Cisco uses the Airopeek encapsulation and to further complicate matters, the packet is encapsulated inside a UDP packet. If you want to know how to configure a Lightweight AP as a Sniffer, here is a great guide: https://supportforums.cisco.com/docs/DOC-19214
So now that we have our Cisco.pcap file, we can see that EyePA won't open the file:
After a few hours of research I stumbled onto a tool called AiroXtractor. http://micky.ibh.net/~liske/airoxtractor/
Since this is a linux program, power up your BackTrack linux or whatever your favorite distro is.
You can download AiroXtractor with the following command:
wget http://micky.ibh.net/debian/pool/stable/main/airoxtractor/airoxtractor_0.1.tar.gz
Extract the files with:
tar xzvf ./airoxtractor_0.1.tar.gz
Run airoxtractor
./airoxtractor/airoxtractor --in=<pathtocapture>/Cisco.pcap --out=<pathtodestination>/EyePA.pcap
Let's look at our capture now:
Once the program finishes, you should now have a capable packet for EyePA.
Just to be clear, I did not write this software. I credit the original owner over at http://micky.ibh.net/~liske/airoxtractor/
I'd also like to throw a shout-out to the team at Metageek and specifically Trent. It's their software that makes this all happen.
