From: Matthew C. <ma...@ei...> - 2005-01-09 22:31:00
|
Please try these tools out if you're interested. Let me know if they are helpful or need work. I'll comment back to the author. They are as follows (taken from the in-code comments): tcpdump-fuse.pl v1.0-- This program joins 2 or more TCPDUMP captures into one capture file. The key lesson in this program is that each TCPDUMP files has a 24 byte header at the beginning of the file. This program strips and sticks all files except the first one. Not Rocket Science One practical use of this is in wireless audits. If you have several different Kismet sessions, there may be enough packets collectively to break the encryption but not individually. AirSnort handles multiple input capture files. AirCrack and many others do not. Possibly beneficial when used in conjunction with "bssid-flatten.pl" to "flatten" multiple APs' traffic into one for improved encryption breaking ############################################# bssid-flatten.pl v1.0 -- This tool is used to "flatten" multiple wireless accesspoints/BSSIDs into one unified BSSID: 11:11:11:11:11:11. This is useful for auditing larger wireless networks which may have many accesspoints with the same WEP key and overlapping coverage. "flattening" multiple accesspoints into one allows tools like aircrack and airsnort to crack the key faster by chewing on more packets I find bssid-flatten to be most useful when used in conjunction with Kismet (http://www.kismetwireless.net/) My personal Favorite use for this tool is as follows: $ grep 'somessid.*BSSID:' Kismet-Jan-06-2005-1.network |cut -d'"' -f4 \ |xargs bssid-flatten.pl -i Kismet-Jan-06-2005-1.dump -o testing.dump Change "somessid" to a particular SSID which lives on multiple accesspoints Or when used in conjunction with "tcpdump-fuse.pl": $ tcpdump-fuse.pl Kismet-*dump | bssid-flatten.pl -o testing-chain.dump \ `grep -i 'mfg.*BSSID:' Kismet*.network |cut -d'"' -f4` ############################################## |