I've been playing around with Kismac trying to teach myself some wireless security fundamentals and ran across chaosreader ( http://users.tpg.com.au/bdgcvb/chaosreader.html) which is supposed to take a tcpdump or snoop file and glue together web/telnet/ftp packets and report on them with a generated html file. I've tried capturing a bunch of packets passively and running it through chaosreader but I get
Chaosreader ver 0.94 Opening, test.pcap Reading file contents, ERROR10: Input dosen't look like a tcpdump or snoop output file. If it is tcpdump, it may be a wrong or new version.
From what I can see, kismac can save to a pcap file which is what tcpdump would spit out (right?) but it appears to be running into problems with the saved file. I've tried the following: 1. both available versions of chaosreader.pl (is 2004 really the last update?) 2. running it on both mac and linux boxes 3. filtering out all but one unencrypted BSSID (a bit tedious in the current version of kismac but oh well :)
I still run into the problems. I'm just assuming kismac spits out a newer (in fact much newer) version of pcap files than chaos reader can use. Are there any hints on what I can do to get chaosreader working or maybe some other scripts that would do the same thing? I'd love to delve into writing my own parsing script, but I'm not at that point yet.
thanks in advance...