Local Mirror of
NOTE: The next generation of Aircrack, Aircrack-ng has far
superseded the functionality of the original; Aircrack-ng's project homepage can
be found here: http://www.aircrack-ng.org/doku.php
airdecap is a tool for decrypting WEP and WPA capture files.
This can be useful if we which to confirm a WEP or WPA key that we have acquired
using one of the WEP or WPA cracking programs.
To decrypt a WEP capture
"WEP-capture-01.cap" we specify the WEP key with the -w switch.
As can be seen airdecap
has successfully decrypted all 151 WEP data packets thus confirming that
the WEP key is indeed 866578388f517be0b4818a0db1.
WEP-capture-01-dec.cap has now also been created which is an unencrypted
version of our capture file. This file is a standard pcap file and can be
viewed in ethereal or tcpdump (e.g. tcpdump -r WEP-capture-01-dec.cap)
Because WPA encryption not only make use of a pass-phrase but also salts the
process with the network SSID we are required to supply both the SSID and WPA
airdecap -e cuckoo -p sausages wpa-test.cap
In the above example cuckoo is the network SSID for our capture
wpa-test.cap and sausages is the WPA pass-phrase.
The file wpa-test-01-dec.cap has now also been created which is an
unencrypted version of our capture file. This file is a standard pcap file
and can be viewed in ethereal or tcpdump (e.g. tcpdump -r
Using the -b switch (BSSID) we can specify which BSSID to decrypt with
airdecap. Handy if our capture file contains the traffic from several