Step 1 - Give dragorn a big hug : http://kismetwireless.net/
-Step 2 - Compile the latest kismet from scratch
+
+Step 2a - Instructions below
+ client-c : This is the client that you should try to compile and use. You will need libpcap, curl and json.
+ apt-get install build-essential libssl-dev libjson-c-dev libcurl4-openssl-dev libpcap-dev
+ If that fails, go to Step 2b.
+
+Step 2b - Compile the latest kismet from scratch
Step 3 - Plug in your USB Wifi Adapter
Step 4 - Make sure you have the Kismet Perl Client modules installed (perl -MCPAN -e 'install Net::Kismet')
Step 5 - Create a SSH private key and push it onto the webserver
+++ /dev/null
-CFLAGS= -std=gnu99
-DEPS = endian.h
-LIBS=$(LDFLAGS) -L. -lpcap
-OBJ = soho-sigint-wifi.o radiotap.o
-
-%.o: %.c $(DEPS)
- $(CC) -c -o $@ $<
-
-soho-sigint-wifi: $(OBJ)
- $(CC) -o $@ $^ $(CFLAGS) $(LIBS)
-
-clean:
- rm -rf *.o
- rm -rf soho-sigint-wifi
+++ /dev/null
-iw phy phy0 interface add mon0 type monitor
-iw dev wlan0 del
-ifconfig mon0 up
-iw dev mon0 set freq 2412
-iw dev mon0 set freq 2437
-iw dev mon0 set freq 2462
+++ /dev/null
-#include <stddef.h>
-#include <errno.h>
-#ifndef _BSD_SOURCE
-#define _BSD_SOURCE
-#endif
-#ifdef __FreeBSD__
- #include <sys/endian.h>
-#else
- #include <endian.h>
-#endif
-
-#define le16_to_cpu le16toh
-#define le32_to_cpu le32toh
-#define get_unaligned(p) \
-({ \
- struct packed_dummy_struct { \
- typeof(*(p)) __val; \
- } __attribute__((packed)) *__ptr = (void *) (p); \
- \
- __ptr->__val; \
-})
-#define get_unaligned_le16(p) le16_to_cpu(get_unaligned((uint16_t *)(p)))
-#define get_unaligned_le32(p) le32_to_cpu(get_unaligned((uint32_t *)(p)))
+++ /dev/null
-/*
- * Radiotap parser
- *
- * Copyright 2007 Andy Green <andy@warmcat.com>
- * Copyright 2009 Johannes Berg <johannes@sipsolutions.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Alternatively, this software may be distributed under the terms of BSD
- * license.
- *
- * See COPYING for more details.
- */
-#include "radiotap_iter.h"
-#include "platform.h"
-#if defined(ANDROID) || defined(__ANDROID__)
- #include "../byteorder.h"
-#endif
-
-/* function prototypes and related defs are in radiotap_iter.h */
-
-static const struct radiotap_align_size rtap_namespace_sizes[] = {
- [IEEE80211_RADIOTAP_TSFT] = { .align = 8, .size = 8, },
- [IEEE80211_RADIOTAP_FLAGS] = { .align = 1, .size = 1, },
- [IEEE80211_RADIOTAP_RATE] = { .align = 1, .size = 1, },
- [IEEE80211_RADIOTAP_CHANNEL] = { .align = 2, .size = 4, },
- [IEEE80211_RADIOTAP_FHSS] = { .align = 2, .size = 2, },
- [IEEE80211_RADIOTAP_DBM_ANTSIGNAL] = { .align = 1, .size = 1, },
- [IEEE80211_RADIOTAP_DBM_ANTNOISE] = { .align = 1, .size = 1, },
- [IEEE80211_RADIOTAP_LOCK_QUALITY] = { .align = 2, .size = 2, },
- [IEEE80211_RADIOTAP_TX_ATTENUATION] = { .align = 2, .size = 2, },
- [IEEE80211_RADIOTAP_DB_TX_ATTENUATION] = { .align = 2, .size = 2, },
- [IEEE80211_RADIOTAP_DBM_TX_POWER] = { .align = 1, .size = 1, },
- [IEEE80211_RADIOTAP_ANTENNA] = { .align = 1, .size = 1, },
- [IEEE80211_RADIOTAP_DB_ANTSIGNAL] = { .align = 1, .size = 1, },
- [IEEE80211_RADIOTAP_DB_ANTNOISE] = { .align = 1, .size = 1, },
- [IEEE80211_RADIOTAP_RX_FLAGS] = { .align = 2, .size = 2, },
- [IEEE80211_RADIOTAP_TX_FLAGS] = { .align = 2, .size = 2, },
- [IEEE80211_RADIOTAP_RTS_RETRIES] = { .align = 1, .size = 1, },
- [IEEE80211_RADIOTAP_DATA_RETRIES] = { .align = 1, .size = 1, },
- [IEEE80211_RADIOTAP_MCS] = { .align = 1, .size = 3, },
- [IEEE80211_RADIOTAP_AMPDU_STATUS] = { .align = 4, .size = 8, },
- /*
- * add more here as they are defined in radiotap.h
- */
-};
-
-static const struct ieee80211_radiotap_namespace radiotap_ns = {
- .n_bits = sizeof(rtap_namespace_sizes) / sizeof(rtap_namespace_sizes[0]),
- .align_size = rtap_namespace_sizes,
-};
-
-/**
- * ieee80211_radiotap_iterator_init - radiotap parser iterator initialization
- * @iterator: radiotap_iterator to initialize
- * @radiotap_header: radiotap header to parse
- * @max_length: total length we can parse into (eg, whole packet length)
- *
- * Returns: 0 or a negative error code if there is a problem.
- *
- * This function initializes an opaque iterator struct which can then
- * be passed to ieee80211_radiotap_iterator_next() to visit every radiotap
- * argument which is present in the header. It knows about extended
- * present headers and handles them.
- *
- * How to use:
- * call __ieee80211_radiotap_iterator_init() to init a semi-opaque iterator
- * struct ieee80211_radiotap_iterator (no need to init the struct beforehand)
- * checking for a good 0 return code. Then loop calling
- * __ieee80211_radiotap_iterator_next()... it returns either 0,
- * -ENOENT if there are no more args to parse, or -EINVAL if there is a problem.
- * The iterator's @this_arg member points to the start of the argument
- * associated with the current argument index that is present, which can be
- * found in the iterator's @this_arg_index member. This arg index corresponds
- * to the IEEE80211_RADIOTAP_... defines.
- *
- * Radiotap header length:
- * You can find the CPU-endian total radiotap header length in
- * iterator->max_length after executing ieee80211_radiotap_iterator_init()
- * successfully.
- *
- * Alignment Gotcha:
- * You must take care when dereferencing iterator.this_arg
- * for multibyte types... the pointer is not aligned. Use
- * get_unaligned((type *)iterator.this_arg) to dereference
- * iterator.this_arg for type "type" safely on all arches.
- *
- * Example code: parse.c
- */
-
-int ieee80211_radiotap_iterator_init(
- struct ieee80211_radiotap_iterator *iterator,
- struct ieee80211_radiotap_header *radiotap_header,
- int max_length, const struct ieee80211_radiotap_vendor_namespaces *vns)
-{
- /* must at least have the radiotap header */
- if (max_length < (int)sizeof(struct ieee80211_radiotap_header))
- return -EINVAL;
-
- /* Linux only supports version 0 radiotap format */
- if (radiotap_header->it_version)
- return -EINVAL;
-
- /* sanity check for allowed length and radiotap length field */
- if (max_length < get_unaligned_le16(&radiotap_header->it_len))
- return -EINVAL;
-
- iterator->_rtheader = radiotap_header;
- iterator->_max_length = get_unaligned_le16(&radiotap_header->it_len);
- iterator->_arg_index = 0;
- iterator->_bitmap_shifter = get_unaligned_le32(&radiotap_header->it_present);
- iterator->_arg = (uint8_t *)radiotap_header + sizeof(*radiotap_header);
- iterator->_reset_on_ext = 0;
- iterator->_next_bitmap = &radiotap_header->it_present;
- iterator->_next_bitmap++;
- iterator->_vns = vns;
- iterator->current_namespace = &radiotap_ns;
- iterator->is_radiotap_ns = 1;
-#ifdef RADIOTAP_SUPPORT_OVERRIDES
- iterator->n_overrides = 0;
- iterator->overrides = NULL;
-#endif
-
- /* find payload start allowing for extended bitmap(s) */
-
- if (iterator->_bitmap_shifter & (1<<IEEE80211_RADIOTAP_EXT)) {
- if ((unsigned long)iterator->_arg -
- (unsigned long)iterator->_rtheader + sizeof(uint32_t) >
- (unsigned long)iterator->_max_length)
- return -EINVAL;
- while (get_unaligned_le32(iterator->_arg) &
- (1 << IEEE80211_RADIOTAP_EXT)) {
- iterator->_arg += sizeof(uint32_t);
-
- /*
- * check for insanity where the present bitmaps
- * keep claiming to extend up to or even beyond the
- * stated radiotap header length
- */
-
- if ((unsigned long)iterator->_arg -
- (unsigned long)iterator->_rtheader +
- sizeof(uint32_t) >
- (unsigned long)iterator->_max_length)
- return -EINVAL;
- }
-
- iterator->_arg += sizeof(uint32_t);
-
- /*
- * no need to check again for blowing past stated radiotap
- * header length, because ieee80211_radiotap_iterator_next
- * checks it before it is dereferenced
- */
- }
-
- iterator->this_arg = iterator->_arg;
-
- /* we are all initialized happily */
-
- return 0;
-}
-
-static void find_ns(struct ieee80211_radiotap_iterator *iterator,
- uint32_t oui, uint8_t subns)
-{
- int i;
-
- iterator->current_namespace = NULL;
-
- if (!iterator->_vns)
- return;
-
- for (i = 0; i < iterator->_vns->n_ns; i++) {
- if (iterator->_vns->ns[i].oui != oui)
- continue;
- if (iterator->_vns->ns[i].subns != subns)
- continue;
-
- iterator->current_namespace = &iterator->_vns->ns[i];
- break;
- }
-}
-
-#ifdef RADIOTAP_SUPPORT_OVERRIDES
-static int find_override(struct ieee80211_radiotap_iterator *iterator,
- int *align, int *size)
-{
- int i;
-
- if (!iterator->overrides)
- return 0;
-
- for (i = 0; i < iterator->n_overrides; i++) {
- if (iterator->_arg_index == iterator->overrides[i].field) {
- *align = iterator->overrides[i].align;
- *size = iterator->overrides[i].size;
- if (!*align) /* erroneous override */
- return 0;
- return 1;
- }
- }
-
- return 0;
-}
-#endif
-
-
-/**
- * ieee80211_radiotap_iterator_next - return next radiotap parser iterator arg
- * @iterator: radiotap_iterator to move to next arg (if any)
- *
- * Returns: 0 if there is an argument to handle,
- * -ENOENT if there are no more args or -EINVAL
- * if there is something else wrong.
- *
- * This function provides the next radiotap arg index (IEEE80211_RADIOTAP_*)
- * in @this_arg_index and sets @this_arg to point to the
- * payload for the field. It takes care of alignment handling and extended
- * present fields. @this_arg can be changed by the caller (eg,
- * incremented to move inside a compound argument like
- * IEEE80211_RADIOTAP_CHANNEL). The args pointed to are in
- * little-endian format whatever the endianess of your CPU.
- *
- * Alignment Gotcha:
- * You must take care when dereferencing iterator.this_arg
- * for multibyte types... the pointer is not aligned. Use
- * get_unaligned((type *)iterator.this_arg) to dereference
- * iterator.this_arg for type "type" safely on all arches.
- */
-
-int ieee80211_radiotap_iterator_next(
- struct ieee80211_radiotap_iterator *iterator)
-{
- while (1) {
- int hit = 0;
- int pad, align, size, subns;
- uint32_t oui;
-
- /* if no more EXT bits, that's it */
- if ((iterator->_arg_index % 32) == IEEE80211_RADIOTAP_EXT &&
- !(iterator->_bitmap_shifter & 1))
- return -ENOENT;
-
- if (!(iterator->_bitmap_shifter & 1))
- goto next_entry; /* arg not present */
-
- /* get alignment/size of data */
- switch (iterator->_arg_index % 32) {
- case IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE:
- case IEEE80211_RADIOTAP_EXT:
- align = 1;
- size = 0;
- break;
- case IEEE80211_RADIOTAP_VENDOR_NAMESPACE:
- align = 2;
- size = 6;
- break;
- default:
-#ifdef RADIOTAP_SUPPORT_OVERRIDES
- if (find_override(iterator, &align, &size)) {
- /* all set */
- } else
-#endif
- if (!iterator->current_namespace ||
- iterator->_arg_index >= iterator->current_namespace->n_bits) {
- if (iterator->current_namespace == &radiotap_ns)
- return -ENOENT;
- align = 0;
- } else {
- align = iterator->current_namespace->align_size[iterator->_arg_index].align;
- size = iterator->current_namespace->align_size[iterator->_arg_index].size;
- }
- if (!align) {
- /* skip all subsequent data */
- iterator->_arg = iterator->_next_ns_data;
- /* give up on this namespace */
- iterator->current_namespace = NULL;
- goto next_entry;
- }
- break;
- }
-
- /*
- * arg is present, account for alignment padding
- *
- * Note that these alignments are relative to the start
- * of the radiotap header. There is no guarantee
- * that the radiotap header itself is aligned on any
- * kind of boundary.
- *
- * The above is why get_unaligned() is used to dereference
- * multibyte elements from the radiotap area.
- */
-
- pad = ((unsigned long)iterator->_arg -
- (unsigned long)iterator->_rtheader) & (align - 1);
-
- if (pad)
- iterator->_arg += align - pad;
-
- if (iterator->_arg_index % 32 == IEEE80211_RADIOTAP_VENDOR_NAMESPACE) {
- int vnslen;
-
- if ((unsigned long)iterator->_arg + size -
- (unsigned long)iterator->_rtheader >
- (unsigned long)iterator->_max_length)
- return -EINVAL;
-
- oui = (*iterator->_arg << 16) |
- (*(iterator->_arg + 1) << 8) |
- *(iterator->_arg + 2);
- subns = *(iterator->_arg + 3);
-
- find_ns(iterator, oui, subns);
-
- vnslen = get_unaligned_le16(iterator->_arg + 4);
- iterator->_next_ns_data = iterator->_arg + size + vnslen;
- if (!iterator->current_namespace)
- size += vnslen;
- }
-
- /*
- * this is what we will return to user, but we need to
- * move on first so next call has something fresh to test
- */
- iterator->this_arg_index = iterator->_arg_index;
- iterator->this_arg = iterator->_arg;
- iterator->this_arg_size = size;
-
- /* internally move on the size of this arg */
- iterator->_arg += size;
-
- /*
- * check for insanity where we are given a bitmap that
- * claims to have more arg content than the length of the
- * radiotap section. We will normally end up equalling this
- * max_length on the last arg, never exceeding it.
- */
-
- if ((unsigned long)iterator->_arg -
- (unsigned long)iterator->_rtheader >
- (unsigned long)iterator->_max_length)
- return -EINVAL;
-
- /* these special ones are valid in each bitmap word */
- switch (iterator->_arg_index % 32) {
- case IEEE80211_RADIOTAP_VENDOR_NAMESPACE:
- iterator->_reset_on_ext = 1;
-
- iterator->is_radiotap_ns = 0;
- /*
- * If parser didn't register this vendor
- * namespace with us, allow it to show it
- * as 'raw. Do do that, set argument index
- * to vendor namespace.
- */
- iterator->this_arg_index =
- IEEE80211_RADIOTAP_VENDOR_NAMESPACE;
- if (!iterator->current_namespace)
- hit = 1;
- goto next_entry;
- case IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE:
- iterator->_reset_on_ext = 1;
- iterator->current_namespace = &radiotap_ns;
- iterator->is_radiotap_ns = 1;
- goto next_entry;
- case IEEE80211_RADIOTAP_EXT:
- /*
- * bit 31 was set, there is more
- * -- move to next u32 bitmap
- */
- iterator->_bitmap_shifter =
- get_unaligned_le32(iterator->_next_bitmap);
- iterator->_next_bitmap++;
- if (iterator->_reset_on_ext)
- iterator->_arg_index = 0;
- else
- iterator->_arg_index++;
- iterator->_reset_on_ext = 0;
- break;
- default:
- /* we've got a hit! */
- hit = 1;
- next_entry:
- iterator->_bitmap_shifter >>= 1;
- iterator->_arg_index++;
- }
-
- /* if we found a valid arg earlier, return it now */
- if (hit)
- return 0;
- }
-}
+++ /dev/null
-/*-
- * Copyright (c) 2003, 2004 David Young. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. The name of David Young may not be used to endorse or promote
- * products derived from this software without specific prior
- * written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY DAVID YOUNG ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
- * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DAVID
- * YOUNG BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
- * OF SUCH DAMAGE.
- */
-
-/*
- * Modifications to fit into the linux IEEE 802.11 stack,
- * Mike Kershaw (dragorn@kismetwireless.net)
- */
-
-#ifndef IEEE80211RADIOTAP_H
-#define IEEE80211RADIOTAP_H
-
-#include <stdint.h>
-
-/* Base version of the radiotap packet header data */
-#define PKTHDR_RADIOTAP_VERSION 0
-
-/* A generic radio capture format is desirable. There is one for
- * Linux, but it is neither rigidly defined (there were not even
- * units given for some fields) nor easily extensible.
- *
- * I suggest the following extensible radio capture format. It is
- * based on a bitmap indicating which fields are present.
- *
- * I am trying to describe precisely what the application programmer
- * should expect in the following, and for that reason I tell the
- * units and origin of each measurement (where it applies), or else I
- * use sufficiently weaselly language ("is a monotonically nondecreasing
- * function of...") that I cannot set false expectations for lawyerly
- * readers.
- */
-
-/* The radio capture header precedes the 802.11 header.
- * All data in the header is little endian on all platforms.
- */
-struct ieee80211_radiotap_header {
- uint8_t it_version; /* Version 0. Only increases
- * for drastic changes,
- * introduction of compatible
- * new fields does not count.
- */
- uint8_t it_pad;
- uint16_t it_len; /* length of the whole
- * header in bytes, including
- * it_version, it_pad,
- * it_len, and data fields.
- */
- uint32_t it_present; /* A bitmap telling which
- * fields are present. Set bit 31
- * (0x80000000) to extend the
- * bitmap by another 32 bits.
- * Additional extensions are made
- * by setting bit 31.
- */
-};
-
-/* Name Data type Units
- * ---- --------- -----
- *
- * IEEE80211_RADIOTAP_TSFT __le64 microseconds
- *
- * Value in microseconds of the MAC's 64-bit 802.11 Time
- * Synchronization Function timer when the first bit of the
- * MPDU arrived at the MAC. For received frames, only.
- *
- * IEEE80211_RADIOTAP_CHANNEL 2 x uint16_t MHz, bitmap
- *
- * Tx/Rx frequency in MHz, followed by flags (see below).
- *
- * IEEE80211_RADIOTAP_FHSS uint16_t see below
- *
- * For frequency-hopping radios, the hop set (first byte)
- * and pattern (second byte).
- *
- * IEEE80211_RADIOTAP_RATE u8 500kb/s
- *
- * Tx/Rx data rate
- *
- * IEEE80211_RADIOTAP_DBM_ANTSIGNAL s8 decibels from
- * one milliwatt (dBm)
- *
- * RF signal power at the antenna, decibel difference from
- * one milliwatt.
- *
- * IEEE80211_RADIOTAP_DBM_ANTNOISE s8 decibels from
- * one milliwatt (dBm)
- *
- * RF noise power at the antenna, decibel difference from one
- * milliwatt.
- *
- * IEEE80211_RADIOTAP_DB_ANTSIGNAL u8 decibel (dB)
- *
- * RF signal power at the antenna, decibel difference from an
- * arbitrary, fixed reference.
- *
- * IEEE80211_RADIOTAP_DB_ANTNOISE u8 decibel (dB)
- *
- * RF noise power at the antenna, decibel difference from an
- * arbitrary, fixed reference point.
- *
- * IEEE80211_RADIOTAP_LOCK_QUALITY uint16_t unitless
- *
- * Quality of Barker code lock. Unitless. Monotonically
- * nondecreasing with "better" lock strength. Called "Signal
- * Quality" in datasheets. (Is there a standard way to measure
- * this?)
- *
- * IEEE80211_RADIOTAP_TX_ATTENUATION uint16_t unitless
- *
- * Transmit power expressed as unitless distance from max
- * power set at factory calibration. 0 is max power.
- * Monotonically nondecreasing with lower power levels.
- *
- * IEEE80211_RADIOTAP_DB_TX_ATTENUATION uint16_t decibels (dB)
- *
- * Transmit power expressed as decibel distance from max power
- * set at factory calibration. 0 is max power. Monotonically
- * nondecreasing with lower power levels.
- *
- * IEEE80211_RADIOTAP_DBM_TX_POWER s8 decibels from
- * one milliwatt (dBm)
- *
- * Transmit power expressed as dBm (decibels from a 1 milliwatt
- * reference). This is the absolute power level measured at
- * the antenna port.
- *
- * IEEE80211_RADIOTAP_FLAGS u8 bitmap
- *
- * Properties of transmitted and received frames. See flags
- * defined below.
- *
- * IEEE80211_RADIOTAP_ANTENNA u8 antenna index
- *
- * Unitless indication of the Rx/Tx antenna for this packet.
- * The first antenna is antenna 0.
- *
- * IEEE80211_RADIOTAP_RX_FLAGS uint16_t bitmap
- *
- * Properties of received frames. See flags defined below.
- *
- * IEEE80211_RADIOTAP_TX_FLAGS uint16_t bitmap
- *
- * Properties of transmitted frames. See flags defined below.
- *
- * IEEE80211_RADIOTAP_RTS_RETRIES u8 data
- *
- * Number of rts retries a transmitted frame used.
- *
- * IEEE80211_RADIOTAP_DATA_RETRIES u8 data
- *
- * Number of unicast retries a transmitted frame used.
- *
- * IEEE80211_RADIOTAP_MCS u8, u8, u8 unitless
- *
- * Contains a bitmap of known fields/flags, the flags, and
- * the MCS index.
- *
- * IEEE80211_RADIOTAP_AMPDU_STATUS u32, u16, u8, u8 unitlesss
- *
- * Contains the AMPDU information for the subframe.
- */
-enum ieee80211_radiotap_type {
- IEEE80211_RADIOTAP_TSFT = 0,
- IEEE80211_RADIOTAP_FLAGS = 1,
- IEEE80211_RADIOTAP_RATE = 2,
- IEEE80211_RADIOTAP_CHANNEL = 3,
- IEEE80211_RADIOTAP_FHSS = 4,
- IEEE80211_RADIOTAP_DBM_ANTSIGNAL = 5,
- IEEE80211_RADIOTAP_DBM_ANTNOISE = 6,
- IEEE80211_RADIOTAP_LOCK_QUALITY = 7,
- IEEE80211_RADIOTAP_TX_ATTENUATION = 8,
- IEEE80211_RADIOTAP_DB_TX_ATTENUATION = 9,
- IEEE80211_RADIOTAP_DBM_TX_POWER = 10,
- IEEE80211_RADIOTAP_ANTENNA = 11,
- IEEE80211_RADIOTAP_DB_ANTSIGNAL = 12,
- IEEE80211_RADIOTAP_DB_ANTNOISE = 13,
- IEEE80211_RADIOTAP_RX_FLAGS = 14,
- IEEE80211_RADIOTAP_TX_FLAGS = 15,
- IEEE80211_RADIOTAP_RTS_RETRIES = 16,
- IEEE80211_RADIOTAP_DATA_RETRIES = 17,
-
- IEEE80211_RADIOTAP_MCS = 19,
- IEEE80211_RADIOTAP_AMPDU_STATUS = 20,
-
- /* valid in every it_present bitmap, even vendor namespaces */
- IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE = 29,
- IEEE80211_RADIOTAP_VENDOR_NAMESPACE = 30,
- IEEE80211_RADIOTAP_EXT = 31
-};
-
-/* Channel flags. */
-#define IEEE80211_CHAN_TURBO 0x0010 /* Turbo channel */
-#define IEEE80211_CHAN_CCK 0x0020 /* CCK channel */
-#define IEEE80211_CHAN_OFDM 0x0040 /* OFDM channel */
-#define IEEE80211_CHAN_2GHZ 0x0080 /* 2 GHz spectrum channel. */
-#define IEEE80211_CHAN_5GHZ 0x0100 /* 5 GHz spectrum channel */
-#define IEEE80211_CHAN_PASSIVE 0x0200 /* Only passive scan allowed */
-#define IEEE80211_CHAN_DYN 0x0400 /* Dynamic CCK-OFDM channel */
-#define IEEE80211_CHAN_GFSK 0x0800 /* GFSK channel (FHSS PHY) */
-
-/* For IEEE80211_RADIOTAP_FLAGS */
-#define IEEE80211_RADIOTAP_F_CFP 0x01 /* sent/received
- * during CFP
- */
-#define IEEE80211_RADIOTAP_F_SHORTPRE 0x02 /* sent/received
- * with short
- * preamble
- */
-#define IEEE80211_RADIOTAP_F_WEP 0x04 /* sent/received
- * with WEP encryption
- */
-#define IEEE80211_RADIOTAP_F_FRAG 0x08 /* sent/received
- * with fragmentation
- */
-#define IEEE80211_RADIOTAP_F_FCS 0x10 /* frame includes FCS */
-#define IEEE80211_RADIOTAP_F_DATAPAD 0x20 /* frame has padding between
- * 802.11 header and payload
- * (to 32-bit boundary)
- */
-#define IEEE80211_RADIOTAP_F_BADFCS 0x40 /* frame failed FCS check */
-
-/* For IEEE80211_RADIOTAP_RX_FLAGS */
-#define IEEE80211_RADIOTAP_F_RX_BADPLCP 0x0002 /* bad PLCP */
-
-/* For IEEE80211_RADIOTAP_TX_FLAGS */
-#define IEEE80211_RADIOTAP_F_TX_FAIL 0x0001 /* failed due to excessive
- * retries */
-#define IEEE80211_RADIOTAP_F_TX_CTS 0x0002 /* used cts 'protection' */
-#define IEEE80211_RADIOTAP_F_TX_RTS 0x0004 /* used rts/cts handshake */
-
-/* For IEEE80211_RADIOTAP_AMPDU_STATUS */
-#define IEEE80211_RADIOTAP_AMPDU_REPORT_ZEROLEN 0x0001
-#define IEEE80211_RADIOTAP_AMPDU_IS_ZEROLEN 0x0002
-#define IEEE80211_RADIOTAP_AMPDU_LAST_KNOWN 0x0004
-#define IEEE80211_RADIOTAP_AMPDU_IS_LAST 0x0008
-#define IEEE80211_RADIOTAP_AMPDU_DELIM_CRC_ERR 0x0010
-#define IEEE80211_RADIOTAP_AMPDU_DELIM_CRC_KNOWN 0x0020
-
-/* For IEEE80211_RADIOTAP_MCS */
-#define IEEE80211_RADIOTAP_MCS_HAVE_BW 0x01
-#define IEEE80211_RADIOTAP_MCS_HAVE_MCS 0x02
-#define IEEE80211_RADIOTAP_MCS_HAVE_GI 0x04
-#define IEEE80211_RADIOTAP_MCS_HAVE_FMT 0x08
-#define IEEE80211_RADIOTAP_MCS_HAVE_FEC 0x10
-#define IEEE80211_RADIOTAP_MCS_HAVE_STBC 0x20
-#define IEEE80211_RADIOTAP_MCS_HAVE_NESS 0x40
-#define IEEE80211_RADIOTAP_MCS_NESS_BIT1 0x80
-
-
-#define IEEE80211_RADIOTAP_MCS_BW_MASK 0x03
-#define IEEE80211_RADIOTAP_MCS_BW_20 0
-#define IEEE80211_RADIOTAP_MCS_BW_40 1
-#define IEEE80211_RADIOTAP_MCS_BW_20L 2
-#define IEEE80211_RADIOTAP_MCS_BW_20U 3
-#define IEEE80211_RADIOTAP_MCS_SGI 0x04
-#define IEEE80211_RADIOTAP_MCS_FMT_GF 0x08
-#define IEEE80211_RADIOTAP_MCS_FEC_LDPC 0x10
-#define IEEE80211_RADIOTAP_MCS_STBC_MASK 0x60
-#define IEEE80211_RADIOTAP_MCS_STBC_SHIFT 5
-#define IEEE80211_RADIOTAP_MCS_STBC_1 1
-#define IEEE80211_RADIOTAP_MCS_STBC_2 2
-#define IEEE80211_RADIOTAP_MCS_STBC_3 3
-#define IEEE80211_RADIOTAP_MCS_NESS_BIT0 0x80
-
-#endif /* IEEE80211_RADIOTAP_H */
+++ /dev/null
-#ifndef __RADIOTAP_ITER_H
-#define __RADIOTAP_ITER_H
-
-#include <stdint.h>
-#include "radiotap.h"
-
-/* Radiotap header iteration
- * implemented in radiotap.c
- */
-
-struct radiotap_override {
- uint8_t field;
- uint8_t align:4, size:4;
-};
-
-struct radiotap_align_size {
- uint8_t align:4, size:4;
-};
-
-struct ieee80211_radiotap_namespace {
- const struct radiotap_align_size *align_size;
- int n_bits;
- uint32_t oui;
- uint8_t subns;
-};
-
-struct ieee80211_radiotap_vendor_namespaces {
- const struct ieee80211_radiotap_namespace *ns;
- int n_ns;
-};
-
-/**
- * struct ieee80211_radiotap_iterator - tracks walk thru present radiotap args
- * @this_arg_index: index of current arg, valid after each successful call
- * to ieee80211_radiotap_iterator_next()
- * @this_arg: pointer to current radiotap arg; it is valid after each
- * call to ieee80211_radiotap_iterator_next() but also after
- * ieee80211_radiotap_iterator_init() where it will point to
- * the beginning of the actual data portion
- * @this_arg_size: length of the current arg, for convenience
- * @current_namespace: pointer to the current namespace definition
- * (or internally %NULL if the current namespace is unknown)
- * @is_radiotap_ns: indicates whether the current namespace is the default
- * radiotap namespace or not
- *
- * @overrides: override standard radiotap fields
- * @n_overrides: number of overrides
- *
- * @_rtheader: pointer to the radiotap header we are walking through
- * @_max_length: length of radiotap header in cpu byte ordering
- * @_arg_index: next argument index
- * @_arg: next argument pointer
- * @_next_bitmap: internal pointer to next present u32
- * @_bitmap_shifter: internal shifter for curr u32 bitmap, b0 set == arg present
- * @_vns: vendor namespace definitions
- * @_next_ns_data: beginning of the next namespace's data
- * @_reset_on_ext: internal; reset the arg index to 0 when going to the
- * next bitmap word
- *
- * Describes the radiotap parser state. Fields prefixed with an underscore
- * must not be used by users of the parser, only by the parser internally.
- */
-
-struct ieee80211_radiotap_iterator {
- struct ieee80211_radiotap_header *_rtheader;
- const struct ieee80211_radiotap_vendor_namespaces *_vns;
- const struct ieee80211_radiotap_namespace *current_namespace;
-
- unsigned char *_arg, *_next_ns_data;
- uint32_t *_next_bitmap;
-
- unsigned char *this_arg;
-#ifdef RADIOTAP_SUPPORT_OVERRIDES
- const struct radiotap_override *overrides;
- int n_overrides;
-#endif
- int this_arg_index;
- int this_arg_size;
-
- int is_radiotap_ns;
-
- int _max_length;
- int _arg_index;
- uint32_t _bitmap_shifter;
- int _reset_on_ext;
-};
-
-extern int ieee80211_radiotap_iterator_init(
- struct ieee80211_radiotap_iterator *iterator,
- struct ieee80211_radiotap_header *radiotap_header,
- int max_length, const struct ieee80211_radiotap_vendor_namespaces *vns);
-
-extern int ieee80211_radiotap_iterator_next(
- struct ieee80211_radiotap_iterator *iterator);
-
-#endif /* __RADIOTAP_ITER_H */
+++ /dev/null
-/**********************************************************************
-This is a wireless pcap capture and parser by example.
-By: Russell Handorf
-**********************************************************************/
-
-#include <pcap.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <errno.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <netinet/if_ether.h>
-#include <net/ethernet.h>
-#include <netinet/ether.h>
-#include <netinet/ip.h>
-#include <linux/if.h>
-#include <linux/wireless.h>
-#include <ctype.h>
-#include <unistd.h>
-#include "radiotap.h"
-#include "radiotap_iter.h"
-
-const struct pcap_pkthdr* callback_header;
-
-static const struct radiotap_align_size align_size_000000_00[] = {
- [0] = { .align = 1, .size = 4, },
- [52] = { .align = 1, .size = 4, },
-};
-
-typedef struct {
- u_int8_t it_version;
- u_int8_t it_pad;
- u_int16_t it_len;
- u_int32_t it_present;
-
- u_int32_t pad;
- u_int8_t flags;
- u_int8_t rate;
- u_int16_t wr_chan_freq;
- int8_t ant_sig;
- int8_t lock_quality;
- u_int8_t ant;
-
-} __attribute__((__packed__)) ieee80211_radiotap;
-
-typedef struct {
- unsigned short fc;
- unsigned short durid;
- u_char a1[6];
- u_char a2[6];
- u_char a3[6];
- unsigned short seq;
- u_char a4[6];
-} __attribute__((__packed__)) dot11_header;
-
-
-void format_mac(u_char * mac, char * f) {
- sprintf(f, "%02x:%02x:%02x:%02x:%02x:%02x", mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]);
-}
-
-void my_callback(u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet) {
-
- //printf("packet size: %d\n", pkthdr->len);
- //printf("packet: %02x \n", packet);
- //printf("%u\n", packet);
- int err, radiotap_header_len, ssid_len, i;
- int8_t rssi, rate;
- u_int16_t channel;
- char client_mac[18];
- char ssid[38];
-
- struct ieee80211_radiotap_iterator iter;
-
- radiotap_header_len = iter._max_length;
- dot11_header * dot_head = (dot11_header*) (packet + radiotap_header_len * sizeof(char) );
-
- err = ieee80211_radiotap_iterator_init(&iter, (void*)packet, pkthdr->caplen, NULL);
- if (err > 0) {
- }
-
- radiotap_header_len = iter._max_length;
-
- while (!(err = ieee80211_radiotap_iterator_next(&iter))) {
- if (iter.this_arg_index == IEEE80211_RADIOTAP_DBM_ANTSIGNAL) {
- rssi = (int8_t)iter.this_arg[0];
- }
- if (iter.this_arg_index == IEEE80211_RADIOTAP_CHANNEL) {
- channel = (*(uint16_t *)iter.this_arg);
- }
- if (iter.this_arg_index == IEEE80211_RADIOTAP_RATE) {
- rate = (u_int8_t)iter.this_arg[0];
- }
- /* if (iter.this_arg_index == IEEE80211_RADIOTAP_DBM_ANTNOISE) { */
- /* noise = (int8_t)iter.this_arg[0]; */
- /* } */
- };
-
- if (pkthdr->len >= 24) {
- u_int8_t hlen;
- hlen = packet[2]+(packet[3]<<8); //Usually 18 or 13 in some cases
- switch (packet[hlen]) {
- case 0x40:
- //memset(ssid, 0, sizeof(ssid));
- printf("Probe request\n");
- printf("probe request client mac: %02x:%02x:%02x:%02x:%02x:%02x\n", packet[44], packet[45],packet[46],packet[47],packet[48],packet[49]);
- ssid_len=packet[59];
- printf("probe size: %d\n", ssid_len);
- if (ssid_len>0) {
- for (i=0;i<ssid_len;++i){
- sprintf(ssid+i, "%c", packet[60+i]);
- }
- printf("probe ssid: %s\n", ssid);
- }
- break;
- case 0x50:
- printf("Probe response\n");
- printf("probe response client mac: %02x:%02x:%02x:%02x:%02x:%02x\n", packet[38], packet[39],packet[40],packet[41],packet[42],packet[43]);
- printf("probe response bssid mac: %02x:%02x:%02x:%02x:%02x:%02x\n", packet[44], packet[45],packet[46],packet[47],packet[48],packet[49]);
- ssid_len=packet[71];
- printf("probe response size: %d\n", ssid_len);
- for (i=0;i<ssid_len;++i){
- sprintf(ssid+i, "%c", packet[72+i]);
- }
- printf("probe response ssid: %s\n", ssid);
-
- break;
- case 0x80:
- //memset(&ssid[0], 0, sizeof(ssid));
- printf("Beacon\n");
- ssid_len=packet[hlen+37];
- printf("size: %d\n", ssid_len);
- for (i=0;i<ssid_len;++i){
- //printf("%c\n", packet[hlen+38+i]);
- sprintf(ssid+i, "%c", packet[hlen+38+i]);
- //puts(ssid);
- //printf("ssid: %c\n", ssid);
- //memcpy(ssid,packet[hlen+38+i],2);
- //ssid+=packet[hlen+38+i];
- //printf("counter: %d - ssid: %c\n", (hlen+38+i), packet[hlen+38+i]);
- }
- printf("BSSID: %02x:%02x:%02x:%02x:%02x:%02x\n", packet[50], packet[51],packet[52],packet[53],packet[54],packet[55]);
- printf("ssid: %s\n", ssid);
- break;
- }
- };
-
- //format_mac(dot_head->a2, client_mac);
-
- printf("rate: %d channel: %04x rssi: %d\n", rate, channel, rssi);
-}
-
-int main(int argc,char **argv)
-{
- int c;
- char *dev = NULL;
- char errbuf[PCAP_ERRBUF_SIZE];
- pcap_t* pcap;
- struct bpf_program fp; /* hold compiled program */
- bpf_u_int32 maskp; /* subnet mask */
- bpf_u_int32 netp; /* ip */
- u_char* args = NULL;
- char filter_exp[] = "";
- char *totpacket = NULL;
-
- while ((c = getopt (argc, argv, "ha:i:")) != -1)
- switch (c) {
- case 'a':
- totpacket = optarg;
- break;
- case 'i':
- dev = optarg;
- break;
- case 'h':
- printf("./disect -a -i\n\t-a : number of packets to sniff. (default 10)\n\t-i : wlan interface.\n");
- exit(0);
- default:
- return 0;
- }
-
- if (totpacket == NULL) {
- totpacket="-1";
- printf("-a not specified... setting to 10.\n");
- }
-
- if (dev == NULL) {
- printf("You forgot -i\n");
- exit(0);
- }
-
- printf ("%s %s\n", totpacket, dev);
-
- if(dev == NULL) {
- printf("%s\n",errbuf);
- exit(1);
- }
-
- /* ask pcap for the network address and mask of the device */
- pcap_lookupnet(dev,&netp,&maskp,errbuf);
-
- /* open device for reading. NOTE: defaulting to
- * promiscuous mode*/
- pcap = pcap_open_live(dev,BUFSIZ,1,-1,errbuf);
- pcap_set_promisc(pcap, 1);
-
- if(pcap == NULL) {
- printf("pcap_open_live(): %s\n",errbuf);
- exit(1);
- }
-
- pcap_set_datalink(pcap, DLT_IEEE802_11);
- pcap_set_datalink(pcap, DLT_IEEE802_11_RADIO_AVS);
- pcap_set_datalink(pcap, DLT_IEEE802_11_RADIO);
-
- pcap_setnonblock(pcap, 1, errbuf);
-
- int link_layer_type = pcap_datalink(pcap);
-
- //printf("type: %d\n", link_layer_type);
-
- if (link_layer_type == DLT_PRISM_HEADER ||
- link_layer_type == DLT_IEEE802_11_RADIO ||
- link_layer_type == DLT_IEEE802_11_RADIO_AVS ||
- link_layer_type == DLT_IEEE802_11 ||
- link_layer_type == DLT_PPI ||
- link_layer_type == 127 ) {
- if (pcap_compile(pcap, &fp, filter_exp, 0, netp) == -1) {
- fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(pcap));
- exit(EXIT_FAILURE);
- }
- if (pcap_setfilter(pcap, &fp) == -1) {
- fprintf(stderr, "Couldn't install filter %s: %s\n",
- filter_exp, pcap_geterr(pcap));
- exit(EXIT_FAILURE);
- }
- printf("starting\n");
-
- pcap_loop(pcap,atoi(totpacket),my_callback,NULL);
- } else {
- fprintf(stderr, "Not using the Wi-Fi interface, are you testing something?\n");
- }
- fprintf(stdout,"\nfinished\n");
- return 0;
-}
-
+++ /dev/null
-#!/usr/bin/perl
-
-use Net::Kismet;
-use DBI;
-
-my $dbh = DBI->connect("DBI:mysql:database=wireless;host=127.0.0.1",
- "USERNAME", "PASSWORD",
- {'RaiseError' => 1});
-
-$k = new Net::Kismet('localhost', 2501);
-$k->register('SSID', \&ssidhandler, '*');
-$k->register('BSSID', \&bssidhandler, '*');
-$k->register('CLIENT', \&clienthandler, '*');
-#$k->timer_register(\&timer, 5);
-KismetRun($k);
-
-
-sub ssidhandler {
- my $vars = shift;
- my $ssid = "<cloked>";
- if ($vars->{'ssid'} eq "") {
- $ssid = "<CLOKED>";
- } else {
- $ssid = $vars->{'ssid'};
- }
- #print $vars->{'mac'}."\n";
- #print "lt: ".$vars->{'lasttime'}."\n";
- #print "INSERT INTO ssid VALUES ('". $ssid. "', '" . $vars->{'mac'} . "', " . $vars->{'lasttime'} . ")";
- #print "\n";
- my $sth = $dbh->prepare("SELECT LASTSEEN from ssid where SSID=? and MAC='" . $vars->{'mac'} . "'");
- $sth->execute($ssid);
- if ($sth->rows() > 0) {
- $sth = $dbh->prepare("UPDATE ssid set LASTSEEN=" . $vars->{'lasttime'} . " where SSID=? and MAC = '" . $vars->{'mac'} . "'");
- } else {
- $sth = $dbh->prepare("INSERT INTO ssid VALUES (?, '" . $vars->{'mac'} . "', " . $vars->{'lasttime'} . ")");
- }
- $sth->execute($ssid);
-}
-
-sub bssidhandler {
- my $vars = shift;
- #print $vars->{'bssid'}."\n";
- #print "lt: ".$vars->{'lasttime'}."\n";
- #print "INSERT INTO bssid VALUES ('". $vars->{'bssid'}. "', " . $vars->{'lasttime'} . ")";
- my $sth = $dbh->prepare("SELECT LASTSEEN from bssid where BSSID='" . $vars->{'bssid'} . "'");
- $sth->execute();
- if ($sth->rows() > 0) {
- $dbh->do("UPDATE bssid set LASTSEEN=" . $vars->{'lasttime'} . " where BSSID = '" . $vars->{'bssid'} . "'");
- } else {
- $dbh->do("INSERT INTO bssid VALUES ('". $vars->{'bssid'}. "', " . $vars->{'lasttime'} . ")");
- }
- #$dbh->do("INSERT INTO bssid VALUES ('". $vars->{'bssid'}. "', " . $vars->{'lasttime'} . ")");
-}
-
-sub clienthandler {
- my $vars = shift;
- #print $vars->{'bssid'}."\n";
- #print $vars->{'mac'}."\n";
- #print "lt: ".$vars->{'lasttime'}."\n";
- my $sth = $dbh->prepare("SELECT LASTSEEN from clients where BSSID='". $vars->{'bssid'}. "' and MAC='" . $vars->{'mac'} . "'");
- $sth->execute();
- if ($sth->rows() > 0) {
- $dbh->do("UPDATE clients set LASTSEEN=" . $vars->{'lasttime'} . " where BSSID = '". $vars->{'bssid'}. "' and MAC = '" . $vars->{'mac'} . "'");
- } else {
- $dbh->do("INSERT INTO clients VALUES ('". $vars->{'bssid'}. "', '" . $vars->{'mac'} . "', " . $vars->{'lasttime'} . ")");
- #$dbh->do("INSERT INTO clients VALUES ('". $ssid. "', '" . $vars->{'mac'} . "', " . $vars->{'lasttime'} . ")");
- }
-
- #print "INSERT INTO clients VALUES ('". $vars->{'bssid'}. "', '" . $vars->{'mac'} . "', " . $vars->{'lasttime'} . ")";
- #print "\n";
- #$dbh->do("INSERT INTO clients VALUES ('". $vars->{'bssid'}. "', '" . $vars->{'mac'} . "', " . $vars->{'lasttime'} . ")");
-}
-
-
-
-sub timer {
- print "<<TIMER CALLBACK CALLED>>\n";
- # check for lame threads and kill if hung
- my $rin = "";
- vec ( $rin, fileno ("PREAD00"), 1 ) = 1;
- #while (1) {
- if ( $nfound = select($rout=$rin, undef, undef, 0) ) {
- $line = <PREAD00>;
- #print "TIMER: $line";
- }
- #}
-}
-
-sub print_hash {
- my $href = shift;
- while( my( $key, $val ) = each %{$href} ) {
- print "$key\t=>$val\n";
- }
-}
+++ /dev/null
-#!/bin/bash
-kismet_server -n > /dev/null 2>&1 &
-ssh username@server -L 3306:127.0.0.1:3306 -N > /dev/null 2>&1 &
projects / soho-sigint.git / commitdiff