[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kismet-wireless
Subject:    RE: [KISMET] converting raw .dump files (rfmon) to standard ether
From:       "James J. Perry" <jjperry () water ! com>
Date:       2002-11-15 20:55:39
[Download RAW message or body]

I know that I was reading "Building Open Source Network Security Tools" that
has a section on libpcap.  It has a specific type for 802.11 packets.  It
seems to me that it would not be all that hard to modify the tcpdump program
included in the latest safe libpcap distribution (there was a trojan found
in some of the latest libpcap distributions, story at
http://www.hlug.org/trojan/ .) All that should be required is to change the
packet header type specified to tcpdump or write a quick program to read in
the file.  

My coding skills are not that good, but I would expect it would not be that
hard.

    -Jim

-----Original Message-----
From: Ross Jordan [mailto:rjordan@student.math.uwaterloo.ca]
Sent: Tuesday, November 12, 2002 8:32 AM
To: jshenk@decommunications.com
Cc: wireless@kismetwireless.net
Subject: Re: [KISMET] converting raw .dump files (rfmon) to standard
ethernet dumps


> 
> I'm pretty sure that's the problem - the 802.11 traffic.  Just like the
> 'normal' tcpdump can't process the kismet*.dump files because they include
> the 802.11 header which is obviously necessary.  What I'm wondering is if
> there is some way to strip off the 802.11 stuff and leave only the
ethernet
> frames.

I think you should be able to filter it through tcpdump, though
I'm not sure of the exact syntax:

something like:
tcpdump -s 2048 -n -r <original> -w <filtered> 'not ether proto IEEE 802.11'

-Ross

[prev in list] [next in list] [prev in thread] [next in thread]