Fast-forwarding, sir!

Another big ToDo solved: Handling large capture-files used to be painfully slow in Pyrit. Therefore Pyrit from version 0.3.1-dev r232 on now uses libpcap (the heart of tcpdump) to parse capture-files and bind to live capture-sources. Due to some new BPF-filter trickery, reading and parsing a capture file is super fast from now on.

For example, reading a 23mb (500.000 packets) file used to take about 1 minute, 30 seconds on my MacBook; the same thing is now done in 7 seconds!

The new libpcap-core also allows us to read packets from live devices. The command stripLive can have the option “-r” to take the name of a network-device (e.g. wlan0). You can therefore have Pyrit gather packets directly from the air and produce very small capture files like this:

pyrit -r wlan0 -o wlan0.cap stripLive

Notice that Pyrit does not care to take the device into monitor mode or change channels. You should use a tool like Kismet for that and have Pyrit take the score.


Leave a comment

No comments yet.

Comments RSS TrackBack Identifier URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

  • RSS Unknown Feed

    • An error has occurred; the feed is probably down. Try again later.