Menu
▾
▴
[Airsnort-user] RE: [KISMET] Couple tools to assist with WEP cracking
|
From: Rager, A. \(Anton\) <ar...@av...> - 2005-01-10 15:28:45
|
It's part of the command-line tools that come with Ethereal along with its brother editcap. Editcap is a good way to translate between capture types and DLT types. I seem to remember that it will even strip prism2 headers and create raw 802.11 frames, but I could be mistaken. If you have Ethereal, you should also have editcap, mergecap and tethereal (TCPdump on steroids) command-line tools. mergecap is quite powerful and even does a great job of interleaving packets from two captures to keep the timestamps correct (vs just concatenating the capture files). Lots of other good options as well. I tend to use it to take multiple Kismet/tcpdump captures and merge them into a single pcap file for postanalysis and wepcracking stuff. Regards, Anton Rager -----Original Message----- From: Matthew Carpenter [mailto:ma...@ei...]=20 Sent: Monday, January 10, 2005 8:04 AM To: snax Cc: wir...@ki...; Air...@li... Subject: Re: [KISMET] Couple tools to assist with WEP cracking By golly is sounds like it. Thanks for pointing that out. I haven't seen=20 that tool before. On Monday 10 January 2005 12:20 am, snax wrote: > Matthew Carpenter wrote: > > Please try these tools out if you're interested. Let me know if they > > are > > > helpful or need work. I'll comment back to the author. > > > > They are as follows (taken from the in-code comments): > > > > tcpdump-fuse.pl v1.0-- > > This program joins 2 or more TCPDUMP captures into one capture file. > > The key lesson in this program is that each TCPDUMP files has a 24 > > byte header at the beginning of the file. > > This program strips and sticks all files except the first one. > > Not Rocket Science > > Is this any different than mergecap included with ethereal? From the > man page: > > MERGECAP(1) The Ethereal Network Analyzer MERGECAP(1) > > NAME > mergecap - Merges two capture files into one > > SYNOPSYS > mergecap [ -hva ] [ -s snaplen ] [ -F file format ] > [ -T encapsulation type ] > -w outfile - infile ... > > DESCRIPTION > Mergecap is a program that combines multiple saved capture files into > a single output file specified by the -w argument. Mergecap knows how > to read libpcap capture files, including those of tcpdump, Ethereal, and > other tools that write captures in that format. |