Thursday, April 12, 2012

Howto convert a Cisco Sniffer AP capture for Metageek's EyePA

One of the limitations of EyePA is that it only supports a direct WLAN Packet capture through AirPCap or through another type of raw wireless packet capture.  Specifically, it needs to have the radiotap headers or the regular 802.11 headers.

Cisco uses the Airopeek encapsulation and to further complicate matters, the packet is encapsulated inside a UDP packet.  If you want to know how to configure a Lightweight AP as a Sniffer, here is a great guide:

So now that we have our Cisco.pcap file, we can see that EyePA won't open the file:

After a few hours of research I stumbled onto a tool called AiroXtractor.

Since this is a linux program, power up your BackTrack linux or whatever your favorite distro is.
You can download AiroXtractor with the following command:

Extract the files with:
tar xzvf ./airoxtractor_0.1.tar.gz

Run airoxtractor
./airoxtractor/airoxtractor --in=<pathtocapture>/Cisco.pcap --out=<pathtodestination>/EyePA.pcap

Let's look at our capture now:

Once the program finishes, you should now have a capable packet for EyePA. 

Just to be clear, I did not write this software.  I credit the original owner over at

I'd also like to throw a shout-out to the team at Metageek and specifically Trent.  It's their software that makes this all happen.

Wednesday, February 29, 2012

How to remove backup repositories in NCS

Ran into this during an NCS install today, and just wanted to pass along the request.  The request was to delete backup repositories, both from testing and from the original WCS to NCS migration.

The basic structure follows this:

no repository <repository name>

This is case sensitive


test-NCS/testadmin# conf
Enter configuration commands, one per line.  End with CNTL/Z.
test-NCS/testadmin(config)# no repository wcs-ftp-repo
test-NCS/testadmin(config)# exit

While this is not in the configuration guide, Cisco did do a good job of making an intuitive CLI for the linux appliance.