I'm demoing Eye P.A., and really like it so far. In the process of playing around and analyzing network traffic on my home LAN, I've taken a couple of captures using Kismet on a Backtrack 5 R2 system. Having transferred these packet captures to my Windows system, I find that I'm unable to open them in Eye P.A.
When I open the file, I get an error stating "Eye P.A. Cannot open a file of this type. Error: Unknown PHY type seen new packet #XXXX". The packet number is the same every time I try to open the file. Opening the file in Wireshark works fine, and the packet in question isn't malformed or corrupted.
If I then export the packet in question to its own file, I can open it in Eye P.A. without issue. The same thing happens if I include a few packets to either side of the one in question.
For example, I have a 570637 packet capture that errors on packet #1800. I exported the first 2000 packets, and attempted to open the resulting file; same error. I exported packets 1501-2000, and was able to open the file without issue. I then exported packets 1-1500, and was able to open that file, also without issue, which left me scratching my head.
To confirm that I'm not completely crazy, I merged the two exported files (1-1500 and 1501-2000) in Wireshark, saved the merge, and attempted to open it. This time, Eye P.A. threw the same error, but blamed packet #1270.
I'm willing for forward the .pcap files in question to anyone at metageek who might want to take a look.
Thanks for taking a look at Eye P.A. I know that Kismet captures in a different format than Eye P.A. expects. You can send me the capture at support at metageekdot net and we'll try and get it working. Right now files from kismet are not scheduled as a file type we're going to open, however if there is anyone else wanting this option, let us know here and I'll get the devs on it!