sqlite und andere Problemchen

lano

Aktives Mitglied
Moin.

Ich probiere mittels pcap die Management Frames vom Monitor in ne Datenbank zu bekommen.
Nu wollt ich die Einträge die schon existieren überspringen. Dazu wollt ich einfach per select gucken ob was gefunden wurde.
Aber irgendwie komm ich damit nicht zu rande.
Weiteres Problem ist das ich an die SSID zb von den Beacon Frames kommen will und nicht weis ob das jetzt so clever gelöst ist.

Ich kopier hier ma den ganzen Code rein.

Insgesamt geht es sich darum das ich alle Informationen sammeln will und die dann so verknüpfen das ic sagen kann welche clients sich an welchem accesspoint angemeldet sind, bzw daten tauschen und über die probe requests welcher client welche anderen accesspoints kennt.


pcap.c:
#include <netinet/in.h>
#include <pcap.h>
#include <signal.h>
#include <sqlite3.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>

#include "version.h"
#define SNAP_LEN 65535

struct radiotap_header { //only first few bytes
  uint8_t it_rev;
  uint8_t it_pad;
  uint16_t it_len;
};

/* Global Variables */
pcap_t *capturehandle;   /* packet capture handle */
struct bpf_program fp;   /* compiled filter program (expression) */
pcap_dumper_t *pcapfile; /* output file */
pcap_t *filehandle;      /* output file handle */
char *filename = NULL;   /* output file name */
//struct bsslist *blist = NULL; /* list of beacons */
int pcaptype = -1;
int beacons = 0;
int eapols = 0;
int data = 0;
int probereq = 0;
int proberes = 0;
int nullp = 0;
int ack = 0;
int qosdata = 0;
int cts = 0;
int rts = 0;

int areq = 0;
int ares = 0;
int auth = 0;
int qosnull = 0;

sqlite3 *db;

/**
 * Returns the current time in microseconds.
 */
long getMicrotime() {
  //    long m ;
  struct timeval currentTime;
  gettimeofday(&currentTime, NULL);
  //    m = currentTime.tv_sec * (int)1e6 + currentTime.tv_usec;
  //printf("current time :: %ld\n", m);
  return currentTime.tv_sec * (int)1e6 + currentTime.tv_usec;
}

void terminate_process(int signum) {
  printf("\nCapture complete.\n\n \
    Other packets: %d\n \
    Beacon packets: %d \n \
    Data packets: %d \n \
    Qos data packets: %d \n \
    Qos NULL data packets: %d \n \
    NULL packets: %d \n \
    CTS packets: %d \n \
    RTS packets: %d \n \
    ACK packets: %d \n \
    Probe Req. packets: %d\n \
    Probe Res. packets: %d\n \
    Association Req: %d \n \
    Association Response: %d \n \
    Authentication: %d \n\n\n",
         eapols, beacons, data, qosdata, qosnull, nullp, cts, rts, ack, probereq, proberes, areq, ares, auth);

  pcap_breakloop(capturehandle);
  pcap_close(capturehandle);
  pcap_freecode(&fp);
  //    pcap_dump_close(pcapfile);
  pcap_close(filehandle);
  //free_bsslist(blist);

  exit(signum);
}

int mac_exist(const u_char *bssid) {
  int rc;
  char *err_msg = 0;

  char s[19] = "";
  sprintf(s, "%02X:%02X:%02X:%02X:%02X:%02X", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);

  char *sql = sqlite3_mprintf("INSERT INTO AP VALUES ('%q','%q');", s, ssid);

  rc = sqlite3_exec(db, sql, 0, 0, &err_msg);

  if (rc != SQLITE_OK) {
    printf("SQL error: %s\n", err_msg);
    printf("sql: %s\n", sql);
    sqlite3_free(err_msg);
    sqlite3_close(db);
    return 1;
  }

  return 0;
}

int save_device(const u_char *bssid) {
  int rc;
  char *err_msg = 0;

  char s[19] = "";
  sprintf(s, "%02X:%02X:%02X:%02X:%02X:%02X", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);

  char *sql = sqlite3_mprintf("INSERT INTO Devices VALUES ('%q');", s);

  rc = sqlite3_exec(db, sql, 0, 0, &err_msg);

  if (rc != SQLITE_OK) {
    printf("SQL error: %s\n", err_msg);
    printf("sql: %s\n", sql);
    sqlite3_free(err_msg);
    sqlite3_close(db);
    return 1;
  }

  return 0;
}

int save_ap(const u_char *bssid, char *ssid) {
  int rc;
  char *err_msg = 0;

  char s[19] = "";
  sprintf(s, "%02X:%02X:%02X:%02X:%02X:%02X", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);

  char *sql = sqlite3_mprintf("INSERT INTO AP VALUES ('%q','%q');", s, ssid);

  rc = sqlite3_exec(db, sql, 0, 0, &err_msg);

  if (rc != SQLITE_OK) {
    printf("SQL error: %s\n", err_msg);
    printf("sql: %s\n", sql);
    sqlite3_free(err_msg);
    sqlite3_close(db);
    return 1;
  }

  return 0;
}

void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet) {

  const u_char *bssid;
  //const u_char *ssid;
  //u_char ssid_tag;
  //u_char ssid_len;

  int offset = 0;
  struct radiotap_header *rtaphdr;

  /* determine offset based on link type*/
  switch (pcaptype) {
  case DLT_PRISM_HEADER:
    offset = 144;
    break;
  case DLT_IEEE802_11:
    offset = 0;
    break;
  case DLT_IEEE802_11_RADIO:
    rtaphdr = (struct radiotap_header *)packet;
    offset = rtaphdr->it_len;

    //----------------------------------------Printing RSSI channel and data radio, basically parsing radiotap header
    // These are placeholders for offset values:
    //          const u_char *bssid; // a place to put our BSSID these are bytes
    const u_char *essid; // a place to put our ESSID from the packet
                         //            const u_char *essidLen;
                         //            const u_char *channel; // the frequency (in Mhz) of the AP Radio
                         //            const u_char *rssi; // received signal strength
                         //            const u_char *data_rate; // received signal strength

    //  int offset = 0;

    offset = rtaphdr->it_len; // 26 bytes on my machine

    bssid = packet + 42;
    essid = packet + 64;
    //            essidLen = packet + 63;
    //            rssi = packet + 34;
    //            signed int rssiDbm = rssi[0] - 256;
    //            data_rate = packet + 25;
    //            channel = packet + 26;
    //            int channelFreq = channel[1] * 256 + channel[0];
    //char *ssid = malloc(63);
    //            unsigned int i = 0;
    //            int dataratedec = data_rate[0];
    //ssid[i] = '\0'; // terminate the string
    //            fprintf(stdout,"SSID: %s ",ssid);
    //            fprintf(stdout,"RSSI: %d dBm",rssiDbm);
    //            fprintf(stdout,"    AP Frequency: %iMhz",channelFreq);
    //            fprintf(stdout,"    Data RAte: % Mbps\n", dataratedec/2);

    //-------------parsing radiotap header end
    break;
  default:
    fprintf(stderr, "Error: Unrecognized data link type: %d\n", pcaptype);
    return;
  }

  /*
    SA(Source Address): Source of the data (MSDU)  --> STA1
    TA(Transmitter Address) : STA that transmitted the frame --> STA1, AP1, AP2
    RA(Receiver Address) : Immediate recipient of the frame --> AP1, AP2, STA2
    DA(Destination Address) : Final recipient of the data (MSDU) --> STA2
    BSSID (Basic Service Set IDentifier) : Unique identifier of the BSS, e.g,
        the MAC address of the AP in an infrastructure network --> AP1, AP2
*/

  const u_char *sa; // Source Address
  const u_char *da; // Destination Address

  const u_char *ssid_tag;
  const u_char *ssid_len;
  char ssid[64] = {"\0"};

  if ((packet[offset] == 0x80)) { // beacon frame

    da = packet + offset + 4;     // destination address
    sa = packet + offset + 10;    // source address
    bssid = packet + offset + 16; // bssid

    ssid_tag = packet + offset + 36;
    ssid_len = packet + offset + 37;

    //wlan tag nummer = byte 62 - 26

    printf(" * Beacon captured from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
    //Save device
    // Source Address known
    // probaly station

    printf("ssid_tag: %02X\n", ssid_tag[0]);
    printf("ssid_len: %d\n", ssid_len[0]);
    strncpy(ssid, packet + offset + 38, *ssid_len);

    printf("ssid: %s\n", ssid);

    //save_device(bssid);
    save_ap(bssid, ssid);
    beacons++;

  }

  else if ((packet[offset] == 0x00)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * Association Request Captured from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
  } else if ((packet[offset] == 0x10)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * Association Respose captured from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
  } else if ((packet[offset] == 0xB0)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * Authentication Packet captured from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
  } else if ((packet[offset] == 0xC0)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * Deauthentications Packet captured from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
  } else if ((packet[offset] == 0x08)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * Disassociation Packet captured from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
  } else if ((packet[offset] == 0x30)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * Resssociation Response Packet captured from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
  } else if ((packet[offset] == 0x20)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * Resssociation Requests Packet captured from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
  }

  else if ((packet[offset] == 0x54)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * VHT/HE NDP Announcment captured from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
    // Save device
    // Soucre addres known
    // Receiveraddress known
    // probaly connection
  } else if ((packet[offset] == 0xD0)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * Action captured from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
    // Save device
    // Soucre addres known
    // Receiveraddress known
    // probaly connection
  } else if ((packet[offset] == 0xA4)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * Power-Save poll from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
    // Save device
    // Soucre addres known
    // Receiveraddress known
    // probaly connection
  } else if ((packet[offset] == 0xA8)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * QoS Data + CF-Poll from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
    // Save device
    // Soucre addres known
    // Receiveraddress known
    // probaly connection
  }

  else if ((packet[offset] == 0x08)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * Data Packet captured from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
  } else if ((packet[offset] == 0x40)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * Probe Request captured from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
    // Save device
    // Source address known
    // probaly client
  } else if ((packet[offset] == 0x50)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * Probe Response captured from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
    // Save device
    // Sorce address known
    // probaly STA

  } else if ((packet[offset] == 0x48)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * Null Packet captured from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
    // save device
    // source + destination address

  } else if ((packet[offset] == 0xd4)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * ACK captured from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
    // Save device
    // Receiveraddress known

  } else if ((packet[offset] == 0x88)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * QoS Data Packet captured from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
  } else if ((packet[offset] == 0xc4)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * CTS captured from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
    // Save device
    // Receiveraddress known

  } else if ((packet[offset] == 0xb4)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * RTS captured from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
    // Save Devie
    // Source addres known
    // probaly connection

  } else if ((packet[offset] == 0x08)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * Data Packet captured from: (%02X:%02X:%02X:%02X:%02X:%02X) to:()\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
  } else if ((packet[offset] == 0xC8)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * QoS NULL Packet captured from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
  }

  else if ((packet[offset] == 0xE4)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * CF-End captured from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
  }

  else if ((packet[offset] == 0x94)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * 802.11 Block ACK from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
  }

  else if ((packet[offset] == 0x84)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * 802.11 Block ACK Reqest from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
  }

  else if ((packet[offset] == 0xA0)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * Disassociate from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
  }

  else if ((packet[offset] == 0xE0)) {
    bssid = packet + offset + 10; //remeber to tally the offset.
                                  //        da = packet + offset + 4; // destination address
                                  //        sa = packet + offset + 10; // source address
                                  //        bssid = packet + offset + 16; // bssid

    printf(" * Action No Ack from: (%02X:%02X:%02X:%02X:%02X:%02X)\n", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);
  }

  else { // eapol, multiple can be stored. Might be useful if channel hoping

    printf(" * Unknown paket captured - Subtype : %X\n", packet[offset]);

    //bssid = packet + offset + 4;
    //printf(" * Type: Unknown- packet captured (%02X:%02X:%02X:%02X:%02X:%02X -> %02X:%02X:%02X:%02X:%02X:%02X)\n"),
    //            bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5],
    //            bssid[6], bssid[7], bssid[8], bssid[9], bssid[10], bssid[11] );
  }

  return;
}

int main(int argc, char **argv) {

  char *dev = NULL;              /* capture device name */
  char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */
  //char filter_exp[1000] = "(type data) or (subtype beacon) or (subtype probe-req)";//" or (ether proto 0x888e) or ip";  /* default filter expression - only get beacon and handshakes */
  char filter_exp[1000] = ""; //" or (ether proto 0x888e) or ip";  /* default filter expression - only get beacon and handshakes */
  char *filename = NULL;      /* output file name */

  int runl = 0;

  // sql
  int rc = sqlite3_open("data.db", &db);
  if (rc != SQLITE_OK) {
    fprintf(stderr, "Cannot open database: %s\n", sqlite3_errmsg(db));
    sqlite3_close(db);
    return 1;
  }
  // ende sql

  printf("-------------------------------------------------------------------------------------------------------------- \n");
  printf("Wifi Paket Analyser for SZdox %s\n", VERSION);
  printf("-------------------------------------------------------------------------------------------------------------- \n\n\n");
  printf("Activate Monitor Mode: \n");
  printf("airmon-ng start wlp1s0 \n");
  printf("airdump-ng wlp1s0mon \n");
  printf("airmon-ng stop wlp1s0mon \n");
  printf("-------------------------------------------------------------------------------------------------------------- \n");

  printf("sqlite version: %s\n", sqlite3_libversion());

  /* check for capture device name on command-line */
  if (argc >= 1) {
    int i;
    //            char s[2];
    //            dev = argv[1];
    filename = "Logs/log.pcap"; // default output name

    for (i = 1; i < argc; i++) {

      if (strcmp(argv[i], "-o") == 0 && argv[i + 1]) {
        filename = argv[++i];
        printf("Device: %s\n", filename);
        runl = 1;
      } else if (strcmp(argv[i], "-f") == 0 && argv[i + 1]) {
        strcpy(filter_exp, argv[++i]);
        printf("Filter Expression = %s \n", filter_exp);
      } else {
        fprintf(stderr, "Error: unrecognized command-line options\n\n");
        //                exit(EXIT_FAILURE);
      }
    }
  } else {
    fprintf(stderr, "Error: unrecognized command-line options\n\n");
    exit(EXIT_FAILURE);
  }

  printf("Capture filter: %s\n", filter_exp);

  /* open capture device */

  if (runl == 0) {
    capturehandle = pcap_open_offline(filename, errbuf);
  } else {
    /* open capture device */
    if ((capturehandle = pcap_open_live(filename, SNAP_LEN, 1, -1, errbuf)) == NULL) {
      fprintf(stderr, "\nError: unable to open device %s: %s\n", filename, errbuf);
      exit(EXIT_FAILURE);
    }
  }
  /* determine link type */
  pcaptype = pcap_datalink(capturehandle);

  /* make sure we're capturing on an wireless device */
  if (pcaptype == DLT_IEEE802_11) {
    printf("Data Link Type: DLT_IEEE802_11\n");
    filehandle = pcap_open_dead(DLT_IEEE802_11, BUFSIZ);
  } else if (pcaptype == DLT_PRISM_HEADER) {
    printf("Data Link Type: DLT_PRISM_HEADER (Experimental - not tested!)\n");
    filehandle = pcap_open_dead(DLT_PRISM_HEADER, BUFSIZ);
  } else if (pcaptype == DLT_IEEE802_11_RADIO) {
    printf("Data Link Type: DLT_IEEE802_11_RADIO\n");
    filehandle = pcap_open_dead(DLT_IEEE802_11_RADIO, BUFSIZ);
  } else {
    fprintf(stderr, "\nError: %s is not a supported wireless device.\n", dev);
    exit(EXIT_FAILURE);
  }
  printf("-------------------------------------------------------------------------------------------------------------- \n\n\n");
  printf("\n");

  /* compile the filter expression */
  if (pcap_compile(capturehandle, &fp, filter_exp, 0, 0) == -1) {
    fprintf(stderr, "Error: unable to parse filter %s: %s\n", filter_exp, pcap_geterr(capturehandle));
    exit(EXIT_FAILURE);
  }

  /* apply the compiled filter */
  if (pcap_setfilter(capturehandle, &fp) == -1) {
    fprintf(stderr, "Error: unable to install filter %s: %s\n", filter_exp, pcap_geterr(capturehandle));
    exit(EXIT_FAILURE);
  }

  /* sniff until user terminates */
  signal(SIGINT, terminate_process);

  printf("Sniffing in progress...\n");

  /* start sniffing */
  pcap_loop(capturehandle, -1, got_packet, NULL);

  sqlite3_close(db);

  return EXIT_SUCCESS;
}
 

Mat

Aktives Mitglied
Keine Ahnung.. nur ein paar Überlegungen:

Nicht getestet..aber beim Einfügen könntest du jedes Mal eine "WHERE NOT EXISTS"-Bedingung mitgeben oder direkt immer UPDATE machen.

Das mit den Beacons sieht OK aus mit passiver Erfassung (ohne jetzt die API und technischen Details zu kennen). Ich würde die Offsets allgemein vielleicht noch als Konstanten abspeichern, damit der Code leichter zu lesen ist (OFFSET_ACK, OFFSET_BEACON, usw).
 

lano

Aktives Mitglied
"WHERE NOT EXISTS"-Bedingung

Da hab ich grad keine Vorstellung wie das geht.

immer UPDATE machen.
Dann schreib ich ja immer in die db.

Ich würde die Offsets allgemein vielleicht noch als Konstanten abspeichern, damit der Code leichter zu lesen ist
Ja, das kommt noch. ich muss die nur erst mal alle finden.


ich hab das jetzt mal ausgelagert. funktionieren tut das trotzdem nicht. ich hab keine ahnung wie so.

dbhelper.c:
#include <sqlite3.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include "dbhelper.h"

sqlite3 *db;

int beacon_exist(char *bssid, char *ssid) {
  int rc;
  char *err_msg = 0;
  sqlite3_stmt *stmt;

  printf("beacon exist\n");

  char s[19] = {'\0'};
  sprintf(s, "%02X:%02X:%02X:%02X:%02X:%02X", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);

  char *sql = sqlite3_mprintf("SELECT MAC FROM Beacon WHERE MAC Like \"%q\" AND SSID Like \"%q\";", s, ssid);
  printf("SQL: %s\n", sql);

  rc = sqlite3_prepare_v2(db, sql, -1, &stmt, 0);

  if (rc != SQLITE_OK) {
    fprintf(stderr, "Failed to fetch data: %s\n", sqlite3_errmsg(db));
    sqlite3_close(db);
    return -1;
  }

  rc = sqlite3_step(stmt);

  if (rc == SQLITE_ROW) {
    printf("%s\n", sqlite3_column_text(stmt, 0));
    return 1;
  } else {
    return 0;
  }

  return -1;
}

int save_beacon(const u_char *bssid, char *ssid) {
  int rc;
  char *err_msg = 0;

  printf("save beacon\n");

  char s[19] = {'\0'};
  sprintf(s, "%02X:%02X:%02X:%02X:%02X:%02X", bssid[0], bssid[1], bssid[2], bssid[3], bssid[4], bssid[5]);

  char *sql = sqlite3_mprintf("INSERT INTO Beacon VALUES ('%q','%q');", s, ssid);

  printf("SQL: %s\n", sql);

  if (beacon_exist(s, ssid) == 0) {
    rc = sqlite3_exec(db, sql, 0, 0, &err_msg);
    printf("insert \n");
    if (rc != SQLITE_OK) {
      printf("SQL error: %s\n", err_msg);
      printf("sql: %s\n", sql);
      sqlite3_free(err_msg);
      sqlite3_close(db);
      return 1;
    }
  }

  return 0;
}

dbhelper.h:
/** @file dbhelper.h
 *
 * @brief A description of the module’s purpose.
 *
 * @par
 * COPYRIGHT NOTICE: (c) 2020 Sven Mönnich.  All rights reserved.
 */

#ifndef DBHELPER_H
#define DBHELPER_H

#include <sqlite3.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

extern sqlite3 *db;

int beacon_exist(char *bssid, char *ssid);

extern int save_beacon(const u_char *bssid, char *ssid);

#endif /* DBHELPER_H */

/*** end of file ***/
 

lano

Aktives Mitglied
Ich glaub das Problem hat sich gelöst. Kuddelmuddel mit der blöden Mac. Und der Umstand das nen Char ja auch nur ne Zahl ist...
 
Oben Unten