look at scapy.py that is what wifizoo uses http://www.secdev.org/projects/scapy...own_tools.html
I'd need your help concerning searching inside .cap files.
I have to go through a big pile of packets captured with airodump-ng and need to evaluate certain values in there. I'd like to open it and go though it with grep or something like that ... however, since airodump-ng produces a .cap-file this method does obviously not work right away. My current method is now to open it with Wireshark and go through it by hand and write the values on paper ... however, this is a very time-consuming process and since I need to go through a big pile of packets it's not practical.
Maybe I can convert the .cap file into ASCII? Or maybe a program to search inside .cap files exists already? I have gotten the advice to try it with tcpdump (since tcpdump can output to console) and then grep ... but tcpdump tells me that "wifi0 has no IPv4 address asssigned" and shuts down instantly without capturing anything...
Does anybody know help for my issue?
Okay, I read up about Scapy ... but that seems like a complicated solution. I don't really know how to approach this (yes, I'm a n00b).
Besides the thing doesn't seem to work with .cap files, no?
Is there no practical solution? I mean ... I have this .cap file and want to search for values in it. I can do it by hand, with Wireshark. But is there nothing more efficient?
Did you know that after you open the .cap file in wireshark you can export it as a plain text file. Just look under "File" --> "Export".
[FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
I, however, was n00b enough not to know that Wireshark had a to-.txt export function...
maybe you are looking for ngrep?
What values are you looking for? simple ones may be in the .txt file that matches the .cap file your using, if its huge files i usually stick them into a db for easier logging.
If its something burried in the packets then maybe using a filter with wireshark will help cut out a lot off the crap getting in your way. i know its highly unscientific but i usually look for the exact bit of data/type of packet i'm after,then in the MIDDLE window right click on the field/sub-field you want then 'Prepare filter' and then 'selected'. sorry if i got some of the menus wrong but at a vista machine just now, cant check! (And i'm knackered)
Once you have found a filter that seems to remove most of the crap save it or write it down for future use, in fact many people on the forums have posted up very useful filters, you just kinda need to hunt for them.....