Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Converting raw 802.11 (rfmon) capture file to standard libpcap
From: "Jerry Shenk" <jshenk () decommunications com>
Date: Tue, 13 Jan 2004 06:32:40 -0500

That is exactly what I want...the ability to replay the traffic over a
wired network to re-analyze the data stream with Cain, dsniff and other
similar tools.  I can already view the traffic just fine and honestly,
I'm not sure if it's gonna be worth all the bother here...part of it is
that this has got to be possible...it seems like it should anyway;)

-----Original Message-----
From: Chris Eagle [mailto:cseagle () redshift com] 
Sent: Tuesday, January 13, 2004 1:10 AM
To: Jerry Shenk; pen-test () securityfocus com
Subject: RE: Converting raw 802.11 (rfmon) capture file to standard

Jerry Shenk wrote:

By raw, I mean 802.11 rfmon - raw really isn't the right word.  It's
packets that are captured with a wireless care in monitor (or rfmon)
mode.  They have the 802.11 header included so tcpdump can't read
Neither can other utilities that I typically use to analyze sniffer
files.  I don't really need to analyze the packets themselves,
ethereal/tehtereal works quite well for that.  What I do want to do is
load them into utilities that don't know what to do with the 802.11

I routinely use Ethereal to read/display packets in rfmon mode.  It
packets just fine with or without prism headers.  I don't think
will handle 802.11 packets however.  It sounds like you are looking for
tool that will instead rewrite each 802.11 packet as an Ethernet packet
building an Ethernet header from the 802.11 address fields and pasting
together with the encapsulated 802.2 data.  Is that what you have in
Do you want to replay the packets over a wired network or over wireless?



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]