Ankur Aggarwal wrote:
I am also trying to do a similar exercise. Instead of the ethereal
dumping a binary .apc file,
Ethereal can't save files in Airopeek format; it doesn't have any code
to do so.
I would like it to publish a .csv file.
(this is already supported in aeropeek)
1) Where do I make changes so that I can get it?
I don't know whether 0.10.10 has this, but the current source in the
development tree supports "as CSV" as a submenu item under the "Export"
menu item in the "File" menu.
2) how can I fix the definition of each of the field?
I.e., how do you control what values are written out?
It writes out the columns that are displayed in the packet list; it
doesn't support writing arbitrary data values, just those that can be
displayed there, such as source and destination addresses.
I have been using aeropeek for the wireless captures and have been
trying recently to migrate to ethereal.
If you want to migrate from Airopeek to Ethereal for *capturing*
wireless traffic, you might want to think about migrating from Windows
to an operating system that isn't quite as unfriendly towards
applications whose developers don't have the resources to write their
own wireless card drivers, as Ethereal is such an application - we don't
do our own wireless card drivers, and I doubt we ever will.
I.e., if you want to capture non-data 802.11 frames such as management
or control frames, or you want to capture traffic for a BSS other than
the one with which you're associated - or, depending on the type of
wireless card you have, even if you just want to capture traffic other
than traffic your machine receives or sends - you would have to switch
to Linux or one of the free-software BSDs.
This is one of the major
stumbling block which I am facing. Apart from that, How do I interface
atheroes or some other wireless card to this software.
By either
1) writing your own driver for the card, complete with support for
monitor mode, and writing utilities to put the card into monitor mode
(and modifying WinPcap and Ethereal as necessary to use it, including
support for getting 802.11 rather than fake Ethernet headers and getting
radio information if you're interested);
2) abandoning all hope of capturing non-data packets, of getting any
"radio" information (signal strength, etc.) per packet, or of getting
the raw 802.11 headers rather than fake Ethernet headers, and not
capturing in monitor mode;
3) abandoning Windows and using Linux or one of the free-software BSDs.
(Yes, "abandon all hope" is part of the translation of "Lasciate ogni
speranza, voi ch'entracte". There are those who would argue that, if
you start trying to capture wireless traffic on Windows with an
application that doesn't come with its own wireless driver, you are
entering the location famed for having "Lasciate ogni speranza, voi
ch'entracte" above its gates....) (No pun intended with "gates",
although that does bring to mind
http://www.fourmilab.ch/documents/top10.html
.)
See
http://wiki.ethereal.com/CaptureSetup_2fWLAN
for information on 802.11 captures on various OSes.