Error: Unknown PHY type
I'm demoing Eye P.A., and really like it so far. In the process of playing around and analyzing network traffic on my home LAN, I've taken a couple of captures using Kismet on a Backtrack 5 R2 system. Having transferred these packet captures to my Windows system, I find that I'm unable to open them in Eye P.A.
When I open the file, I get an error stating "Eye P.A. Cannot open a file of this type. Error: Unknown PHY type seen new packet #XXXX". The packet number is the same every time I try to open the file. Opening the file in Wireshark works fine, and the packet in question isn't malformed or corrupted.
If I then export the packet in question to its own file, I can open it in Eye P.A. without issue. The same thing happens if I include a few packets to either side of the one in question.
For example, I have a 570637 packet capture that errors on packet #1800. I exported the first 2000 packets, and attempted to open the resulting file; same error. I exported packets 1501-2000, and was able to open the file without issue. I then exported packets 1-1500, and was able to open that file, also without issue, which left me scratching my head.
To confirm that I'm not completely crazy, I merged the two exported files (1-1500 and 1501-2000) in Wireshark, saved the merge, and attempted to open it. This time, Eye P.A. threw the same error, but blamed packet #1270.
I'm willing for forward the .pcap files in question to anyone at metageek who might want to take a look.
Jordan
Reply With Quote
Originally Posted by peterskine
Bookmarks