Skip to content
This repository
Browse code

added basic 802.11 parse support

fixed errors with malformed packet handling
  • Loading branch information...
commit 3fcf40dc8c3862bada3e368ca4d6c5c7c237b196 1 parent ffce3b3
Joe Ferner joeferner authored

Showing 1 changed file with 83 additions and 1 deletion. Show diff stats Hide diff stats

  1. +83 1 pcap.js
84 pcap.js
@@ -139,6 +139,9 @@ var unpack = {
139 139 uint16: function (raw_packet, offset) {
140 140 return ((raw_packet[offset] * 256) + raw_packet[offset + 1]);
141 141 },
  142 + uint16_be: function (raw_packet, offset) {
  143 + return ((raw_packet[offset+1] * 256) + raw_packet[offset]);
  144 + },
142 145 uint32: function (raw_packet, offset) {
143 146 return (
144 147 (raw_packet[offset] * 16777216) +
@@ -197,6 +200,9 @@ decode.packet = function (raw_packet) {
197 200 case "LINKTYPE_RAW":
198 201 packet.link = decode.rawtype(raw_packet, 0);
199 202 break;
  203 + case "LINKTYPE_IEEE802_11_RADIO":
  204 + packet.link = decode.ieee802_11_radio(raw_packet, 0);
  205 + break;
200 206 default:
201 207 console.log("pcap.js: decode.packet() - Don't yet know how to decode link type " + raw_packet.pcap_header.link_type);
202 208 }
@@ -283,10 +289,77 @@ decode.ethernet = function (raw_packet, offset) {
283 289 return ret;
284 290 };
285 291
  292 +decode.ieee802_11_radio = function (raw_packet, offset) {
  293 + var ret = {};
  294 + var original_offset = offset;
  295 +
  296 + ret.headerRevision = raw_packet[offset++];
  297 + ret.headerPad = raw_packet[offset++];
  298 + ret.headerLength = unpack.uint16_be(raw_packet, offset); offset += 2;
  299 +
  300 + offset = original_offset + ret.headerLength;
  301 +
  302 + ret.ieee802_11Frame = decode.ieee802_11_frame(raw_packet, offset);
  303 +
  304 + if(ret.ieee802_11Frame && ret.ieee802_11Frame.llc && ret.ieee802_11Frame.llc.ip) {
  305 + ret.ip = ret.ieee802_11Frame.llc.ip;
  306 + delete ret.ieee802_11Frame.llc.ip;
  307 + }
  308 +
  309 + return ret;
  310 +};
  311 +
  312 +decode.ieee802_11_frame = function (raw_packet, offset) {
  313 + var ret = {};
  314 +
  315 + ret.frameControl = unpack.uint16_be(raw_packet, offset); offset += 2;
  316 + ret.type = (ret.frameControl >> 2) & 0x0003;
  317 + ret.subType = (ret.frameControl >> 4) & 0x000f;
  318 + ret.flags = (ret.frameControl >> 8) & 0xff;
  319 + ret.duration = unpack.uint16_be(raw_packet, offset); offset += 2;
  320 + ret.bssid = unpack.ethernet_addr(raw_packet, offset); offset += 6;
  321 + ret.shost = unpack.ethernet_addr(raw_packet, offset); offset += 6;
  322 + ret.dhost = unpack.ethernet_addr(raw_packet, offset); offset += 6;
  323 + ret.fragSeq = unpack.uint16_be(raw_packet, offset); offset += 2;
  324 +
  325 + switch(ret.subType) {
  326 + case 8: // QoS Data
  327 + ret.qosPriority = raw_packet[offset++];
  328 + ret.txop = raw_packet[offset++];
  329 + break;
  330 + }
  331 +
  332 + ret.llc = decode.logicalLinkControl(raw_packet, offset);
  333 +
  334 + return ret;
  335 +};
  336 +
  337 +decode.logicalLinkControl = function (raw_packet, offset) {
  338 + var ret = {};
  339 +
  340 + ret.dsap = raw_packet[offset++];
  341 + ret.ssap = raw_packet[offset++];
  342 + ret.controlField = raw_packet[offset++];
  343 + ret.orgCode = [
  344 + raw_packet[offset++],
  345 + raw_packet[offset++],
  346 + raw_packet[offset++]
  347 + ];
  348 + ret.type = unpack.uint16(raw_packet, offset); offset += 2;
  349 +
  350 + switch(ret.type) {
  351 + case 0x0800: // ip
  352 + ret.ip = decode.ip(raw_packet, offset);
  353 + break;
  354 + }
  355 +
  356 + return ret;
  357 +}
  358 +
286 359 decode.vlan = function (raw_packet, offset) {
287 360 var ret = {};
288 361
289   - http://en.wikipedia.org/wiki/IEEE_802.1Q
  362 + // http://en.wikipedia.org/wiki/IEEE_802.1Q
290 363 ret.priority = (raw_packet[offset] & 0xE0) >> 5;
291 364 ret.canonical_format = (raw_packet[offset] & 0x10) >> 4;
292 365 ret.id = ((raw_packet[offset] & 0x0F) << 8) | raw_packet[offset + 1];
@@ -887,12 +960,21 @@ decode.dns = function (raw_packet, offset) {
887 960 }
888 961
889 962 ret.answer = [];
  963 + if(ret.header.ancount > 100) {
  964 + throw new Error("Malformed DNS record. Too many answers.");
  965 + }
890 966 internal_offset = dns_util.decodeRRs(raw_packet, offset, internal_offset, ret.header.ancount, ret.answer);
891 967
892 968 ret.authority = [];
  969 + if(ret.header.ancount > 100) {
  970 + throw new Error("Malformed DNS record. Too many authorities.");
  971 + }
893 972 internal_offset = dns_util.decodeRRs(raw_packet, offset, internal_offset, ret.header.nscount, ret.authority);
894 973
895 974 ret.additional = [];
  975 + if(ret.header.ancount > 100) {
  976 + throw new Error("Malformed DNS record. Too many additional.");
  977 + }
896 978 internal_offset = dns_util.decodeRRs(raw_packet, offset, internal_offset, ret.header.arcount, ret.additional);
897 979
898 980 return ret;

0 comments on commit 3fcf40d

Please sign in to comment.
Something went wrong with that request. Please try again.