Wireshark-users: [Wireshark-users] Analysing WLAN capture from a Kismet Drone

From: Christopher Key <cjk32@xxxxxxxxx>
Date: Thu, 14 Feb 2008 09:59:18 +0000
Hello,

Whilst trying to debug a wireless connection issue recently, I needed a way to be able to capture and analyse raw 802.11 traffic in wireshark on running on my windows system, and thought my final solution might be of interest.

I had a spare WRT54G, which has a wireless interface that canbe put into monitor mode. I installed OpenWRT onto it, and then kismet-drone, a simple application that captures traffic from a wireless interface, wraps each packet in its own header, and streams the encapsulated packets out to any connected clients. The packet headers are not too dissimilar from those used by wireshark, and a few lines of perl, available from http://www.srcf.ucam.org/~cjk32/kismet2pcap/, is all thats required to convert from one to the other.

Hence, with kismet_drone running on kismethost,

nc kismethost 3501 | ./kismet2pcap.pl - ./capture.pcap

Will writes the packets in a format that wireshark will understand to capture.pcap.


I hope this is of use to someone, it certainly made my life rather easier!

I'm not subscribed to the mailing list, so could you Cc me in to any replies please.

Regards,

Chris