<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:v =
"urn:schemas-microsoft-com:vml" xmlns:o =
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:office:word" xmlns:m =
"http://schemas.microsoft.com/office/2004/12/omml"><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.16809" name=GENERATOR>
<STYLE>@font-face {
font-family: Cambria Math;
}
@font-face {
font-family: Calibri;
}
@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.0in 1.0in 1.0in; }
P.MsoNormal {
FONT-SIZE: 11pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Calibri","sans-serif"
}
LI.MsoNormal {
FONT-SIZE: 11pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Calibri","sans-serif"
}
DIV.MsoNormal {
FONT-SIZE: 11pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Calibri","sans-serif"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.EmailStyle17 {
COLOR: windowtext; FONT-FAMILY: "Calibri","sans-serif"; mso-style-type: personal-compose
}
.MsoChpDefault {
mso-style-type: export-only
}
DIV.Section1 {
page: Section1
}
</STYLE>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></HEAD>
<BODY lang=EN-US vLink=purple link=blue bgColor=#ffffff>
<DIV><FONT size=2>Uhm, have you contacted the authors of ELCOMsoft about the
issue?</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>I suspect that the elcomsoft product is only able to process
libpcap/tcpdump files containing wireless packets. What you have captured with
windump and the a standard wireless card are "syntetic" ethernet
frames.</FONT></DIV>
<DIV><FONT size=2>What happens is that under windows the normal wireless card
drivers do not export the original wireless (i.e. 802.11) frames, they export
fake ethernet packets (this is imposed by Windows pre-vista). </FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Have a nice day</FONT></DIV>
<DIV><FONT size=2>GV</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=buercky@sbcglobal.net
href="mailto:buercky@sbcglobal.net">buercky@sbcglobal.net</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=windump@winpcap.org
href="mailto:windump@winpcap.org">windump@winpcap.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Friday, April 03, 2009 3:05
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> [Windump] windump</DIV>
<DIV><BR></DIV>
<DIV class=Section1>
<P class=MsoNormal>Ver 3.9.5<o:p></o:p></P>
<P class=MsoNormal>I am monitoring a wireless card and I do see the packets
flow by as traffic is generated on the screen and I can write it to a file
tcpdump.cap<o:p></o:p></P>
<P class=MsoNormal>Then if I read the file using the –r option it reads
the file ok. Then if I try to open it with ELCOMsoft wireless
security auditor and it says it not a valid tcpdump file if I open
it with wireshark it opens ok. <o:p></o:p></P></DIV>
<P>
<HR>
<P></P>_______________________________________________<BR>Windump mailing
list<BR>Windump@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/windump<BR></BLOCKQUOTE></BODY></HTML>