From ce967f4d1e3dc10cda58062bc21aaf264e1a0f81 Mon Sep 17 00:00:00 2001
From: hackbard <hackbard>
Date: Wed, 25 May 2005 10:39:33 +0000
Subject: [PATCH] dumping packages by now, not more (to be continued)

---
 main.c  | 101 ++++++++++++++++++++++++++++++++++++++++++++------------
 main.h  |  42 +++++++++++++++++++----
 parse.c |  33 +++++++++++++-----
 3 files changed, 140 insertions(+), 36 deletions(-)

diff --git a/main.c b/main.c
index 32b035b..a0f5575 100644
--- a/main.c
+++ b/main.c
@@ -7,11 +7,37 @@
 
 #include "main.h"
 
+void parse_package(unsigned char *ptr,const struct pcap_pkthdr *pcap_header,const unsigned char *package);
+
 /* functions */
 
+int get_user_event(t_info *info) {
+  char event;
+  if(read(0,&event,1)!=1) {
+   perror("reading user interaction failed");
+   return -23;
+  }
+  printf("user event: %c ",event);
+  if(event=='h') {
+   info->mode^=MODE_HEXOUT;
+   printf("- hex output: %c\n",info->mode&MODE_HEXOUT?'a':'n');
+  }
+  if(event=='a') {
+   info->mode^=MODE_ASCIIOUT;
+   printf("- ascii output: %c\n",info->mode&MODE_ASCIIOUT?'a':'n');
+  }
+  if(event=='q') {
+   info->mode|=MODE_QUIT;
+   printf("- shutting down!\n");
+  }
+
+  return 23;
+}
+
 int usage(void) {
   puts("usage: hdw-sniff <options>");
-  puts("\toptions:\t-m <mode> \t1 monitoring, 2 managed");
+  puts("\toptions:");
+  puts("\t\t-m <mode> \tmonitor and/or wlanng");
   puts("\t\t-d <device> \twlan0,eth0");
   puts("\t\t-l <logfile>");
   puts("\t\t-k <key> \t(string)");
@@ -40,6 +66,12 @@ int hop_channel(t_info *info) {
 int main(int argc, char **argv) {
 
   t_info info;
+  int pcap_fd;
+  fd_set fds;
+  struct timeval hop_f;
+  int i;
+  char sys_call[MAX_SYSCALL_CHARS];
+  char pcap_error[PCAP_ERRBUF_SIZE];
 
   memset(&info,0,sizeof(t_info));
  
@@ -53,7 +85,18 @@ int main(int argc, char **argv) {
     case 'h':
      usage();
     case 'm':
-     info.caps=((1<<atoi(argv[i+1]))&CAP_MODE_MASK)|info.caps;
+     if(!strncmp(argv[i+1],"monitor",7)) {
+      info.mode|=MODE_MONITOR;
+      puts("will go to monitor mode.");
+     }
+     else if(!strncmp(argv[i+1],"wlanng",6)) {
+      info.mode|=MODE_WLANNG;
+      puts("expecting wlanng header in package.");
+     }
+     else {
+      printf("unknown mode: %s\n",argv[1]);
+      return -23;
+     }
      ++i;
      break;
     case 'l':
@@ -67,20 +110,25 @@ int main(int argc, char **argv) {
      strncpy(info.device,argv[i+1],MAX_DEV_CHARS);
      ++i;
      break;
+    default:
+     usage();
+     return -23;
    }
-  } else usage();
+  } else {
+   usage();
+   return -23;
+  }
  }
 
  /* setting up device */
- if((info.caps&CAP_MODE_MASK)==MONITORING_MODE)
- {
-  sprintf(sys_call,"iwpriv %s monitor %d",info.device,IWPRIV_M_MODE);
-  system(sys_call);
+ if(info.mode&MODE_MONITOR) {
+  sprintf(sys_call,"iwconfig %s mode monitor",info.device);
   puts("set monitoring mode ...");
+  system(sys_call);
  }
  sprintf(sys_call,"ifconfig %s up",info.device);
+ puts("setting up device ...");
  system(sys_call);
- puts("device up ...");
 
  /* pcap */
  if((info.pcap_handle=pcap_open_live(info.device,BUFSIZ,1,-1,pcap_error))==NULL)
@@ -88,27 +136,38 @@ int main(int argc, char **argv) {
   printf("%s: %s\n",argv[0],pcap_error);
   return -23;
  }
- pcap_fd=pcap_fileno(pcap_handle);
+ pcap_fd=pcap_fileno(info.pcap_handle);
  /* -> non blocking? */
 
- info.channel_hop_fd=socket(AF_INET,SOCK_DGRAM,0);
  /* socket fd for channel hopping */
- 
- /* watch pcap_fd for reading */
- FD_ZERO(&pcap_fd);
- FD_SET(pcap_fd,&pcap_fd_set);
- fd_set_tv.tv_sec=PCAP_SELECT_SEC;
- pcap_fd_set_tv.tv_usec=PCAP_SELECT_USEC;
+ info.channel_hop_fd=socket(AF_INET,SOCK_DGRAM,0);
 
  /* parse packages until user breaks */
- while(!(info.caps&CAP_QUIT_MASK))
+ while(!(info.mode&MODE_QUIT))
  {
-  if(select(pcap_fd+1,&pcap_fd_set,NULL,NULL,&pcap_fd_set_tv))
-   pcap_dispatch(pcap_handle,-1,parse_package,(unsigned char *)&info);
-  else
-   hop_channel(&info);
+  /* watch pcap_fd and stdin (reading) */
+  FD_ZERO(&fds);
+  FD_SET(pcap_fd,&fds);
+  FD_SET(0,&fds);
+  hop_f.tv_sec=HOP_SEC;
+  hop_f.tv_usec=HOP_USEC;
+
+  if(select(pcap_fd+1,&fds,NULL,NULL,&hop_f)) {
+   if(FD_ISSET(0,&fds)) 
+    get_user_event(&info);
+   else if(FD_ISSET(pcap_fd,&fds))
+    pcap_dispatch(info.pcap_handle,-1,parse_package,(unsigned char *)&info);
+   else
+    hop_channel(&info);
+  }
  }
 
+ puts("");
+ puts("");
+ puts("thanks for using hdw-sniff (C) 2005 hackbard");
+ puts("");
  puts("bugreports: hackbard@hackdaworld.dyndns.org");
+
  return 23;
+
 }
diff --git a/main.h b/main.h
index 55dba3a..4e5259c 100644
--- a/main.h
+++ b/main.h
@@ -5,33 +5,63 @@
  *
  */
 
+#ifndef MAIN_H
+#define MAIN_H
+
 #define _GNU_SOURCE
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
+#include <sys/socket.h>
+#include <time.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <pcap.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/ioctl.h>
+#include <sys/time.h>
+
+#include <linux/wireless.h>
+
+#include "parse.h"
 
 #define SYSCALL_MAX 32
+#define CHANNEL_MAX 13
 #define MAX_DEV_CHARS 6
-#define SELECT_SEC 0
-#define SELECT_USEC 200000
+#define MAX_SYSCALL_CHARS 64
+
+#define HOP_SEC 0
+#define HOP_USEC 200000
 
 /* modes */
-#define MONITORING_MODE 0x01
-#define MANAGED_MODE 0x00
-#define QUIT_MODE 0x02
+#define MODE_MONITOR (1<<0)
+#define MODE_WLANNG (1<<1)
+#define MODE_QUIT (1<<2)
+#define MODE_HEXOUT (1<<3)
+#define MODE_ASCIIOUT (1<<4)
 
 #define MAX_BYTE_WEP 13 /* maximal 104 bit key */
 
 /* type definitions */
 typedef struct s_info {
+  int count; /* count packages */
   unsigned char mode; /* monitoring/managed mode */
   char device[MAX_DEV_CHARS]; /* sniffed devie */
   int logfile_fd; /* file descriptof for logfile */
   int pcap_fd; /* fd for reading pcap events */
+  int current_channel;
+  int channel_hop_fd;
   char key[13]; /* wep key */
-  
+  pcap_t *pcap_handle;
 } t_info;
 
 
 /* function prototypes */
 int usage(void); 
+int get_user_event(t_info *info);
+int hop_channel(t_info *info);
+
+#endif
diff --git a/parse.c b/parse.c
index 70d15c9..f60dc04 100644
--- a/parse.c
+++ b/parse.c
@@ -6,20 +6,35 @@
  */
 
 #include "parse.h"
-#include "802.11b.h"
+//#include "802.11b.h"
 #include "main.h"
-#include "parse.h"
 
+/* all the parsing stuff will go here
+ *
+ * different protocols should get to seperated files though ...
+ */
+
+void parse_package(unsigned char *ptr,const struct pcap_pkthdr *pcap_header,const unsigned char *package) {
 
-int parse_package(unsigned char *info,const struct pcap_pkthdr *pcap_hdr,cont unsigned char *package)
-{
- if(info->caps&MONITORING_MODE)
- {
-  struct linux_wlan_ng_prism_hdr *prism_hdr;
+ t_info *info;
+ int i;
 
-  prism_hdr=(struct linux_wlan_ng_prism_hdr *)package;
-  
+ info=(t_info *)ptr;
 
+ info->count++;
 
+ printf("---> package %d --- %s\n",
+	info->count,
+	ctime((const time_t*)&(pcap_header->ts.tv_sec)));
+ if(info->mode&MODE_ASCIIOUT) {
+  puts("content in ascii:");
+  for(i=0;i<pcap_header->caplen;i++) printf("%c ",package[i]);
+  puts("");
+ }
+ if(info->mode&MODE_HEXOUT) {
+  puts("content in ascii:");
+  for(i=0;i<pcap_header->caplen;i++) printf("%x ",package[i]);
+  puts("");
+ }
 
 }
-- 
2.20.1