Results 1 to 7 of 7

Thread: searching inside .cap files - possibilities?

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Apr 2008
    Posts
    8

    Default searching inside .cap files - possibilities?

    Hi, people

    I'd need your help concerning searching inside .cap files.
    I have to go through a big pile of packets captured with airodump-ng and need to evaluate certain values in there. I'd like to open it and go though it with grep or something like that ... however, since airodump-ng produces a .cap-file this method does obviously not work right away. My current method is now to open it with Wireshark and go through it by hand and write the values on paper ... however, this is a very time-consuming process and since I need to go through a big pile of packets it's not practical.

    Maybe I can convert the .cap file into ASCII? Or maybe a program to search inside .cap files exists already? I have gotten the advice to try it with tcpdump (since tcpdump can output to console) and then grep ... but tcpdump tells me that "wifi0 has no IPv4 address asssigned" and shuts down instantly without capturing anything...
    Does anybody know help for my issue?

  2. #2
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default

    look at scapy.py that is what wifizoo uses http://www.secdev.org/projects/scapy...own_tools.html

  3. #3
    Just burned his ISO
    Join Date
    Apr 2008
    Posts
    8

    Default

    Okay, I read up about Scapy ... but that seems like a complicated solution. I don't really know how to approach this (yes, I'm a n00b).
    Besides the thing doesn't seem to work with .cap files, no?

    Is there no practical solution? I mean ... I have this .cap file and want to search for values in it. I can do it by hand, with Wireshark. But is there nothing more efficient?

  4. #4
    Senior Member
    Join Date
    Feb 2008
    Posts
    681

    Default

    Quote Originally Posted by Der_Kanzler View Post
    Okay, I read up about Scapy ... but that seems like a complicated solution. I don't really know how to approach this (yes, I'm a n00b).
    Besides the thing doesn't seem to work with .cap files, no?

    Is there no practical solution? I mean ... I have this .cap file and want to search for values in it. I can do it by hand, with Wireshark. But is there nothing more efficient?
    I don't know how much easier it can be. Use the shortcut keys, Ctrl+N and Ctrl+F to navigate. Instead of writing the values on paper just copy and paste the values into a text file.

    Did you know that after you open the .cap file in wireshark you can export it as a plain text file. Just look under "File" --> "Export".
    [FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
    [/FONT][/SIZE][/FONT]

  5. #5
    Just burned his ISO
    Join Date
    Apr 2008
    Posts
    8

    Default

    Quote Originally Posted by .lonewolf View Post
    I don't know how much easier it can be. Use the shortcut keys, Ctrl+N and Ctrl+F to navigate. Instead of writing the values on paper just copy and paste the values into a text file.

    Did you know that after you open the .cap file in wireshark you can export it as a plain text file. Just look under "File" --> "Export".
    Okay, I'm not that n00b not to think of the copy-paste method ... but when going through hundreds of relevant packets (among thousands of total packets) that would have been not a good option aswell.

    I, however, was n00b enough not to know that Wireshark had a to-.txt export function...

  6. #6
    Just burned his ISO
    Join Date
    Aug 2008
    Posts
    1

    Default

    maybe you are looking for ngrep?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •