Wireless Security
removing PPI headers Sep 17 2009 09:07AM
Robin Wood (dninja gmail com) (3 replies)
Re: removing PPI headers Sep 18 2009 11:07AM
Joshua Wright (jwright hasborg com) (1 replies)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robin Wood wrote:
> I've got some pcap files from Kismet Newcore but can't do much with
> them because they have PPI headers. Wireshark will open them but
> tcpdump and ngrep both refuse. I tried to remove them with Josh's
> wlan2eth but that also refuses to work.

I've updated wlan2eth to handle PPI packet captures:

$ ./wlan2eth
wlan2eth 1.3 - Convert 802.11 captures into Ethernet format.
Questions/Comments/Concerns: jwright (at) willhackforsushi (dot) com [email concealed]

Usage: wlan2eth infile outfile

$ capinfos ~/for_josh.pcap
File name: /home/jwright/for_josh.pcap
File type: Wireshark/tcpdump/... - libpcap
File encapsulation: Per-Packet Information header
Number of packets: 9308
File size: 10224924 bytes
Data size: 10075972 bytes
Capture duration: 2314 seconds
Start time: Thu Sep 17 03:36:29 2009
End time: Thu Sep 17 04:15:03 2009
Data byte rate: 4353.47 bytes/sec
Data bit rate: 34827.75 bits/sec
Average packet size: 1082.51 bytes
Average packet rate: 4.02 packets/sec

$ ./wlan2eth ~/for_josh.pcap ~/for_josh_eth.pcap
Converted 9308 packets.

$ capinfos ~/for_josh_eth.pcap
File name: /home/jwright/for_josh_eth.pcap
File type: Wireshark/tcpdump/... - libpcap
File encapsulation: Ethernet
Number of packets: 9308
File size: 9740908 bytes
Data size: 9591956 bytes
Capture duration: 2314 seconds
Start time: Thu Sep 17 03:36:29 2009
End time: Thu Sep 17 04:15:03 2009
Data byte rate: 4144.34 bytes/sec
Data bit rate: 33154.74 bits/sec
Average packet size: 1030.51 bytes
Average packet rate: 4.02 packets/sec

$ tcpdump -r ~/for_josh_eth.pcap -c1 -n
reading from file /home/jwright/for_josh_eth.pcap, link-type EN10MB
(Ethernet)
03:36:29.389184 IP 128.10.252.9.80 > 192.168.1.200.4268: .
1913583455:1913584903(1448) ack 772896246 win 54

Grab the updated source at http://www.willhackforsushi.com/?page_id=79.

- -Josh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAkqzagAACgkQapC4Te3oxYwdKwCfVXkP4udLfNe2e/xeu+Lgeb/B
OQEAn3/NNbXxImTXWH1OMUikGIlNHVHE
=iw6Z
-----END PGP SIGNATURE-----

[ reply ]
Re: removing PPI headers Sep 18 2009 12:39PM
Robin Wood (dninja gmail com)
Re: removing PPI headers Sep 17 2009 01:18PM
Cedric Blancher (blancher cartel-securite fr)
Re: removing PPI headers Sep 17 2009 12:02PM
Joshua Wright (jwright hasborg com)


 

Privacy Statement
Copyright 2010, SecurityFocus