suport PCAP files with 802.11 packet structure #220
Labels
arkime
Relating to Malcolm's use of Arkime
enhancement
New feature or request
external
Depends on a bug or feature external to this project
upload
Relating to PCAP and/or Zeek log ingestion
Comments
mmguero
added
enhancement
|
I wanted to share here that I was able to get something working just not for upload. The developer of aircrack-ng made wifibeat a few years ago, unfortunately it was pretty out of date. I was able to fork it and get something compiled and working so that if a wireless adapter is in monitor mode it can take that information and send it to ELK. Not sure if it's in scope of this project but wanted to leave this here in case it helps anyone. Original repo https://github.com/WiFiBeat |
|
Kamino closed and cloned this issue to cisagov/Malcolm |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
migrated from cisagov#264 via @cwilliams001:
To reproduce
Steps to reproduce the behavior:
Convert a PCAPNG file to PCAP using tshark with the following command:
Attempt to upload the resulting PCAP file to Malcolm.
Expected behavior
I expected Malcolm to be able to read and analyze the PCAP file converted from PCAPNG.
I am trying to convert pcapng files from a kismet capture into pcaps so that I can use Malcolm as a data visualization tool and to do more in-depth analysis. Thank you!
[EDIT]
I reached out to the developer of Arkime and the issue is that Arkime does not support 802.11 packets.
The text was updated successfully, but these errors were encountered: