Linux

 

Linux tools, Howtos

 

Tools Index

 

Wireless Commands

 

FC6 Build Howto

 

FC5 Build Howto

 

FC4 Build Howto

 

Live Linux Distros

 

 

Site Search

 

 

 

 

Windows

 

WIN32 tools, Howtos

 

Tools Index

 

 

Get Firefox!

 

 

General

 

Miscellaneous WI-FI

 

Default WI-FI Settings

 

Rogue AP Howtos

 

WI-FI Certifications

 

802.11 Standards

 

STEP BY STEP Guides

 

Formats / Extensions

 

WI-FI Home Security

 

Useful Links

 

 

 

 

airdecap

Project Homepage: http://www.cr0.net:8040/code/network/ (OFFLINE)

Project Homepage: Local Mirror of Homepage  aircrack-2.41.tgz  MD5: 05A37C8A165EFB11EA226829C809DEB3

NOTE: The next generation of Aircrack, Aircrack-ng has far superseded the functionality of the original; Aircrack-ng's project homepage can be found here: http://www.aircrack-ng.org/doku.php

 

airdecap is a tool for decrypting WEP and WPA capture files.  This can be useful if we which to confirm a WEP or WPA key that we have acquired using one of the WEP or WPA cracking programs.

Usage

Decrypting WEP

Decrypting WPA

 

Usage:

 

 

Decrypting WEP encrypted captures:

 

To decrypt a WEP capture "WEP-capture-01.cap" we specify the WEP key with the -w switch.

 

airdecap -w  866578388f517be0b4818a0db1  WEP-capture-01.cap

As can be seen airdecap has successfully decrypted all 151 WEP data packets thus confirming that the WEP key is indeed 866578388f517be0b4818a0db1.

 

The file WEP-capture-01-dec.cap has now also been created which is an unencrypted version of our capture file.  This file is a standard pcap file and can be viewed in ethereal or tcpdump (e.g. tcpdump -r WEP-capture-01-dec.cap)

 

Decrypting WPA encrypted captures:

Because WPA encryption not only make use of a pass-phrase but also salts the process with the network SSID we are required to supply both the SSID and WPA pass-phrase.

airdecap -e cuckoo -p sausages  wpa-test.cap

<image>

In the above example cuckoo is the network SSID for our capture wpa-test.cap and sausages is the WPA pass-phrase.

The file wpa-test-01-dec.cap has now also been created which is an unencrypted version of our capture file.  This file is a standard pcap file and can be viewed in ethereal or tcpdump (e.g. tcpdump -r wpa-test-01-dec.cap)

Using the -b switch (BSSID) we can specify which BSSID to decrypt with airdecap.  Handy if our capture file contains the traffic from several different networks.

 

 
 
   Copyright 2010 Wirelessdefence.org. All Rights Reserved.