Results 1 to 2 of 2

Thread: make sense of .cap files - advanced scripting

  1. #1
    Just burned his ISO
    Join Date
    Jun 2009

    Default make sense of .cap files - advanced scripting

    assuming i've a whole dump of cap files, how do I use grep, and other utilities to make sense of whos connecting to whom, and whats what. Ie how can i make a map of my neighbor hood, ie know what mac is connecting to whom from a dump of files

    for example if I wanted to know who connects to my router, or tries to associate to it, how can i grep dozens of .cap files to find that out?

    also i've notived with airodump for each .cap file there is a .txt. Is this is of any use or is that the last capture of output before airodump was closed?

  2. #2
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    The Crystal Wind


    Take a look at the airodump .txt file for information on access points and who is assosciated to them.

    Parsing pcap files isn't done via any shell tools I am aware of (there are some nifty tricks with tcpdump and tshark that you could parse the output of if you wanted), I make use of tshark display filters and perl scripts to do my work - you might want to invest some time in that.

    pcap (or just .cap files if you prefer) are binary files, grepping them isn't going to (necessarily) work how you think. As it appears you wish to work purely with access points, head back to the .txt files and figure out their format (check the aircrack webpage).
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts