public void ReadingPacketsFromFile()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/80211_plus_radiotap_header.pcap");
dev.Open();
var rawCapture = dev.GetNextPacket();
dev.Close();
RadioPacket p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data) as RadioPacket;
Assert.IsNotNull(p);
Assert.IsNotNull(p[RadioTapType.Flags]);
Assert.IsNotNull(p[RadioTapType.Rate]);
Assert.IsNotNull(p[RadioTapType.Channel]);
Assert.IsNotNull(p[RadioTapType.DbmAntennaSignal]);
Assert.IsNotNull(p[RadioTapType.DbmAntennaNoise]);
Assert.IsNotNull(p[RadioTapType.LockQuality]);
Assert.IsNotNull(p[RadioTapType.Antenna]);
Assert.IsNotNull(p[RadioTapType.DbAntennaSignal]);
MacFrame macFrame = p.PayloadPacket as MacFrame;
Assert.IsNotNull(macFrame);
Assert.IsTrue(macFrame.AppendFcs);
}
public void ReadPacketWithNoFcs()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/80211_radio_without_fcs.pcap");
dev.Open();
var rawCapture = dev.GetNextPacket();
dev.Close();
RadioPacket p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data) as RadioPacket;
Assert.IsNotNull(p.PayloadPacket);
TsftRadioTapField tsftField = p[RadioTapType.Tsft] as TsftRadioTapField;
Assert.IsNotNull(tsftField);
Assert.AreEqual(38724775, tsftField.TimestampUsec);
FlagsRadioTapField flagsField = p[RadioTapType.Flags] as FlagsRadioTapField;
Assert.IsNotNull(flagsField);
Assert.AreEqual(0, (Int32)flagsField.Flags);
RateRadioTapField rateField = p[RadioTapType.Rate] as RateRadioTapField;
Assert.IsNotNull(rateField);
Assert.AreEqual(1, rateField.RateMbps);
ChannelRadioTapField channelField = p[RadioTapType.Channel] as ChannelRadioTapField;
Assert.IsNotNull(channelField);
Assert.AreEqual(2462, channelField.FrequencyMHz);
Assert.AreEqual(11, channelField.Channel);
Assert.AreEqual(RadioTapChannelFlags.Channel2Ghz | RadioTapChannelFlags.Cck, channelField.Flags);
DbmAntennaSignalRadioTapField dbmSignalField = p[RadioTapType.DbmAntennaSignal] as DbmAntennaSignalRadioTapField;
Assert.IsNotNull(dbmSignalField);
Assert.AreEqual(-61, dbmSignalField.AntennaSignalDbm);
DbmAntennaNoiseRadioTapField dbmNoiseField = p[RadioTapType.DbmAntennaNoise] as DbmAntennaNoiseRadioTapField;
Assert.IsNotNull(dbmNoiseField);
Assert.AreEqual(-84, dbmNoiseField.AntennaNoisedBm);
AntennaRadioTapField antennaField = p[RadioTapType.Antenna] as AntennaRadioTapField;
Assert.IsNotNull(antennaField);
Assert.AreEqual(0, antennaField.Antenna);
DbAntennaSignalRadioTapField dbSignalField = p[RadioTapType.DbAntennaSignal] as DbAntennaSignalRadioTapField;
Assert.IsNotNull(dbSignalField);
Assert.AreEqual(23, dbSignalField.SignalStrengthdB);
MacFrame macFrame = p.PayloadPacket as MacFrame;
Assert.IsFalse(macFrame.AppendFcs);
Assert.IsFalse(macFrame.FCSValid);
}
public void UnhandledRadioTapField()
{
MemoryStream ms = new MemoryStream();
BinaryWriter bs = new BinaryWriter(ms);
bs.Write((Byte)0x0); //version
bs.Write((Byte)0x0); //pad
bs.Write((UInt16)0x0010); //length
bs.Write((UInt32)0x80000002); //present 1 (wth flags field)
bs.Write((UInt32)0x00010000); //present 2 (with unhandled field)
bs.Write((UInt16)0x0010); //Flags field (FCS included flag set)
bs.Write((UInt16)0x1234); //a made up field that we want to keep even though we dont know what it is
var dev = new CaptureFileReaderDevice("../../CaptureFiles/80211_plus_radiotap_header.pcap");
dev.Open();
var rawCapture = dev.GetNextPacket();
dev.Close();
RadioPacket anotherRadioPacket = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data) as RadioPacket;
bs.Write(anotherRadioPacket.PayloadPacket.Bytes);
var radioTap = ms.ToArray();
RadioPacket p = Packet.ParsePacket(LinkLayers.Ieee80211_Radio, radioTap) as RadioPacket;
Assert.AreEqual(16, p.Length);
p.Add(new TsftRadioTapField(0x123456789));
RadioPacket finalFrame = Packet.ParsePacket(LinkLayers.Ieee80211_Radio, p.Bytes) as RadioPacket;
Assert.AreEqual(24, finalFrame.Length);
Assert.AreEqual(0x1234, EndianBitConverter.Little.ToUInt16(finalFrame.Bytes, finalFrame.Length - 2));
}
public override void HandlePacket(RadioPacket packet, BeaconFrame bp)
{
var signal = packet[RadioTapType.DbmAntennaSignal];
var ssidObj = bp.InformationElements.First(b => b.Id.ToString() == "ServiceSetIdentity");
var ssid = Encoding.UTF8.GetString(ssidObj.Value, 0, ssidObj.ValueLength).Trim();
if (string.IsNullOrWhiteSpace(ssid))
{
return;
}
var dbs = signal.ToString().Split(' ', StringSplitOptions.TrimEntries)[1];
var db = int.Parse(dbs);
var output = $"{DateTime.Now},Beacon,{bp.SourceAddress},{ssid},{Helper.DbToPercent(db)}";
if (BeaconCache.UpdateCache(bp.SourceAddress.ToString(), ssid, Helper.DbToPercentInt(db)))
{
var mac = new WiFiMac {
MAC = bp.SourceAddress.ToString()
};
var ap = new WiFiAccessPoint
{
LastSeen = DateTime.Now,
WiFiMac = mac,
WiFiNetworkName = new WiFiNetworkName {
SSID = ssid
}
};
ApiQueue.QueueItem(ap);
Log(output);
}
}
public void ConstructFrameWithSinglePresenceField()
{
var p = new RadioPacket();
var expectedLength = 8;
Assert.AreEqual(expectedLength, p.Length);
var flagsField = new FlagsRadioTapField();
flagsField.Flags |= RadioTapFlags.FcsIncludedInFrame;
flagsField.Flags |= RadioTapFlags.WepEncrypted;
p.Add(flagsField);
expectedLength += flagsField.Length;
Assert.AreEqual(expectedLength, p.Length);
//We will add the noise field before the signal field. This is not the order required
//for radiotap and so will test that the fields are correctly reordered when written
var dbAntennaNoiseField = new DbAntennaNoiseRadioTapField {
AntennaNoisedB = 33
};
p.Add(dbAntennaNoiseField);
expectedLength += dbAntennaNoiseField.Length;
Assert.AreEqual(expectedLength, p.Length);
var dbAntennaSignalField = new DbAntennaSignalRadioTapField {
SignalStrengthdB = 44
};
p.Add(dbAntennaSignalField);
expectedLength += dbAntennaSignalField.Length;
Assert.AreEqual(expectedLength, p.Length);
//we will just put a single byte of data because we dont want it to be parsed into
//an 802.11 frame in this test
p.PayloadData = new byte[] { 0xFF };
var frameBytes = p.Bytes;
var recreatedFrame = Packet.ParsePacket(LinkLayers.Ieee80211Radio, frameBytes) as RadioPacket;
Assert.IsNotNull(p[RadioTapType.Flags]);
Assert.IsNotNull(p[RadioTapType.DbAntennaSignal]);
Assert.IsNotNull(p[RadioTapType.DbAntennaNoise]);
Assert.AreEqual(new byte[] { 0xFF }, recreatedFrame.PayloadData);
}
public void TestContainsField()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/80211_plus_radiotap_header.pcap");
dev.Open();
var rawCapture = dev.GetNextPacket();
dev.Close();
RadioPacket p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data) as RadioPacket;
Assert.IsNotNull(p);
Assert.IsTrue(p.Contains(RadioTapType.Flags));
Assert.IsFalse(p.Contains(RadioTapType.Fhss));
}
public void RemoveRadioTapField()
{
var dev = new CaptureFileReaderDevice("../../CaptureFiles/80211_plus_radiotap_header.pcap");
dev.Open();
var rawCapture = dev.GetNextPacket();
dev.Close();
RadioPacket p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data) as RadioPacket;
Assert.IsNotNull(p);
Assert.IsNotNull(p[RadioTapType.Flags]);
Assert.IsNotNull(p[RadioTapType.Rate]);
Assert.IsNotNull(p[RadioTapType.Channel]);
Assert.IsNotNull(p[RadioTapType.DbmAntennaSignal]);
Assert.IsNotNull(p[RadioTapType.DbmAntennaNoise]);
Assert.IsNotNull(p[RadioTapType.LockQuality]);
Assert.IsNotNull(p[RadioTapType.Antenna]);
Assert.IsNotNull(p[RadioTapType.DbAntennaSignal]);
MacFrame macFrame = p.PayloadPacket as MacFrame;
Assert.IsNotNull(macFrame);
Assert.IsTrue(macFrame.AppendFcs);
Assert.IsTrue(macFrame.FCSValid);
//Now remove a couple of radio tap fields and check that it is still valid
p.Remove(RadioTapType.Rate);
p.Remove(RadioTapType.Antenna);
RadioPacket recreatedFrame = Packet.ParsePacket(rawCapture.LinkLayerType, p.Bytes) as RadioPacket;
Assert.IsNotNull(recreatedFrame);
Assert.IsNotNull(recreatedFrame[RadioTapType.Flags]);
Assert.IsNull(recreatedFrame[RadioTapType.Rate]);
Assert.IsNotNull(recreatedFrame[RadioTapType.Channel]);
Assert.IsNotNull(recreatedFrame[RadioTapType.DbmAntennaSignal]);
Assert.IsNotNull(recreatedFrame[RadioTapType.DbmAntennaNoise]);
Assert.IsNotNull(recreatedFrame[RadioTapType.LockQuality]);
Assert.IsNull(recreatedFrame[RadioTapType.Antenna]);
Assert.IsNotNull(recreatedFrame[RadioTapType.DbAntennaSignal]);
MacFrame recreatedMacFrame = p.PayloadPacket as MacFrame;
Assert.IsNotNull(recreatedMacFrame);
Assert.IsTrue(recreatedMacFrame.AppendFcs);
Assert.IsTrue(recreatedMacFrame.FCSValid);
}
/// <summary>
/// Parse bytes into a packet
/// </summary>
/// <param name="linkLayer">
/// A <see cref="LinkLayers" />
/// </param>
/// <param name="packetData">
/// A <see cref="System.Byte" />
/// </param>
/// <returns>
/// A <see cref="Packet" />
/// </returns>
public static Packet ParsePacket(LinkLayers linkLayer, byte[] packetData)
{
Packet p;
var bas = new ByteArraySegment(packetData);
Log.DebugFormat("LinkLayer {0}", linkLayer);
switch (linkLayer)
{
case LinkLayers.Ethernet:
p = new EthernetPacket(bas);
break;
case LinkLayers.LinuxSLL:
p = new LinuxSLLPacket(bas);
break;
case LinkLayers.Ppp:
p = new PPPPacket(bas);
break;
case LinkLayers.Ieee80211:
p = MacFrame.ParsePacket(bas);
break;
case LinkLayers.Ieee80211_Radio:
p = new RadioPacket(bas);
break;
case LinkLayers.PerPacketInformation:
p = new PpiPacket(bas);
break;
//http://sourceforge.net/p/packetnet/patches/1/
case LinkLayers.Raw:
var ipVer = (packetData[0] & 0xf0) >> 4;
p = (ipVer == 4)? new IPv4Packet(bas) : new IPv6Packet(bas) as Packet;
break;
default:
throw new NotImplementedException("LinkLayer of " + linkLayer + " is not implemented");
}
return(p);
}
public static bool ParsePacket(byte b)
{
bool fullPacket = false;
switch(state){
case (int)RXState.IDLE:
if(b == 0x7E){
packet = new RadioPacket();
state++;
}
break;
case (int)RXState.LEN_UPPER:
packet.length = (ushort)(b << 8);
state++;
break;
case (int)RXState.LEN_LOWER:
packet.length |= b;
//~ Debug.Log(packet.length);
state++;
break;
case (int)RXState.COMMAND:
packet.command = b;
if(b == (byte)PacketIdentifier.PACKET_RX){
//~ Debug.Log("Identified as Packet RX");
packet.data = new byte[packet.length-11];
//~ Debug.Log("SETTING DATA SIZE: " + (packet.length-11));
bytesRead = 0;
state++;
}
else{
bytesRead = 0;
//~ Debug.Log("UNKNOWN PACKET TYPE");
state = (int)RXState.UNKNOWN;
}
break;
case (int)RXState.SRC64:
packet.srcAddr.bytes[bytesRead] = b;
bytesRead++;
if(bytesRead == 8){
bytesRead = 0;
state++;
}
break;
//~ case (int)RXState.SRC16:
//~ bytesRead++;
//~ if(bytesRead == 2){
//~ bytesRead = 0;
//~ state++;
//~ }
//~ break;
case (int)RXState.RSSI:
packet.rssi = b;
state++;
break;
case (int)RXState.OPTIONS:
packet.options = b;
state++;
break;
case (int)RXState.DATA:
packet.data[bytesRead] = b;
bytesRead++;
if(bytesRead == packet.data.Length){
state++;
}
break;
case (int)RXState.CHECKSUM:
fullPacket = true;
// Debug.Log(packet.data[0]);
//Debug.Log("OPTIONS :: " + packet.options);
state = (int)RXState.IDLE;
break;
case (int)RXState.UNKNOWN:
bytesRead++;
if(bytesRead == packet.length){
state = (int)RXState.IDLE;
bytesRead = 0;
}
break;
}
if(fullPacket) return true;
return false;
}
public void ConstructFrameWithSinglePresenceField()
{
RadioPacket p = new RadioPacket();
var expectedLength = 8;
Assert.AreEqual(expectedLength, p.Length);
FlagsRadioTapField flagsField = new FlagsRadioTapField();
flagsField.Flags |= RadioTapFlags.FcsIncludedInFrame;
flagsField.Flags |= RadioTapFlags.WepEncrypted;
p.Add(flagsField);
expectedLength += flagsField.Length;
Assert.AreEqual(expectedLength, p.Length);
//We will add the noise field before the signal field. This is not the order required
//for radiotap and so will test that the fields are correctly reordered when written
DbAntennaNoiseRadioTapField dbAntennaNoiseField = new DbAntennaNoiseRadioTapField();
dbAntennaNoiseField.AntennaNoisedB = 33;
p.Add(dbAntennaNoiseField);
expectedLength += dbAntennaNoiseField.Length;
Assert.AreEqual(expectedLength, p.Length);
DbAntennaSignalRadioTapField dbAntennaSignalField = new DbAntennaSignalRadioTapField();
dbAntennaSignalField.SignalStrengthdB = 44;
p.Add(dbAntennaSignalField);
expectedLength += dbAntennaSignalField.Length;
Assert.AreEqual(expectedLength, p.Length);
//we will just put a single byte of data because we dont want it to be parsed into
//an 802.11 frame in this test
p.PayloadData = new byte[]{0xFF};
var frameBytes = p.Bytes;
RadioPacket recreatedFrame = Packet.ParsePacket(LinkLayers.Ieee80211_Radio, frameBytes) as RadioPacket;
Assert.IsNotNull(p[RadioTapType.Flags]);
Assert.IsNotNull(p[RadioTapType.DbAntennaSignal]);
Assert.IsNotNull(p[RadioTapType.DbAntennaNoise]);
Assert.AreEqual(new byte[]{0xFF}, recreatedFrame.PayloadData);
}
