📄 airodump-ng.c
字号:
/* * pcap-compatible 802.11 packet sniffer (Win32 version) * * Copyright (C) 2004,2005 Christophe Devine * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
#include <windows.h>
#include <stdio.h>
#include <time.h>
#define snprintf _snprintf
#include "capture.h"
#include "console.h"
#include "timeval.h"
#include "pcap.h"
#include "uniqueiv.c"
#define FORMAT_CAP 1
#define FORMAT_IVS 2
#define REFRESH_TIMEOUT 200000
#define BROADCAST_ADDR "\xFF\xFF\xFF\xFF\xFF\xFF"
/* linked list of detected access points */
struct AP_info
{
struct AP_info *prev; /* the prev AP in list */
struct AP_info *next; /* the next AP in list */
time_t tinit, tlast; /* first and last time seen */
int power, chanl; /* signal power and channel */
int speed, crypt; /* maxrate & encryption alg */
unsigned long nb_bcn; /* total number of beacons */
unsigned long nb_pkt; /* total number of packets */
unsigned long nb_data; /* number of WEP data pkts */
unsigned char bssid[6]; /* the access point's MAC */
unsigned char essid[33]; /* ascii network identifier */
unsigned char lanip[4]; /* last detected ip address */
/* if non-encrypted network */
unsigned char **uiv_root; /* unique iv root structure */
/* if wep-encrypted network */
};
/* linked list of detected clients */
struct ST_info
{
struct ST_info *prev; /* the prev client in list */
struct ST_info *next; /* the next client in list */
struct AP_info *base; /* AP this client belongs to */
time_t tinit, tlast; /* first and last time seen */
int power; /* signal power */
unsigned long nb_pkt; /* total number of packets */
unsigned char stmac[6]; /* the client's MAC address */
};
/* bunch of global stuff */
struct AP_info *ap_1st, *ap_end;
struct AP_info *ap_cur, *ap_prv;
struct ST_info *st_1st, *st_end;
struct ST_info *st_cur, *st_prv;
struct pcap_file_header pfh_out;
struct pcap_file_header pfh_out;
unsigned char prev_bssid[6];
FILE *f_cap_in = NULL;
FILE *f_csv_out = NULL;
FILE *f_cap_out = NULL;
FILE *f_ivs_out = NULL;
const unsigned char llcnull [4]= {0, 0, 0, 0 };
int dump_initialize( char *output_prefix, int ivs_only )
{
int n;
char o_filename[1024];
ap_1st = ap_end = NULL;
st_1st = st_end = NULL;
/* create the output csv file */
if( strlen( output_prefix ) >= sizeof( o_filename ) - 5 )
output_prefix[sizeof( o_filename ) - 5] = '\0';
if( strcmp( output_prefix, "-" ) != 0 )
{
memset( o_filename, 0, sizeof( o_filename ) );
snprintf( o_filename, sizeof( o_filename ) - 1,
"%s.txt", output_prefix );
if( ( f_csv_out = fopen( o_filename, "wb+" ) ) == NULL )
{
perror( "fopen failed" );
fprintf( stderr, "\n Could not create \"%s\".\n", o_filename );
return( 1 );
}
}
/* open or create the output packet capture file */
if( ivs_only == 0 )
{
n = sizeof( struct pcap_file_header );
if( strcmp( output_prefix, "-" ) != 0 )
{
memset( o_filename, 0, sizeof( o_filename ) );
snprintf( o_filename, sizeof( o_filename ) - 1,
"%s.cap", output_prefix );
}
else
{
f_cap_out = fdopen( 1, "wb" );
goto write_cap_header;
}
if( ( f_cap_out = fopen( o_filename, "rb+" ) ) == NULL )
{
create_cap_file:
if( ( f_cap_out = fopen( o_filename, "wb+" ) ) == NULL )
{
perror( "fopen failed" );
fprintf( stderr, "\n Could not create \"%s\".\n", o_filename );
return( 1 );
}
write_cap_header:
pfh_out.magic = TCPDUMP_MAGIC;
pfh_out.version_major = PCAP_VERSION_MAJOR;
pfh_out.version_minor = PCAP_VERSION_MINOR;
pfh_out.thiszone = 0;
pfh_out.sigfigs = 0;
pfh_out.snaplen = 65535;
pfh_out.linktype = LINKTYPE_IEEE802_11;
if( fwrite( &pfh_out, 1, n, f_cap_out ) != (size_t) n )
{
perror( "fwrite(pcap file header) failed" );
return( 1 );
}
}
else
{
if( fread( &pfh_out, 1, n, f_cap_out ) != (size_t) n )
goto create_cap_file;
if( pfh_out.magic != TCPDUMP_MAGIC &&
pfh_out.magic != TCPDUMP_CIGAM )
{
fprintf( stderr, "\n \"%s\" isn't a pcap file (expected "
"TCPDUMP_MAGIC).\n", o_filename );
return( 1 );
}
if( pfh_out.magic == TCPDUMP_CIGAM )
SWAP32( pfh_out.linktype );
if( pfh_out.linktype != LINKTYPE_IEEE802_11 )
{
fprintf( stderr, "\n Wrong linktype from pcap file header "
"(expected LINKTYPE_IEEE802_11) -\n"
"this doesn't look like a regular 802.11 "
"capture.\n" );
return( 1 );
}
if( fseek( f_cap_out, 0, SEEK_END ) != 0 )
{
perror( "fseek(SEEK_END) failed" );
return( 1 );
}
}
}
if( ivs_only == 1 )
{
memset( prev_bssid, 0, 6 );
if( strcmp( output_prefix, "-" ) != 0 )
{
memset( o_filename, 0, sizeof( o_filename ) );
snprintf( o_filename, sizeof( o_filename ) - 1,
"%s.ivs", output_prefix );
}
else
{
f_ivs_out = fdopen( 1, "wb" );
goto write_ivs_header;
}
if( ( f_ivs_out = fopen( o_filename, "rb+" ) ) == NULL )
{
create_ivs_file:
if( ( f_ivs_out = fopen( o_filename, "wb+" ) ) == NULL )
{
perror( "fopen failed" );
fprintf( stderr, "\n Could not create \"%s\".\n", o_filename );
return( 1 );
}
write_ivs_header:
if( fwrite( IVSONLY_MAGIC, 1, 4, f_ivs_out ) != sizeof( n ) )
{
perror( "fwrite(IVs file header) failed" );
return( 1 );
}
}
else
{
unsigned char ivs_hdr[4];
if( fread( ivs_hdr, 1, 4, f_ivs_out ) != 4 )
goto create_ivs_file;
if( memcmp( ivs_hdr, IVSONLY_MAGIC, 4 ) != 0 )
{
fprintf( stderr, "\n \"%s\" isn't a IVs file (expected "
"IVSONLY_MAGIC).\n", o_filename );
return( 1 );
}
if( fseek( f_ivs_out, 0, SEEK_END ) != 0 )
{
perror( "fseek(SEEK_END) failed" );
return( 1 );
}
}
}
return( 0 );
}
int dump_add_packet( unsigned char *h80211, int caplen, int power,
int channel, uint tv_sec, uint tv_usec )
{
int i, n;
struct pcap_pkthdr pkh;
unsigned char *p;
unsigned char bssid[6];
unsigned char stmac[6];
ap_cur = NULL;
st_cur = NULL;
pkh.caplen = pkh.len = caplen;
/* skip packets smaller than a 802.11 header */
if( pkh.caplen < 24 )
goto write_packet;
/* skip (uninteresting) control frames */
if( ( h80211[0] & 0x0C ) == 0x04 )
goto write_packet;
/* if it's a LLC null packet, just forget it (may change in the future) */
if ( caplen > 28)
if ( memcmp(h80211 + 24, llcnull, 4) == 0)
return ( 0 );
/* locate the access point's MAC address */
switch( h80211[1] & 3 )
{
case 0: memcpy( bssid, h80211 + 16, 6 ); break;
case 1: memcpy( bssid, h80211 + 4, 6 ); break;
case 2: memcpy( bssid, h80211 + 10, 6 ); break;
default: memcpy( bssid, h80211 + 4, 6 ); break;
}
/* skip broadcast packets */
if( memcmp( bssid, BROADCAST_ADDR, 6 ) == 0 )
goto write_packet;
/* update our chained list of access points */
ap_cur = ap_1st;
ap_prv = NULL;
while( ap_cur != NULL )
{
if( ! memcmp( ap_cur->bssid, bssid, 6 ) )
break;
ap_prv = ap_cur;
ap_cur = ap_cur->next;
}
/* if it's a new access point, add it */
if( ap_cur == NULL )
{
if( ! ( ap_cur = (struct AP_info *) malloc(
sizeof( struct AP_info ) ) ) )
{
perror( "malloc failed" );
return( 1 );
}
memset( ap_cur, 0, sizeof( struct AP_info ) );
if( ap_1st == NULL )
ap_1st = ap_cur;
else
ap_prv->next = ap_cur;
memcpy( ap_cur->bssid, bssid, 6 );
ap_cur->prev = ap_prv;
if( tv_sec == 0 )
{
ap_cur->tinit = time( NULL );
ap_cur->tlast = time( NULL );
}
else
{
ap_cur->tinit = tv_sec;
ap_cur->tlast = tv_sec;
}
ap_cur->power = power;
ap_cur->chanl = -1;
ap_cur->speed = -1;
ap_cur->crypt = -1;
ap_cur->uiv_root = uniqueiv_init();
ap_end = ap_cur;
}
if( tv_sec == 0 )
ap_cur->tlast = time( NULL );
else
ap_cur->tlast = tv_sec;
if( ( h80211[1] & 1 ) == 0 )
ap_cur->power = power;
if( h80211[0] == 0x80 )
ap_cur->nb_bcn++;
ap_cur->nb_pkt++;
/* locate the station MAC in the 802.11 header */
switch( h80211[1] & 3 )
{
case 0: memcpy( stmac, h80211 + 10, 6 ); break;
case 1: memcpy( stmac, h80211 + 10, 6 ); break;
case 2:
/* reject broadcast MACs */
if( h80211[4] != 0 ) goto skip_station;
memcpy( stmac, h80211 + 4, 6 ); break;
default: goto skip_station; break;
}
/* skip non-data packets */
if( ( h80211[0] & 0x0C ) != 0x08 )
goto skip_station;
/* update our chained list of wireless clients */
st_cur = st_1st;
st_prv = NULL;
while( st_cur != NULL )
{
if( ! memcmp( st_cur->stmac, stmac, 6 ) )
break;
st_prv = st_cur;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -