airdecap-ng
This is an old revision of the document!
Table of Contents
Airdecap-ng
Description
With airdecap-ng you can decrypt WEP/WPA/WPA2 capture files. As well, it can be used to strip the wireless headers from an unencrypted wireless capture.
Usage
airdecap-ng [options] <pcap file>
Option | Param. | Description |
---|---|---|
-l | don't remove the 802.11 header | |
-b | bssid | access point MAC address filter |
-k | pmk | WPA/WPA2 Pairwise Master Key in hex |
-e | essid | target network ascii identifier |
-p | pass | target network WPA/WPA2 passphrase |
-w | key | target network WEP key in hexadecimal |
Usage Examples
The following removes the wireless headers from an open network (no WEP) capture:
airdecap-ng -b 00:09:5B:10:BC:5A open-network.cap
The following decrypts a WEP-encrypted capture using a hexadecimal WEP key:
airdecap-ng -w 11A3E229084349BC25D97E2939 wep.cap
The following decryptes a WPA/WPA2 encrypted capture using the passphrase:
airdecap-ng -e 'the ssid' -p passphrase tkip.cap
Usage Tips
For ESSIDs which contain spaces, put the ESSID in quotes: 'this contains spaces'.
Usage Troubleshooting
None at this time.
airdecap-ng.1172074703.txt.gz · Last modified: 2007/02/21 17:18 by darkaudax