I built a simple sniffing program in C that gives me the raw frame data of all frames my monitor interface catches. Here is the code for it but I think it works fine.
#include <asm-generic/socket.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <fcntl.h> #include <errno.h> #include <sys/ioctl.h> #include <arpa/inet.h> #include <netinet/ether.h> #include <sys/socket.h> #include <netinet/in.h> #include <linux/if.h> #include <netdb.h> #include <linux/sockios.h> #define BYTE_TO_BINARY_PATTERN "%c%c%c%c%c%c%c%c" #define BYTE_TO_BINARY(byte) \ (byte & 0x80 ? '1' : '0'), \ (byte & 0x40 ? '1' : '0'), \ (byte & 0x20 ? '1' : '0'), \ (byte & 0x10 ? '1' : '0'), \ (byte & 0x08 ? '1' : '0'), \ (byte & 0x04 ? '1' : '0'), \ (byte & 0x02 ? '1' : '0'), \ (byte & 0x01 ? '1' : '0') void write_log(unsigned char *data, int size, int log_file){ for(int i = 0; i < size; i++){ if(i % 16 == 0 && i != 0){ dprintf(log_file, "\n"); } dprintf(log_file, "0x%02X ", data[i]); } dprintf(log_file, "\n"); for(int i = 0; i < size; i++){ if(i % 16 == 0 && i != 0){ dprintf(log_file, "\n"); } dprintf(log_file, BYTE_TO_BINARY_PATTERN" ", BYTE_TO_BINARY(data[i])); } dprintf(log_file, "\n\n\n"); } int main(int argc, char **argv){ int log_file = open("log.txt", O_CREAT | O_RDWR, S_IRWXO); int sock_raw = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); setsockopt(sock_raw, SOL_SOCKET, SO_BINDTODEVICE, argv[1], strlen(argv[1])); unsigned char *buffer = (unsigned char *)malloc(65536); int data_size = 0; while(1){ data_size = recvfrom(sock_raw, buffer, 65536, 0, 0, 0); write_log(buffer, data_size, log_file); } return 0; } Between many other frames that I think are fine I receive these which dont make any sense for me, neither in radiotap nor in 802.11 standard. Can someone tell what these are?
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0x34 0x81 0xC4 0xDC 0xDC 0x8C 0x88 0xE1 0x00 0x00 0xA0 0x00 0xB0 0x52 0xF0 0x07 0xE6 0x7F 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 11111111 11111111 11111111 11111111 11111111 11111111 00110100 10000001 11000100 11011100 11011100 10001100 10001000 11100001 00000000 00000000 10100000 00000000 10110000 01010010 11110000 00000111 11100110 01111111 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0x34 0x81 0xC4 0xDC 0xDC 0x8C 0x89 0x12 0x01 0x70 0xA0 0x00 0x00 0x00 0x1F 0x84 0x07 0xA3 0x97 0xA2 0x55 0x53 0xBE 0xF1 0xFC 0xF9 0x79 0x6B 0x52 0x14 0x13 0xE9 0xE2 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 11111111 11111111 11111111 11111111 11111111 11111111 00110100 10000001 11000100 11011100 11011100 10001100 10001001 00010010 00000001 01110000 10100000 00000000 00000000 00000000 00011111 10000100 00000111 10100011 10010111 10100010 01010101 01010011 10111110 11110001 11111100 11111001 01111001 01101011 01010010 00010100 00010011 11101001 11100010 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 These are two frames and the binary for each one is the same as the hex.
No comments:
Post a Comment