Results 1 to 8 of 8

Thread: Chaosreader, no TCP with WEP network?

  1. #1
    Junior Member
    Join Date
    Apr 2010
    Posts
    29

    Default Chaosreader, no TCP with WEP network?

    Sorry if this doesn't make sense, feel free to ask questions if something's unclear.

    Short version:
    I'm capturing on my WEP-encrypted network and I've got chaosreader to run, but the index.html file created by chaosreader shows no TCP sessions. Is there a way I can tell chaosreader my key and read the traffic I've collected, or would I have to join the WEP-encrypted network first?

    More details:
    I have three computers attached to a WEP-encrypted WLAN and a fourth netbook collecting traffic shared by those other computers, but not connected the WLAN. I've collected plenty of data, ran chaosreader on the .cap file, and I can open the index.html file created by chaosreader. The Image Report is empty, same emptiness for the GET/POST Report and the HTTP Proxy Report pages. TCP/UDP/... Sessions is blank, same for IP Count and so on ... all the way down to Ethernet Type Count and I can see what look like the last four digits of MAC addresses and a packet count ... what's up with that? Why can't I see TCP or sessions?

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Chaosreader, no TCP with WEP network?

    Chaosreader is not expecting to see a pcap file with encrypted traffic. You need to feed it unencrypted pcaps, so join the network first and capture unencrypted data.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Junior Member
    Join Date
    Apr 2010
    Posts
    29

    Default Re: Chaosreader, no TCP with WEP network?

    And even with the key, there's no way to decrypt the collected packets that I have already written to a file?

  4. #4
    Junior Member roybatty's Avatar
    Join Date
    Jan 2010
    Location
    Tannhauser Gate
    Posts
    55

    Default Re: Chaosreader, no TCP with WEP network?

    Wrong, there are ways. Try harder. Hint: aircrack-ng suite.
    I've seen things you people wouldn't believe.

  5. #5
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default Re: Chaosreader, no TCP with WEP network?

    airdecap should do the trick no ?

  6. #6
    Junior Member
    Join Date
    Apr 2010
    Posts
    29

    Default Re: Chaosreader, no TCP with WEP network?

    You guys rock ... I got the filename-dec.cap file, but chaosreader returns "Killed" after running on 33% of the file. What's up with that?

    Granted, the collection ran over a weekend (approx 1.5GB, a few TiVo transfers, IM logins, auto-refreshes, missed chat windows, etc) but chaosreader was able to ingest all of it (the encrypted version) and give me an index.html output ... why would it return
    Code:
    33% (321805137/968741730)Killed
    now?

  7. #7
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Chaosreader, no TCP with WEP network?

    Try splitting the file into smaller pieces (using tcpslice or similar). You might also want to try reading it with another tool like tcpdump or wireshark to ensure that the file is valid.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #8
    Junior Member roybatty's Avatar
    Join Date
    Jan 2010
    Location
    Tannhauser Gate
    Posts
    55

    Default Re: Chaosreader, no TCP with WEP network?

    Not yet ready for parsing large files afaik.

    I wrote Chaosreader as a program to demonstrate the vulnerabilities of
    plaintext protocols such as telnet, HTTP, FTP, X11, VNC, etc; while using
    log files of around 10Mb.. (I had met some people who believed X11 to be
    "safe" as the protocol was too hard to interpret and redisplay[1]).

    A 200Mb demo is, erm, rather large. Don't use the "-ve" options as
    they trigger Hex dumps - which consume a lot of memory. Someone did
    explain a legitimate reason to me for processing huge files, so optimising
    the memory footprint is on my todo list.

    no worries,

    Brendan Gregg

    Sydney, Australia
    I've seen things you people wouldn't believe.

Similar Threads

  1. Replies: 1
    Last Post: 04-17-2010, 06:36 AM
  2. Replies: 8
    Last Post: 11-26-2009, 08:09 AM
  3. Capture of Wep Wlan Traffice and conversion with chaosreader
    By Freakhome in forum OLD Newbie Area
    Replies: 3
    Last Post: 02-11-2009, 04:31 AM
  4. Any other tools like ChaosReader?
    By danathane in forum OLD Newbie Area
    Replies: 3
    Last Post: 06-27-2008, 06:17 PM
  5. Setting up network on local network with bt3 over VMware
    By JibberingJ in forum OLD Newbie Area
    Replies: 3
    Last Post: 02-12-2008, 11:21 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •