1 /**********************************************************************
2 This is a wireless pcap capture and parser by example.
4 **********************************************************************/
10 #include <sys/socket.h>
11 #include <netinet/in.h>
12 #include <arpa/inet.h>
13 #include <netinet/if_ether.h>
14 #include <net/ethernet.h>
15 #include <netinet/ether.h>
16 #include <netinet/ip.h>
18 #include <linux/wireless.h>
22 #include "radiotap_iter.h"
24 const struct pcap_pkthdr* callback_header;
26 static const struct radiotap_align_size align_size_000000_00[] = {
27 [0] = { .align = 1, .size = 4, },
28 [52] = { .align = 1, .size = 4, },
40 u_int16_t wr_chan_freq;
45 } __attribute__((__packed__)) ieee80211_radiotap;
55 } __attribute__((__packed__)) dot11_header;
58 void format_mac(u_char * mac, char * f) {
59 sprintf(f, "%02x:%02x:%02x:%02x:%02x:%02x", mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]);
62 void my_callback(u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet) {
64 //printf("packet size: %d\n", pkthdr->len);
65 //printf("packet: %02x \n", packet);
66 //printf("%u\n", packet);
67 int err, radiotap_header_len, ssid_len, i;
73 struct ieee80211_radiotap_iterator iter;
75 radiotap_header_len = iter._max_length;
76 dot11_header * dot_head = (dot11_header*) (packet + radiotap_header_len * sizeof(char) );
78 err = ieee80211_radiotap_iterator_init(&iter, (void*)packet, pkthdr->caplen, NULL);
82 radiotap_header_len = iter._max_length;
84 while (!(err = ieee80211_radiotap_iterator_next(&iter))) {
85 if (iter.this_arg_index == IEEE80211_RADIOTAP_DBM_ANTSIGNAL) {
86 rssi = (int8_t)iter.this_arg[0];
88 if (iter.this_arg_index == IEEE80211_RADIOTAP_CHANNEL) {
89 channel = (*(uint16_t *)iter.this_arg);
91 if (iter.this_arg_index == IEEE80211_RADIOTAP_RATE) {
92 rate = (u_int8_t)iter.this_arg[0];
94 /* if (iter.this_arg_index == IEEE80211_RADIOTAP_DBM_ANTNOISE) { */
95 /* noise = (int8_t)iter.this_arg[0]; */
99 if (pkthdr->len >= 24) {
101 hlen = packet[2]+(packet[3]<<8); //Usually 18 or 13 in some cases
102 switch (packet[hlen]) {
104 //memset(ssid, 0, sizeof(ssid));
105 printf("Probe request\n");
106 printf("probe request client mac: %02x:%02x:%02x:%02x:%02x:%02x\n", packet[44], packet[45],packet[46],packet[47],packet[48],packet[49]);
108 printf("probe size: %d\n", ssid_len);
110 for (i=0;i<ssid_len;++i){
111 sprintf(ssid+i, "%c", packet[60+i]);
113 printf("probe ssid: %s\n", ssid);
117 printf("Probe response\n");
118 printf("probe response client mac: %02x:%02x:%02x:%02x:%02x:%02x\n", packet[38], packet[39],packet[40],packet[41],packet[42],packet[43]);
119 printf("probe response bssid mac: %02x:%02x:%02x:%02x:%02x:%02x\n", packet[44], packet[45],packet[46],packet[47],packet[48],packet[49]);
121 printf("probe response size: %d\n", ssid_len);
122 for (i=0;i<ssid_len;++i){
123 sprintf(ssid+i, "%c", packet[72+i]);
125 printf("probe response ssid: %s\n", ssid);
129 //memset(&ssid[0], 0, sizeof(ssid));
131 ssid_len=packet[hlen+37];
132 printf("size: %d\n", ssid_len);
133 for (i=0;i<ssid_len;++i){
134 //printf("%c\n", packet[hlen+38+i]);
135 sprintf(ssid+i, "%c", packet[hlen+38+i]);
137 //printf("ssid: %c\n", ssid);
138 //memcpy(ssid,packet[hlen+38+i],2);
139 //ssid+=packet[hlen+38+i];
140 //printf("counter: %d - ssid: %c\n", (hlen+38+i), packet[hlen+38+i]);
142 printf("BSSID: %02x:%02x:%02x:%02x:%02x:%02x\n", packet[50], packet[51],packet[52],packet[53],packet[54],packet[55]);
143 printf("ssid: %s\n", ssid);
148 //format_mac(dot_head->a2, client_mac);
150 printf("rate: %d channel: %04x rssi: %d\n", rate, channel, rssi);
153 int main(int argc,char **argv)
157 char errbuf[PCAP_ERRBUF_SIZE];
159 struct bpf_program fp; /* hold compiled program */
160 bpf_u_int32 maskp; /* subnet mask */
161 bpf_u_int32 netp; /* ip */
163 char filter_exp[] = "";
164 char *totpacket = NULL;
166 while ((c = getopt (argc, argv, "ha:i:")) != -1)
175 printf("./disect -a -i\n\t-a : number of packets to sniff. (default 10)\n\t-i : wlan interface.\n");
181 if (totpacket == NULL) {
183 printf("-a not specified... setting to 10.\n");
187 printf("You forgot -i\n");
191 printf ("%s %s\n", totpacket, dev);
194 printf("%s\n",errbuf);
198 /* ask pcap for the network address and mask of the device */
199 pcap_lookupnet(dev,&netp,&maskp,errbuf);
201 /* open device for reading. NOTE: defaulting to
203 pcap = pcap_open_live(dev,BUFSIZ,1,-1,errbuf);
204 pcap_set_promisc(pcap, 1);
207 printf("pcap_open_live(): %s\n",errbuf);
211 pcap_set_datalink(pcap, DLT_IEEE802_11);
212 pcap_set_datalink(pcap, DLT_IEEE802_11_RADIO_AVS);
213 pcap_set_datalink(pcap, DLT_IEEE802_11_RADIO);
215 pcap_setnonblock(pcap, 1, errbuf);
217 int link_layer_type = pcap_datalink(pcap);
219 //printf("type: %d\n", link_layer_type);
221 if (link_layer_type == DLT_PRISM_HEADER ||
222 link_layer_type == DLT_IEEE802_11_RADIO ||
223 link_layer_type == DLT_IEEE802_11_RADIO_AVS ||
224 link_layer_type == DLT_IEEE802_11 ||
225 link_layer_type == DLT_PPI ||
226 link_layer_type == 127 ) {
227 if (pcap_compile(pcap, &fp, filter_exp, 0, netp) == -1) {
228 fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(pcap));
231 if (pcap_setfilter(pcap, &fp) == -1) {
232 fprintf(stderr, "Couldn't install filter %s: %s\n",
233 filter_exp, pcap_geterr(pcap));
236 printf("starting\n");
238 pcap_loop(pcap,atoi(totpacket),my_callback,NULL);
240 fprintf(stderr, "Not using the Wi-Fi interface, are you testing something?\n");
242 fprintf(stdout,"\nfinished\n");