WepLab vs. Link Layer

huku
2008-07-26
2013-04-23
  • huku
    huku
    2008-07-26

    Hola,

    I noticed that when running WepLab on OpenBSD, although ifconfig reports a media of 802.11, I get a link layer type of EN10MB. As a result, no packets are captured. This behavior was also confirmed on MacOSX by a friend of mine. I have attached a patch for WepLab 0.1.5 which will fix this little problem. When applied, it will produce the following output:

    # ./weplab -c packets.pcap -i rum0
    weplab - Wep Key Cracker Wep Key Cracker (v0.1.5).
    Jose Ignacio Sanchez Martin - Topo[LB] <topolb@users.sourceforge.net>

    Incompatible datalink type. Trying to correct it...
    Ok corrected. Datalink set to IEEE802_11

    Packet capture started! Please hit enter to get statistics.

    => Press 'q' to stop sniffing

    So here it is...

    diff -Nur weplab-0.1.5/capture.c weplab-0.1.5-patch/capture.c
    --- weplab-0.1.5/capture.c      Thu Mar  3 22:45:37 2005
    +++ weplab-0.1.5-patch/capture.c        Wed Jul 23 14:03:53 2008
    @@ -114,6 +114,7 @@
            pcap_t *handle;  
            pid_t mpid;
            pcap_dumper_t *dumpfile;
    +        int *list, i, dl, ret;

            capturedWeakPacketsTable=malloc(HUGE_MEM_WEAKPACKETS_SIZE);
            if (!capturedWeakPacketsTable) {
    @@ -134,8 +135,45 @@
       }

            if (pcap_datalink(handle)!=DLT_IEEE802_11 && pcap_datalink(handle)!=DLT_PRISM_HEADER){
    -               printf("ERROR: datalink type is not DLT_IEEE802.11 or PRISM_HEADER. Maybe you need to configure monitor mode in your wireless card\n");
    -               exit(1);
    +               printf("Incompatible datalink type. Trying to correct it...\n");
    +
    +               /* Fetch the suported datalink types for this interface. */
    +               if((ret = pcap_list_datalinks(handle, &list)) < 0) {
    +                       pcap_perror(handle, "pcap_list_datalinks()");
    +                       pcap_close(handle);
    +                       exit(1);
    +               }
    +
    +               /* Decide what kind of datalink we need. */
    +               if(global_v.prismHeaderPresent)
    +                       dl = DLT_PRISM_HEADER;
    +               else
    +                       dl = DLT_IEEE802_11;
    +
    +               /* Loop through the list of available datalink types and
    +                * search for the needed type. If it's there then try to
    +                * set it. If not, then probably this is not a WiFi adapter!
    +                */
    +               for(i = 0; i < ret; i++) {
    +                       if(list[i] == dl) {
    +                               if((pcap_set_datalink(handle, dl)) < 0) {
    +                                       pcap_perror(handle, "pcap_set_datalink()");
    +                                       pcap_close(handle);
    +                                       exit(1);
    +                               }
    +                               break;
    +                       }
    +               }
    +
    +               /* Verify everything is ok. */
    +               if(pcap_datalink(handle) != dl) {
    +                       printf("ERROR: datalink type is not DLT_IEEE802.11 or PRISM_HEADER. Maybe you need to configure "
    +                               "monitor mode in your wireless card or maybe this interface is not a wireless card!\n");
    +                       pcap_close(handle);
    +                       exit(1);
    +               }
    +
    +               printf("Ok corrected. Datalink set to %s\n", pcap_datalink_val_to_name(dl));
            }
           
            if (pcap_datalink(handle)==DLT_PRISM_HEADER){

    Regards
    ./hk