That is exactly what I want...the ability to replay the traffic over a
wired network to re-analyze the data stream with Cain, dsniff and other
similar tools. I can already view the traffic just fine and honestly,
I'm not sure if it's gonna be worth all the bother here...part of it is
that this has got to be possible...it seems like it should anyway;)

-----Original Message-----
From: Chris Eagle [mailto:cseagle (at) redshift (dot) com [email concealed]]
Sent: Tuesday, January 13, 2004 1:10 AM
To: Jerry Shenk; pen-test (at) securityfocus (dot) com [email concealed]
Subject: RE: Converting raw 802.11 (rfmon) capture file to standard
libpcap

Jerry Shenk wrote:
>
> By raw, I mean 802.11 rfmon - raw really isn't the right word. It's
> packets that are captured with a wireless care in monitor (or rfmon)
> mode. They have the 802.11 header included so tcpdump can't read
them.
> Neither can other utilities that I typically use to analyze sniffer
> files. I don't really need to analyze the packets themselves,
> ethereal/tehtereal works quite well for that. What I do want to do is
> load them into utilities that don't know what to do with the 802.11
> header.
>
I routinely use Ethereal to read/display packets in rfmon mode. It
decodes
packets just fine with or without prism headers. I don't think
tcpreplay
will handle 802.11 packets however. It sounds like you are looking for
a
tool that will instead rewrite each 802.11 packet as an Ethernet packet
by
building an Ethernet header from the 802.11 address fields and pasting
that
together with the encapsulated 802.2 data. Is that what you have in
mind?
Do you want to replay the packets over a wired network or over wireless?

Chris

------------------------------------------------------------------------
---
------------------------------------------------------------------------
----

[ reply ]