I'm working throurgh a project with pcap and wireless. Following an example posted in response to oe of my earlier questions I am trying to extract the mac addresses from wireless frames. I have created structures for the radiotap header and a basic management frame. For some reason when it comes to trying to output the mac addresses I am printing out the wrong data. When I compare to wireshark I don't see why the radio tap data is printing out correctly but the mac addresses are not. I don't see any additional padding in the hex dump that wireshark displays when i look at the
packets and compare the
packets that I have captured. I am somewhat famialar with c but not an expert so maybe I am not using the pointers and structures properly could someone help show me what I am doing wrong?
Thanks,
Quentin
// main.c
// MacSniffer
//
#include <pcap.h>
#include <string.h>
#include <stdlib.h>
#define MAXBYTES2CAPTURE 65535
#ifdef WORDS_BIGENDIAN
typedef struct frame_control
{
unsigned int subtype:4; /*frame subtype field*/
unsigned int protoVer:2; /*frame type field*/
unsigned int version:2; /*protocol version*/
unsigned int order:1;
unsigned int protected:1;
unsigned int moreDate:1;
unsigned int power_management:1;
unsigned int retry:1;
unsigned int moreFrag:1;
unsigned int fromDS:1;
unsigned int toDS:1;
}frame_control;
struct ieee80211_radiotap_header{
u_int8_t it_version;
u_int8_t it_pad;
u_int16_t it_len;
u_int32_t it_present;
u_int64_t MAC_timestamp;
u_int8_t flags;
u_int8_t dataRate;
u_int16_t channelfrequency;
u_int16_t channFreq_pad;
u_int16_t channelType;
u_int16_t channType_pad;
u_int8_t ssiSignal;
u_int8_t ssiNoise;
u_int8_t antenna;
};
#else
typedef struct frame_control
{
unsigned int protoVer:2; /* protocol version*/
unsigned int type:2; /*frame type field (Management,Control,Data)*/
unsigned int subtype:4; /* frame subtype*/
unsigned int toDS:1; /* frame coming from Distribution system */
unsigned int fromDS:1; /*frame coming from Distribution system */
unsigned int moreFrag:1; /* More fragments?*/
unsigned int retry:1; /*was this frame retransmitted*/
unsigned int powMgt:1; /*Power Management*/
unsigned int moreDate:1; /*More Date*/
unsigned int protectedData:1; /*Protected Data*/
unsigned int order:1; /*Order*/
}frame_control;
struct ieee80211_radiotap_header{
u_int8_t it_version;
u_int8_t it_pad;
u_int16_t it_len;
u_int32_t it_present;
u_int64_t MAC_timestamp;
u_int8_t flags;
u_int8_t dataRate;
u_int16_t channelfrequency;
u_int16_t channelType;
int ssiSignal:8;
int ssiNoise:8;
};
#endif
struct wi_frame {
u_int16_t fc;
u_int16_t wi_duration;
u_int8_t wi_add1[6];
u_int8_t wi_add2[6];
u_int8_t wi_add3[6];
u_int16_t wi_sequenceControl;
// u_int8_t wi_add4[6];
//unsigned int qosControl:2;
//unsigned int frameBody[23124];
};
void processPacket(u_char *arg, const struct pcap_pkthdr* pkthdr, const u_char* packet)
{
int i= 0, *counter = (int *) arg;
struct ieee80211_radiotap_header *rh =(struct ieee80211_radiotap_header *)packet;
struct wi_frame *fr= (struct wi_frame *)(packet + rh->it_len);
u_char *ptr;
//printf("Frame Type: %d",fr->wi_fC->type);
printf("Packet count: %d\n", ++(*counter));
printf("Received Packet Size: %d\n", pkthdr->len);
if(rh->it_version != NULL)
{
printf("Radiotap Version: %d\n",rh->it_version);
}
if(rh->it_pad!=NULL)
{
printf("Radiotap Pad: %d\n",rh->it_pad);
}
if(rh->it_len != NULL)
{
printf("Radiotap Length: %d\n",rh->it_len);
}
if(rh->it_present != NULL)
{
printf("Radiotap Present: %c\n",rh->it_present);
}
if(rh->MAC_timestamp != NULL)
{
printf("Radiotap Timestamp: %u\n",rh->MAC_timestamp);
}
if(rh->dataRate != NULL)
{
printf("Radiotap Data Rate: %u\n",rh->dataRate);
}
if(rh->channelfrequency != NULL)
{
printf("Radiotap Channel Freq: %u\n",rh->channelfrequency);
}
if(rh->channelType != NULL)
{
printf("Radiotap Channel Type: %06x\n",rh->channelType);
}
if(rh->ssiSignal != NULL)
{
printf("Radiotap SSI signal: %d\n",rh->ssiSignal);
}
if(rh->ssiNoise != NULL)
{
printf("Radiotap SSI Noise: %d\n",rh->ssiNoise);
}
ptr = fr->wi_add1;
int k= 6;
printf("Destination Address:");
do{
printf("%s%X",(k==6)?" ":":",*ptr++);
}
while(--k>0);
printf("\n");
ptr = fr->wi_add2;
k=0;
printf("Source Address:");
do{
printf("%s%X",(k==6)?" ":":",*ptr++);
}while(--k>0);
printf("\n");
ptr = fr->wi_add3;
k=0;
do{
printf("%s%X",(k==6)?" ":":",*ptr++);
}
while(--k>0);
printf("\n");
/* for(int j = 0; j < 23124;j++)
{
if(fr->frameBody[j]!= NULL)
{
printf("%x",fr->frameBody[j]);
}
}
*/
for (i = 0;i<pkthdr->len;i++)
{
if(isprint(packet[i +rh->it_len]))
{
printf("%c",packet[i + rh->it_len]);
}
else{printf(".");}
//print newline after each section of the packet
if((i%16 ==0 && i!=0) ||(i==pkthdr->len-1))
{
printf("\n");
}
}
return;
}
int main(int argc, char** argv)
{
int count = 0;
pcap_t* descr = NULL;
char errbuf[PCAP_ERRBUF_SIZE], *device = NULL;
struct bpf_program fp;
char filter[]="wlan broadcast";
const u_char* packet;
memset(errbuf,0,PCAP_ERRBUF_SIZE);
device = argv[1];
if(device == NULL)
{
fprintf(stdout,"Supply a device name ");
}
descr = pcap_create(device,errbuf);
pcap_set_rfmon(descr,1);
pcap_set_promisc(descr,1);
pcap_set_snaplen(descr,30);
pcap_set_timeout(descr,10000);
pcap_activate(descr);
int dl =pcap_datalink(descr);
printf("The Data Link type is %s",pcap_datalink_val_to_name(dl));
//pcap_dispatch(descr,MAXBYTES2CAPTURE,1,512,errbuf);
//Open device in promiscuous mode
//descr = pcap_open_live(device,MAXBYTES2CAPTURE,1,512,errbuf);
/* if(pcap_compile(descr,&fp,filter,0,PCAP_NETMASK_UNKNOWN)==-1)
{
fprintf(stderr,"Error compiling filter\n");
exit(1);
}
if(pcap_setfilter(descr,&fp)==-1)
{
fprintf(stderr,"Error setting filter\n");
exit(1);
}
*/
pcap_loop(descr,0, processPacket, (u_char *) &count);
return 0;
}
