Blomholm
asked on
Airmon-ng capture packets to files
Hello,
I'm looking for a good program that can take my decrypted capture files from airmon-ng, process them and create files such as images and documents that are contained within the captured packets.
I've read of a program called "give me too" (GMT) that does this for ethernet, but not for wireless.
I've also read about a program / tool, "802ether", that translates from 802.11 to ethernet capture files... and you can then use GMT.
Anyone here who got experience with other programs or methods?
-- Many thanks
I'm looking for a good program that can take my decrypted capture files from airmon-ng, process them and create files such as images and documents that are contained within the captured packets.
I've read of a program called "give me too" (GMT) that does this for ethernet, but not for wireless.
I've also read about a program / tool, "802ether", that translates from 802.11 to ethernet capture files... and you can then use GMT.
Anyone here who got experience with other programs or methods?
-- Many thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Alright, so I've tried Wireshark. It works well for the HTTP protocol. I can pick export -> objects -> HTTP and I get most stuff going on that.
But I'd like a program that recognizes other stuff as well. Like MSN Chat, mail messages, irc, +++. So it seems wireshark is only a partial solution for me.
But I'd like a program that recognizes other stuff as well. Like MSN Chat, mail messages, irc, +++. So it seems wireshark is only a partial solution for me.
I find that the dissectors or "follow conversation" filter in wireshark do most of what I want. A superior product to ws is "omnipeek" http://www.wildpackets.com/products/overview - but its far from cheap. My employer pays for mine :)
ASKER
Thanks for your help.
Not an exact match to what I'm looking for, but close.
Not an exact match to what I'm looking for, but close.
ASKER
Thanks