Wireless Security
removing PPI headers Sep 17 2009 09:07AM
Robin Wood (dninja gmail com) (3 replies)
Re: removing PPI headers Sep 18 2009 11:07AM
Joshua Wright (jwright hasborg com) (1 replies)
Re: removing PPI headers Sep 18 2009 12:39PM
Robin Wood (dninja gmail com)
2009/9/18 Joshua Wright <jwright (at) hasborg (dot) com [email concealed]>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Robin Wood wrote:
>> I've got some pcap files from Kismet Newcore but can't do much with
>> them because they have PPI headers. Wireshark will open them but
>> tcpdump and ngrep both refuse. I tried to remove them with Josh's
>> wlan2eth but that also refuses to work.
>
> I've updated wlan2eth to handle PPI packet captures:
>
> $ ./wlan2eth
> wlan2eth 1.3 - Convert 802.11 captures into Ethernet format.
> Questions/Comments/Concerns: jwright (at) willhackforsushi (dot) com [email concealed]
>
> Usage: wlan2eth infile outfile
>
> $ capinfos ~/for_josh.pcap
> File name:           /home/jwright/for_josh.pcap
> File type:           Wireshark/tcpdump/... - libpcap
> File encapsulation:  Per-Packet Information header
> Number of packets:   9308
> File size:           10224924 bytes
> Data size:           10075972 bytes
> Capture duration:    2314 seconds
> Start time:          Thu Sep 17 03:36:29 2009
> End time:            Thu Sep 17 04:15:03 2009
> Data byte rate:      4353.47 bytes/sec
> Data bit rate:       34827.75 bits/sec
> Average packet size: 1082.51 bytes
> Average packet rate: 4.02 packets/sec
>
> $ ./wlan2eth ~/for_josh.pcap ~/for_josh_eth.pcap
> Converted 9308 packets.
>
> $ capinfos ~/for_josh_eth.pcap
> File name:           /home/jwright/for_josh_eth.pcap
> File type:           Wireshark/tcpdump/... - libpcap
> File encapsulation:  Ethernet
> Number of packets:   9308
> File size:           9740908 bytes
> Data size:           9591956 bytes
> Capture duration:    2314 seconds
> Start time:          Thu Sep 17 03:36:29 2009
> End time:            Thu Sep 17 04:15:03 2009
> Data byte rate:      4144.34 bytes/sec
> Data bit rate:       33154.74 bits/sec
> Average packet size: 1030.51 bytes
> Average packet rate: 4.02 packets/sec
>
> $ tcpdump -r ~/for_josh_eth.pcap -c1 -n
> reading from file /home/jwright/for_josh_eth.pcap, link-type EN10MB
> (Ethernet)
> 03:36:29.389184 IP 128.10.252.9.80 > 192.168.1.200.4268: .
> 1913583455:1913584903(1448) ack 772896246 win 54
>
>
> Grab the updated source at http://www.willhackforsushi.com/?page_id=79.

Works brilliantly, thanks. Stripped .5Gb very quickly.

Robin

[ reply ]
Re: removing PPI headers Sep 17 2009 01:18PM
Cedric Blancher (blancher cartel-securite fr)
Re: removing PPI headers Sep 17 2009 12:02PM
Joshua Wright (jwright hasborg com)


 

Privacy Statement
Copyright 2010, SecurityFocus