1 /* 2 This file is part of Kismet 3 4 Kismet is free software; you can redistribute it and/or modify 5 it under the terms of the GNU General Public License as published by 6 the Free Software Foundation; either version 2 of the License, or 7 (at your option) any later version. 8 9 Kismet is distributed in the hope that it will be useful, 10 but WITHOUT ANY WARRANTY; without even the implied warranty of 11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 GNU General Public License for more details. 13 14 You should have received a copy of the GNU General Public License 15 along with Kismet; if not, write to the Free Software 16 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 17 */ 18 19 #ifndef __PACKETSIGNATURES_H__ 20 #define __PACKETSIGNATURES_H__ 21 22 #include "config.h" 23 #ifdef HAVE_STDINT 24 #include <stdint.h> 25 #endif 26 #ifdef HAVE_INTTYPES_H 27 #include <inttypes.h> 28 #endif 29 30 const uint8_t LOR_MAC[] = {0x01, 0x00, 0x00, 0x00, 0x20, 0xF6}; 31 const uint8_t NUL_MAC[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; 32 const uint8_t NETS_MAC[] = {0x01, 0x60, 0x1d, 0x00, 0x01, 0x00}; 33 34 // LLC packets with control field U func UI (we handle a lot of things with these headers) 35 const uint8_t LLC_UI_SIGNATURE[] = {0xAA, 0xAA, 0x03}; 36 37 // Offset for the start of the LLC frame 38 const unsigned int LLC_OFFSET = 0; 39 40 // Offset for all LLC-fragment protocols 41 const unsigned int LLC_UI_OFFSET = 3; 42 43 // LLC packets that look like probe info (netstumbler and lucent) 44 const uint8_t PROBE_LLC_SIGNATURE[] = {0x00, 0x60, 0x1D}; 45 46 // "All" is all we need to match at this offset. We matched the LLC already so 47 // we can use a very small fragment 48 // This catches "All your 802.11b are belong to us" 49 const uint8_t NETSTUMBLER_323_SIGNATURE[] = {0x41, 0x6C, 0x6C}; 50 // "Flu" again is all we need to match at this offset. 51 // This catches "Flurble gronk bloopit, bnip Frundletrune" 52 const uint8_t NETSTUMBLER_322_SIGNATURE[] = {0x46, 0x6C, 0x75}; 53 // " " is the beginning of the .30 54 // " Intentionally blank" 55 const uint8_t NETSTUMBLER_330_SIGNATURE[] = {0x20, 0x20, 0x20}; 56 const uint8_t NETSTUMBLER_OFFSET = 12; 57 58 // Lucent link test signatures 59 const uint8_t LUCENT_TEST_SIGNATURE[] = {0x00, 0x01, 0x02, 0x03}; 60 const uint8_t LUCENT_OFFSET = 12; 61 62 const uint8_t CISCO_SIGNATURE[] = {0x00, 0x00, 0x0C, 0x20, 0x00}; 63 const unsigned int CDP_ELEMENT_LEN = 5; 64 65 const uint8_t FORTRESS_SIGNATURE[] = {0x00, 0x00, 0x00, 0x88, 0x95}; 66 67 // WPA/WPA2 identifiers 68 const uint8_t WPA_OUI[] = {0x00, 0x50, 0xF2}; 69 const uint8_t RSN_OUI[] = {0x00, 0x0F, 0xAC}; 70 71 // WPS identifier 72 const uint8_t WPS_SIG[] = {0x00, 0x50, 0xF2, 0x04}; 73 74 const uint8_t DOT1X_PROTO[] = {0x88, 0x8e}; 75 const uint8_t DOT1X_OFFSET = LLC_UI_OFFSET + 5; 76 const uint8_t DOT1X_HEADER_SIZE = 4; 77 78 const uint8_t EAP_OFFSET = 4; 79 const uint8_t EAP_PACKET_SIZE = 5; 80 81 const uint8_t EAP_CODE_REQUEST = 1; 82 const uint8_t EAP_CODE_RESPONSE = 2; 83 const uint8_t EAP_CODE_SUCCESS = 3; 84 const uint8_t EAP_CODE_FAILURE = 4; 85 const uint8_t EAP_TYPE_TLS = 13; 86 const uint8_t EAP_TYPE_LEAP = 17; 87 const uint8_t EAP_TYPE_TTLS = 21; 88 const uint8_t EAP_TYPE_PEAP = 25; 89 90 91 const uint8_t ARP_SIGNATURE[] = {0x08, 0x06}; 92 const unsigned int ARP_OFFSET = 6; 93 const uint8_t ARP_PACKET_SIZE = 30; 94 95 const uint8_t DHCPD_SIGNATURE[] = {0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x43, 0x00, 0x44}; 96 const unsigned int DHCPD_OFFSET = 24; 97 98 const unsigned int IP_OFFSET = 17; 99 const uint8_t IP_HEADER_SIZE = 11; 100 101 const uint8_t UDP_SIGNATURE[] = {0x11}; 102 const unsigned int UDP_OFFSET = 28; 103 104 const uint8_t TCP_SIGNATURE[] = {0x06}; 105 const unsigned int TCP_OFFSET = 28; 106 const unsigned int TCP_HEADER_SIZE = 11; 107 108 const uint8_t NETBIOS_TCP_OFFSET = 204; 109 const uint8_t NETBIOS_OFFSET = 133; 110 111 // netbios LLC signature 112 const uint8_t NETBIOS_SIGNATURE[] = {0xF0, 0xF0, 0x03}; 113 114 // IPX LLC signature 115 const uint8_t IPX_SIGNATURE[] = {0xE0, 0xE0, 0x03}; 116 117 // IAPP 118 const unsigned int IAPP_OFFSET = 36; 119 const uint8_t IAPP_HEADER_SIZE = 2; 120 const uint8_t IAPP_PDUHEADER_SIZE = 3; 121 122 const uint16_t IAPP_PORT = 2313; 123 124 const uint16_t ISAKMP_PORT = 500; 125 const uint8_t ISAKMP_OFFSET = UDP_OFFSET + 8; 126 const unsigned int ISAKMP_PACKET_SIZE = 14; 127 const uint8_t ISAKMP_EXCH_NONE = 0; 128 const uint8_t ISAKMP_EXCH_BASE = 1; 129 const uint8_t ISAKMP_EXCH_IDPROT = 2; 130 const uint8_t ISAKMP_EXCH_AUTHONLY = 3; 131 const uint8_t ISAKMP_EXCH_AGGRESS = 4; 132 const uint8_t ISAKMP_EXCH_INFORM = 5; 133 const uint8_t ISAKMP_EXCH_TRANS = 6; 134 const uint8_t ISAKMP_EXCH_QUICK = 32; 135 const uint8_t ISAKMP_EXCH_NEWGRP = 33; 136 137 // PPTP 138 const uint16_t PPTP_PORT = 1723; 139 140 const mac_addr msfopcode_mac = mac_addr("90:E9:75:00:00:00/FF:FF:FF:00:00:00"); 141 142 #endif 143