Results 1 to 5 of 5

Thread: comebine 2 airodump .cab data files?

  1. #1
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    10

    Default comebine 2 airodump .cab data files?

    I had about 30,000 data packets and then my little sister moved the wireless cards cable (USB) and it got D/C. The file was about 6GB and i started all over again but my rates are at 2000 data packets per hour.

    So is there a way to combine dumpfile-01.cab and dumpfile-02.cab to aircrack?

  2. #2
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    18

    Default

    ivstools, if i remember correctly...?
    Hear no evil, Speak no evil...and you'll never be invited to a party.

  3. #3
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    First of all they are .cap files.

    Second of all dont waste your time combining them just open them all with aircrack. Like this....

    Code:
    r00t@infected ~ $ cd cap_files/
    r00t@infected ~/cap_files $ ls
    cap-05.cap  handshakes.cap  lddr-01.cap  test-01.cap  testdb  testingairodump-06.cap  wpa.cap  wpa1.cap  youcantgetthis.cap-02.cap
    r00t@infected ~/cap_files $ aircrack-ng *.cap
    r00t@infected ~/cap_files $ aircrack-ng *.cap
    Opening cap-05.cap
    Opening handshakes.cap
    Opening lddr-01.cap
    Opening test-01.cap
    Opening wpa.cap
    Opening wpa1.cap
    Opening youcantgetthis.cap-02.cap
    Read 135460 packets.
    
       #  BSSID              ESSID                     Encryption
    
       1  00:1E:E5:7B:90:42  LOPEZ                     WPA (1 handshake)
       2  00:1C:F0:F4:0B:66  Network Johnny            WEP (151 IVs)
       3  00:12:0E:62:BB:DC  suarez                    WEP (5272 IVs)
       4  00:21:29:EE:98:25  @Home9825                 None (0.0.0.0)
       5  00:18:3A:30:2F:59                            WPA (0 handshake)
       6  00:09:5B:5E:1A:D9  NETGEAR                   WPA (1 handshake)
       7  00:12:17:3D:18:E1  mcnamaragroup             WEP (33 IVs)
       8  00:1D:7E:41:F2:A2  linksys                   None (0.0.0.0)
       9  00:22:6B:7F:09:DF  linksys10                 WEP (5 IVs)
      10  00:0F:66:91:B6:84  linksys                   None (0.0.0.0)
      11  00:1D:7E:C3:85:71  linksys                   None (0.0.0.0)
      12  00:0D:88:85:D7:6D  Dlink614                  No data - WEP or WPA
      13  00:00:00:00:00:00                            Unknown
      14  00:14:D1:3D:A7:6D  sydnet                    No data - WEP or WPA
      15  00:A0:F8:CB:2E:5B  pocwyg7swean              WPA (1 handshake)
      16  00:16:B6:9E:34:91  linksys_SES_20971         WPA (1 handshake)
      17  00:21:91:02:8C:3C  ladder                    WPA (1 handshake)
      18  00:1E:2A:78:8B:32  morales45                 No data - WEP or WPA
      19  00:1E:58:FD:13:9F  Jmachine                  WPA (1 handshake)
      20  00:14:BF:39:78:6B  Firewall1                 WEP (112 IVs)
      21  00:11:50:45:12:B3  Rosie                     WPA (0 handshake)
      22  00:1C:10:2C:12:7E  DANNY6969                 No data - WEP or WPA
      23  00:0D:93:EB:B0:8C  test                      WPA (1 handshake)
      24  00:1E:E5:F4:49:DD  youcantgetthis            WPA (1 handshake)
    
    Index number of target network ?

  4. #4
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Quote Originally Posted by pureh@te View Post
    First of all they are .cap files.

    Second of all dont waste your time combining them just open them all with aircrack. Like this....
    I knew you could open multiple .cap files but for whatever reason have never opened cap files with more than one ssid .. to be honest even after all ive learned i didnt know that was possible ... one of the disadvantages of being white hat i guess =\

    Thank You
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  5. #5
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    You know i just realized an instance where combining them would be necessary.

    If we where playing with airtune-ng and we had multiple .cap files from separate captures and we wanted to combine them.

    This would be necessary for instance if one .cap file didn't have a WPA handshake and the other .cap file contained some of the data we needed as airtune needs a handshake to be able to decrypt.

    A quick search didnt bring up anything so im wondering is there another way as the wildcard doesn't seem to work?

    EDIT: another quick search for "Merging" rather than "combining" .cap files brought up this for anyone who needs it



    You may use File → Merge… in Wireshark or Ethereal.

    From the command line you may use the mergecap program to merge .cap files (part of the Wireshark/Ethereal package or the win32 distribution):

    mergecap -w out.cap test1.cap test2.cap test3.cap

    It will merge test1.cap, test2.cap and test3.cap into out.cap
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •