📄 airodump-ng.c
字号:
st_cur = st_cur->next;
}
/* if it's a new client, add it */
if( st_cur == NULL )
{
if( ! ( st_cur = (struct ST_info *) malloc(
sizeof( struct ST_info ) ) ) )
{
perror( "malloc failed" );
return( 1 );
}
memset( st_cur, 0, sizeof( struct ST_info ) );
if( st_1st == NULL )
st_1st = st_cur;
else
st_prv->next = st_cur;
memcpy( st_cur->stmac, stmac, 6 );
st_cur->prev = st_prv;
st_cur->base = ap_cur;
if( tv_sec == 0 )
{
st_cur->tinit = time( NULL );
st_cur->tlast = time( NULL );
}
else
{
st_cur->tinit = tv_sec;
st_cur->tlast = tv_sec;
}
st_cur->power = power;
st_end = st_cur;
}
/* every 1s, update the last time seen & receive power */
if( tv_sec == 0 )
st_cur->tlast = time( NULL );
else
st_cur->tlast = tv_sec;
if( ( h80211[1] & 3 ) == 1 )
st_cur->power = power;
st_cur->nb_pkt++;
skip_station:
/* packet parsing: Beacon or Probe Response */
if( h80211[0] == 0x80 ||
h80211[0] == 0x50 )
{
if( ap_cur->crypt < 0 )
ap_cur->crypt = ( h80211[34] & 0x10 ) >> 4;
p = h80211 + 36;
while( p < h80211 + pkh.caplen )
{
if( p + 2 + p[1] > h80211 + pkh.caplen )
break;
if( p[0] == 0x00 && p[1] > 0 && p[2] != '\0' &&
( p[1] > 1 || p[2] != ' ' ) )
{
/* found a non-cloaked ESSID */
n = ( p[1] > 32 ) ? 32 : p[1];
memset( ap_cur->essid, 0, 33 );
memcpy( ap_cur->essid, p + 2, n );
for( i = 0; i < n; i++ )
if( ap_cur->essid[i] < 32 ||
( ap_cur->essid[i] > 126 && ap_cur->essid[i] < 160 ) )
ap_cur->essid[i] = '.';
}
if( p[0] == 0x01 || p[0] == 0x32 )
ap_cur->speed = ( p[1 + p[1]] & 0x7F ) / 2;
if( p[0] == 0x03 )
ap_cur->chanl = p[2];
p += 2 + p[1];
}
}
/* packet parsing: Association Request */
if( h80211[0] == 0x00 )
{
p = h80211 + 28;
while( p < h80211 + pkh.caplen )
{
if( p + 2 + p[1] > h80211 + pkh.caplen )
break;
if( p[0] == 0x00 && p[1] > 0 && p[2] != '\0' &&
( p[1] > 1 || p[2] != ' ' ) )
{
/* found a non-cloaked ESSID */
n = ( p[1] > 32 ) ? 32 : p[1];
memset( ap_cur->essid, 0, 33 );
memcpy( ap_cur->essid, p + 2, n );
for( i = 0; i < n; i++ )
if( ap_cur->essid[i] < 32 ||
( ap_cur->essid[i] > 126 && ap_cur->essid[i] < 160 ) )
ap_cur->essid[i] = '.';
}
p += 2 + p[1];
}
}
/* packet parsing: some data */
if( ap_cur->chanl == -1 )
ap_cur->chanl = channel;
if( ( h80211[0] & 0x0C ) == 0x08 )
{
/* check the SNAP header to see if data is encrypted */
unsigned int z = ( ( h80211[1] & 3 ) != 3 ) ? 24 : 30;
if( z + 26 > pkh.caplen )
goto write_packet;
if( h80211[z] == h80211[z + 1] && h80211[z + 2] == 0x03 )
{
if( ap_cur->crypt < 0 )
ap_cur->crypt = 0;
/* if ethertype == IPv4, find the LAN address */
if( h80211[z + 6] == 0x08 && h80211[z + 7] == 0x00 &&
( h80211[1] & 3 ) == 0x01 )
memcpy( ap_cur->lanip, &h80211[z + 20], 4 );
if( h80211[z + 6] == 0x08 && h80211[z + 7] == 0x06 )
memcpy( ap_cur->lanip, &h80211[z + 22], 4 );
}
else
ap_cur->crypt = 2 + ( ( h80211[z + 3] & 0x20 ) >> 5 );
if( z + 10 > pkh.caplen )
goto write_packet;
if( ap_cur->crypt == 2 )
{
/* WEP: check if we've already seen this IV */
if( ! uniqueiv_check( ap_cur->uiv_root, &h80211[z] ) )
{
/* first time seen IVs */
if( f_ivs_out != NULL )
{
unsigned char iv_info[64];
if( memcmp( prev_bssid, ap_cur->bssid, 6 ) == 0 )
{
iv_info[0] = 0xFF;
memcpy( iv_info + 1, &h80211[z ], 3 );
memcpy( iv_info + 4, &h80211[z + 4], 2 );
n = 6;
}
else
{
memcpy( prev_bssid , ap_cur->bssid, 6 );
memcpy( iv_info , ap_cur->bssid, 6 );
memcpy( iv_info + 6, &h80211[z ], 3 );
memcpy( iv_info + 9, &h80211[z + 4], 2 );
n = 11;
}
if( fwrite( iv_info, 1, n, f_ivs_out ) != (size_t) n )
{
perror( "fwrite(IV info) failed" );
return( 1 );
}
}
uniqueiv_mark( ap_cur->uiv_root, &h80211[z] );
ap_cur->nb_data++;
}
}
else
ap_cur->nb_data++;
}
write_packet:
if( f_cap_out != NULL )
{
struct timeval tv;
gettimeofday( &tv, NULL );
if( tv_sec == 0 )
{
pkh.tv_sec = tv.tv_sec;
pkh.tv_usec = ( tv.tv_usec & ~0x1ff ) + power;
}
else
{
pkh.tv_sec = tv_sec;
pkh.tv_usec = tv_usec;
}
if( pfh_out.magic == TCPDUMP_CIGAM )
{
SWAP32( pkh.tv_sec );
SWAP32( pkh.tv_usec );
SWAP32( pkh.caplen );
SWAP32( pkh.len );
}
n = sizeof( pkh );
if( fwrite( &pkh, 1, n, f_cap_out ) != (size_t) n )
{
perror( "fwrite(packet header) failed" );
return( 1 );
}
fflush( stdout );
n = pkh.caplen;
if( fwrite( h80211, 1, n, f_cap_out ) != (size_t) n )
{
perror( "fwrite(packet data) failed" );
return( 1 );
}
fflush( stdout );
}
return( 0 );
}
void dump_print( int ws_row, int ws_col )
{
int nlines;
char strbuf[512];
/* print some informations about each detected AP */
fprintf( stderr, "\n BSSID PWR Beacons"
" # Data CH MB ENC ESSID\n\n" );
nlines = 5;
ap_cur = ap_end;
while( ap_cur != NULL )
{
if( f_cap_in == NULL && ( ap_cur->nb_pkt < 2 ||
time( NULL ) - ap_cur->tlast > 120 ) )
{
ap_cur = ap_cur->prev;
continue;
}
if( ws_row != 0 && nlines > ws_row )
return;
nlines++;
fprintf( stderr, " %02X:%02X:%02X:%02X:%02X:%02X",
ap_cur->bssid[0], ap_cur->bssid[1],
ap_cur->bssid[2], ap_cur->bssid[3],
ap_cur->bssid[4], ap_cur->bssid[5] );
fprintf( stderr, " %3d %8ld %8ld",
ap_cur->power,
ap_cur->nb_bcn,
ap_cur->nb_data );
fprintf( stderr, " %3d %3d ", ap_cur->chanl, ap_cur->speed );
switch( ap_cur->crypt )
{
case 0: fprintf( stderr, "OPN " ); break;
case 1: fprintf( stderr, "WEP?" ); break;
case 2: fprintf( stderr, "WEP " ); break;
case 3: fprintf( stderr, "WPA " ); break;
default: fprintf( stderr, " " ); break;
}
memset( strbuf, 0, sizeof( strbuf ) );
snprintf( strbuf, sizeof( strbuf ) - 1,
"%-32s", ap_cur->essid );
strbuf[ws_col - 58] = '\0';
fprintf( stderr, " %s\n", strbuf );
ap_cur = ap_cur->prev;
}
/* print some informations about each detected station */
memset( strbuf, 0, ws_col );
nlines += 3;
if( ws_row != 0 && nlines > ws_row )
return;
memset( strbuf, 0x20, ws_col - 1 );
fprintf( stderr, "%s\n", strbuf );
memcpy( strbuf, " BSSID STATION "
" PWR Packets ESSID", 58 );
fprintf( stderr, "%s\n", strbuf );
memset( strbuf, 0x20, ws_col - 1 );
fprintf( stderr, "%s\n", strbuf );
ap_cur = ap_end;
while( ap_cur != NULL )
{
if( f_cap_in == NULL && ( ap_cur->nb_pkt < 2 ||
time( NULL ) - ap_cur->tlast > 120 ) )
{
ap_cur = ap_cur->prev;
continue;
}
if( ws_row != 0 && nlines > ws_row )
return;
st_cur = st_end;
while( st_cur != NULL )
{
if( st_cur->base != ap_cur || ( f_cap_in == NULL &&
time( NULL ) - ap_cur->tlast > 120 ) )
{
st_cur = st_cur->prev;
continue;
}
if( ws_row != 0 && nlines > ws_row )
return;
nlines++;
fprintf( stderr, " %02X:%02X:%02X:%02X:%02X:%02X",
ap_cur->bssid[0], ap_cur->bssid[1],
ap_cur->bssid[2], ap_cur->bssid[3],
ap_cur->bssid[4], ap_cur->bssid[5] );
fprintf( stderr, " %02X:%02X:%02X:%02X:%02X:%02X",
st_cur->stmac[0], st_cur->stmac[1],
st_cur->stmac[2], st_cur->stmac[3],
st_cur->stmac[4], st_cur->stmac[5] );
if( st_cur->power != -1 )
fprintf( stderr, " %3d", st_cur->power );
else
fprintf( stderr, " " );
fprintf( stderr, " %8ld", st_cur->nb_pkt );
memset( strbuf, 0, sizeof( strbuf ) );
snprintf( strbuf, sizeof( strbuf ) - 1,
"%-32s", ap_cur->essid );
strbuf[ws_col - 54] = '\0';
fprintf( stderr, " %s\n", strbuf );
st_cur = st_cur->prev;
}
ap_cur = ap_cur->prev;
}
}
void dump_write_csv( void )
{
struct tm *ltime;
if( f_csv_out == NULL )
return;
fseek( f_csv_out, 0, SEEK_SET );
fprintf( f_csv_out,
"\r\nBSSID, First time seen, Last time seen, Channel, Speed, "
"Privacy, Power, # beacons, # data, LAN IP, ESSID\r\n" );
ap_cur = ap_1st;
while( ap_cur != NULL )
{
if( ap_cur->nb_pkt < 2 )
{
ap_cur = ap_cur->next;
continue;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -