I'm trying to index a pcap-file with wireless traffic using Packetbeat 5.4.1:
packetbeat -e -v -waitstop 10 -t -d publish -I c:\temp\wlan-132_07.06.17_1232.eth
but getting the following error:
2017/06/07 11:52:00.957186 beat.go:339: CRIT Exiting: Initializing sniffer failed: Error creating decoder: Unsupported link type: UnknownLinkType(105)
Exiting: Initializing sniffer failed: Error creating decoder: Unsupported link type: UnknownLinkType(105)
Does the program support wireless data?
Please post all questions and issues on https://discuss.elastic.co/c/beats
before opening a Github Issue. Your questions will reach a wider audience there,
and if we confirm that there is a bug, then you can open a new issue.
Could you guys please confirm, that this is a bug? I'm going to open a github issue then.
Hm... UnknownLinkType kind of indicates the network type is not even known to the sniffer libs used by packetbeat. But 105 clearly stands for LINKTYPE_IEEE802_11...
Packetbeat needs to be able to decode the different network layers. Does the pcap contain actual unencrypted traffic from your wireless, or is it just WiFi management message? Have you tried to open the PCAP in wireshark and check wireshark can analyze the application payload like HTTP and such?
In general, packetbeat does not support wireless lan, as this will require some more advanced parsing/handling of the packets.
the file can be opened with Wireshark just fine. It's unencrypted traffic captured on the access point.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.