Chaosreader is not expecting to see a pcap file with encrypted traffic. You need to feed it unencrypted pcaps, so join the network first and capture unencrypted data.
Chaosreader, no TCP with WEP network?
Sorry if this doesn't make sense, feel free to ask questions if something's unclear.
Short version:
I'm capturing on my WEP-encrypted network and I've got chaosreader to run, but the index.html file created by chaosreader shows no TCP sessions. Is there a way I can tell chaosreader my key and read the traffic I've collected, or would I have to join the WEP-encrypted network first?
More details:
I have three computers attached to a WEP-encrypted WLAN and a fourth netbook collecting traffic shared by those other computers, but not connected the WLAN. I've collected plenty of data, ran chaosreader on the .cap file, and I can open the index.html file created by chaosreader. The Image Report is empty, same emptiness for the GET/POST Report and the HTTP Proxy Report pages. TCP/UDP/... Sessions is blank, same for IP Count and so on ... all the way down to Ethernet Type Count and I can see what look like the last four digits of MAC addresses and a packet count ... what's up with that? Why can't I see TCP or sessions?
Re: Chaosreader, no TCP with WEP network?
Chaosreader is not expecting to see a pcap file with encrypted traffic. You need to feed it unencrypted pcaps, so join the network first and capture unencrypted data.
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
Re: Chaosreader, no TCP with WEP network?
And even with the key, there's no way to decrypt the collected packets that I have already written to a file?
Re: Chaosreader, no TCP with WEP network?
Wrong, there are ways. Try harder. Hint: aircrack-ng suite.
I've seen things you people wouldn't believe.
Re: Chaosreader, no TCP with WEP network?
airdecap should do the trick no ?
Re: Chaosreader, no TCP with WEP network?
You guys rock ... I got the filename-dec.cap file, but chaosreader returns "Killed" after running on 33% of the file. What's up with that?
Granted, the collection ran over a weekend (approx 1.5GB, a few TiVo transfers, IM logins, auto-refreshes, missed chat windows, etc) but chaosreader was able to ingest all of it (the encrypted version) and give me an index.html output ... why would it returnnow?Code:33% (321805137/968741730)Killed
Re: Chaosreader, no TCP with WEP network?
Try splitting the file into smaller pieces (using tcpslice or similar). You might also want to try reading it with another tool like tcpdump or wireshark to ensure that the file is valid.
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
Re: Chaosreader, no TCP with WEP network?
Not yet ready for parsing large files afaik.
I wrote Chaosreader as a program to demonstrate the vulnerabilities of
plaintext protocols such as telnet, HTTP, FTP, X11, VNC, etc; while using
log files of around 10Mb.. (I had met some people who believed X11 to be
"safe" as the protocol was too hard to interpret and redisplay[1]).
A 200Mb demo is, erm, rather large. Don't use the "-ve" options as
they trigger Hex dumps - which consume a lot of memory. Someone did
explain a legitimate reason to me for processing huge files, so optimising
the memory footprint is on my todo list.
no worries,
Brendan Gregg
Sydney, Australia
I've seen things you people wouldn't believe.
Posting Permissions
