Howto convert a Cisco Sniffer AP capture for Metageek’s EyePA

One of the limitations of EyePA is that it only supports a direct WLAN Packet capture through AirPCap or through another type of raw wireless packet capture.  Specifically, it needs to have the radiotap headers or the regular 802.11 headers.

Cisco uses the Airopeek encapsulation and to further complicate matters, the packet is encapsulated inside a UDP packet.  If you want to know how to configure a Lightweight AP as a Sniffer, here is a great guide:  https://supportforums.cisco.com/docs/DOC-19214

So now that we have our Cisco.pcap file, we can see that EyePA won’t open the file:

After a few hours of research I stumbled onto a tool called AiroXtractor.   http://micky.ibh.net/~liske/airoxtractor/

Since this is a linux program, power up your BackTrack linux or whatever your favorite distro is.
You can download AiroXtractor with the following command:
wget http://micky.ibh.net/debian/pool/stable/main/airoxtractor/airoxtractor_0.1.tar.gz

Extract the files with:
tar xzvf ./airoxtractor_0.1.tar.gz
Run airoxtractor
./airoxtractor/airoxtractor –in=/Cisco.pcap –out=/EyePA.pcap
Let’s look at our capture now:
Once the program finishes, you should now have a capable packet for EyePA. 
Just to be clear, I did not write this software.  I credit the original owner over at http://micky.ibh.net/~liske/airoxtractor/
I’d also like to throw a shout-out to the team at Metageek and specifically Trent.  It’s their software that makes this all happen.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s