]; + unsigned char new; + + info=(t_info *)ptr; + + info->count++; + + memset(&new_sta,0,sizeof(t_sta)); + new=0; + + if(info->dump_fd!=0) { + ret=write(info->dump_fd,pcap_header,sizeof(struct pcap_pkthdr)); + if(ret!=sizeof(struct pcap_pkthdr)) + display_console(info,"warning, pcap header write failed!"); + ret=write(info->dump_fd,package,pcap_header->caplen); + if(ret!=pcap_header->caplen) + display_console(info,"warning, package write failed!"); + } + + /* maybe there is offset to the actual ieee802.11 frame, + for example prism header ... + in that case, hack the source! */ + + /* management */ + if(FCTL_TYPE(package[0])==FCTL_TYPE_MGMT) { + info->count_m++; + + /* beacon frames */ + if(FCTL_STYPE(package[0])==FCTL_STYPE_BEACON) { + f3hdr=(t_frame3_hdr *)package; + beacon_fb=(t_beacon_fb *)(package+sizeof(t_frame3_hdr)); + // check sta + memcpy(new_sta.addr,f3hdr->addr2,ADDR_LEN); + ret=list_search_data(&(info->sniffed_sta),&new_sta,ADDR_LEN); + if((ret==L_EMPTY_LIST)|(ret==L_NO_SUCH_ELEMENT)) { + list_add_element(&(info->sniffed_sta),&new_sta,sizeof(t_sta)); + sta=(t_sta *)info->sniffed_sta.current->data; + new=1; + } + else sta=(t_sta *)info->sniffed_sta.current->data; + // fill in stuff ... + memcpy(sta->ssid,beacon_fb->ssid,beacon_fb->ssid_length); + if((CAP_INFO_ESS(beacon_fb->cap_info))& + (CAP_INFO_IBSS(beacon_fb->cap_info)==0)) sta->ap=AP; + if(CAP_INFO_PRIVACY(beacon_fb->cap_info)) sta->wep=WEP; + sta->count_mgmt++; + switch_active_state(&(sta->active)); + strncpy(string,"last: beacon, source: ",MESSAGE_MAX); + for(i=0;iaddr[i], + (i==ADDR_LEN-1)?'.':':'); + string[22+3*ADDR_LEN+1]=0; + display_console(info,string); + if(new) { + snprintf(sc,MAX_SYSCALL_CHARS, + "flite 'access point found: %s'", + sta->ssid); + system(sc); + if(sta->wep&WEP) strncpy(sc,"flite ' crypted'",MAX_SYSCALL_CHARS); + else strncpy(sc,"flite 'not crypted'",MAX_SYSCALL_CHARS); + system(sc); + } + } + + } + + /* control */ + else if(FCTL_TYPE(package[0])==FCTL_TYPE_CTRL) { + info->count_c++; + display_console(info,"last: got control frame"); + } + + /* data */ + else if(FCTL_TYPE(package[0])==FCTL_TYPE_DATA) { + info->count_d++; + display_console(info,"last: got data frame"); + } + }