Information Security

capinfos : Backtrack 5: Non Menu Items: CLI Commands: capinfos

Ever located an old capture file and you weren’t sure what was in it or needed to grab some quick statistics about another capture file? What about needed to run statistics on multiple capture files and present them via a database or a spreadsheet? Well if you have ever run into any of these scenarios then capinfos is worth a look. The capinfos command is available via the Backtrack CLI and provides statistic information about cap files. This is one of the gems located on Backtrack that nobody ever hears about.

Information Security

xplico – Backtrack 5 – Information Gathering – Network Analysis – Network Traffic Analysis – xplico

Xplico is a NFAT or Network Forensics Analysis Tool that is designed to either capture traffic in real time sessions or to provide an interface to upload PCAP (Packet Capture Data) files for analysis. The current version in Backtrack Linux 5 release 3 is 0.7 however the latest Xplico version is Xplico 1.0.1. I believe there are some dependencies required in the later versions of Xplico so I will write an updated article once Backtrack 6 comes up and the latest version of Xplico can easily be installed.

Information Security

Filter Wireless Network Captures By SSID Using TShark

It is very common when obtaining wireless network handshakes to end up with a huge capture(.cap or .pcap typically) file. Previously purehate wrote this article on filtering out SSID specific EAPOL packets from a capture file but if you wanted to keep any and all packets related to a specific SSID including data packets, beacon frames, etc. the below tshark command will accomplish that. This is very similar to the previous article but will provide more data for the user and still slim down a capture file if you had packets from multiple SSID’s.

Technology Insights

How to extract WPA handshake from large capture files

Sometimes you have a very large capture file and would like to extract the WPA/WPA2 handshake packets from it to a separate file. The can be done with “tshark” which is a command line version of the Wireshark suite. Installing the linux version of the Wireshark suite on your system should also install tshark.

**NOTE** This article is outdated please read this article instead for a much easier method for extracting WPA handshakes for specific SSID’s from large WPA/WPA2 capture files.