-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathl2ping80211.h
134 lines (119 loc) · 4.66 KB
/
l2ping80211.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
/* This file is part of Lorcon
lorcon is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
lorcon is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with lorcon; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Copyright (c) 2005 dragorn and Joshua Wright
*/
/* Prototypes */
void usage();
void to_upper (char *s);
int radiotap_offset(pcap_t *p, struct pcap_pkthdr *h);
void lamont_hdump(unsigned char *bp, unsigned int length);
int string2mac (char *string, uint8_t *mac_buf);
char *printmac(unsigned char *mac);
int watchfor(int type, int subtype, uint8_t *addr1,
uint8_t *addr2, uint8_t *addr3, int flags, int timeout);
void l2ping_test_datainvalidbssiddeauth(tx80211_t *in_tx, int npacks,
uint8_t *targetmac, uint32_t usectimeout);
void print_noresponse(uint8_t *mac, int num, int timeout);
void print_response(uint8_t *mac, int num, int len, int time);
void l2ping_test_datainvalidbssid(tx80211_t *in_tx, int npacks,
uint8_t *targetmac, uint32_t usectimeout);
void l2ping_test_rtscts(tx80211_t *in_tx, int npacks, uint8_t *targetmac,
uint32_t usectimeout);
#define SNAPLEN 2312
#define PROMISC 1
#define TIMEOUT 500 /* for pcap */
#define TRUE 1
#define FALSE 0
enum l2ping_test_type {
L2PING_TEST_NULLDATAMCAST=1,
L2PING_TEST_RTSCTS,
L2PING_TEST_DATAINVALIDBSSID,
L2PING_TEST_DATAINVALIDBSSIDDEAUTH,
L2PING_TEST_DATAVALIDBSSID,
L2PING_TEST_NULLDATAINVALIDSRC,
};
struct testcase {
uint32_t testnum;
char *testname;
char *testdesc;
/* Indicators for the MAC addresses the user must specify. */
int asmac;
int admac;
int abmac;
};
struct testcase testcases[] = {
{ L2PING_TEST_NULLDATAMCAST,
"NULL Data Multicast to AP",
"Multicast NULL data frames sent ToDS from an authorized station "
"address. AP will send frame to WLAN stations with FromDS set. Must "
"specify a valid station MAC address and BSSID. Destination address "
"is broadcast.",
TRUE,
FALSE,
FALSE /* We use the target address as the BSSID here */
},
{ L2PING_TEST_RTSCTS,
"RTS/CTS to STA",
"Send an RTS frame to a specified station address using an invalid "
"source (transmitter) MAC address. Station will send a CTS in "
"response to the transmitter address.",
FALSE,
FALSE, /* We use the target address as the dest here */
FALSE
},
{ L2PING_TEST_DATAINVALIDBSSID,
"NULL data frame to STA with invalid BSSID",
"Send a NULL data frame to a specified station address using an "
"invalid source and an invalid BSSID address, causing the station "
"to ACK the frame.",
FALSE,
FALSE, /* We use the target address as the dest here */
FALSE
},
{ L2PING_TEST_DATAINVALIDBSSIDDEAUTH,
"NULL data frame to STA with invalid BSSID, deauth resp",
"Send a NULL data frame to a specified station address using an "
"invalid source and an invalid BSSID address, causing the station "
"to ACK the frame. Many drivers will also spaz out deauth messages "
"following this test since they don't like receiving data frames from "
"a BSSID other than the one they are associated to. Measure response "
"on the deauth message since this comes from the driver itself, not "
"the card hardware (unlike the ACK which comes from the hardware).",
FALSE,
FALSE, /* We use the target address as the dest here */
FALSE
},
{ L2PING_TEST_DATAVALIDBSSID,
"NULL data frame to STA with valid BSSID",
"Send a NULL data frame to a specified station address using an "
"invalid source and a valid BSSID address, causing the station "
"to ACK the frame. This test will be more reliable than the "
"DATAINVALIDBSSID test, since the frame comes from a legitimate "
"BSSID, but we may observe \"false-positive\" responses, since an ACK "
"frame that is observed as the response can come from a different "
"data frame. Use a small timeout with this test for better accuracy.",
FALSE,
FALSE, /* We use the target address as the dest here */
TRUE
},
{ L2PING_TEST_NULLDATAINVALIDSRC,
"NULL data frame to AP with invalid source",
"Send a NULL data frame to an AP with an invalid source address, "
"prompting the AP to send a deauth frame in response. Uses the "
"broadcast destination address.",
FALSE,
FALSE,
FALSE, /* We use the target address as the bssid here */
},
{ 0, NULL, NULL, 0, 0, 0 },
};