Aircrack-ng Official Document Translation---airdecap-ng Description "Introduction"
With Airdecap-ng you can decrypt WEP/WPA/WPA2 capture files. As well, it can also is used to strip the wireless headers from an unencrypted wireless capture.
It outputs a new file ending with "-dec.cap" which is the decrypted/stripped version of the input file.
with Airdecap-ng, you can decrypt pcap files that are based on WEP/WPA/WPA2 encryption. Of course, Airdecap-ng can also be used to strip the wireless frame header (the header of 802.11 frames) to an unencrypted wireless packet. It generates a new file named after "-dec.cap" as the decrypted/unpacked version of the original input file.
Usage "Use"
airdecap-ng [Options] <pcap file>
Option Options |
Param. Parameters |
Description Describe |
-L |
|
Don ' t remove the 802.11 header Do not remove the 802.11 frame header |
-B |
Bssid |
Access Point MAC address filter Use the MAC address of the AP as the filter condition |
-K |
Pmk |
WPA/WPA2 pairwise Master Key in hex WPA/WPA2 PMK in hexadecimal form |
-E |
Essid |
Target Network ASCII identifier Target network identifier in ASCII form |
-P |
Pass |
Target Network WPA/WPA2 Passphrase WPA/WPA2 Passphraseof the target network (i.e., pre-shared password) |
-W |
Key |
Target network WEP key in hexadecimal WEP key in hexadecimal form of the destination network |
Wildcards May is used on the input file name providing it is only matches a single file. In general, it's recommended that's use a single file name as input, not wildcarding.
you might use wildcards in the input pcap file name, but make sure that the match is a single file (after using wildcards). In general, Airdecap-ng requires that you use a unique file name as input, not a wildcard character. (It can be understood that airdecap-ng can only process one file at a time, so your input cannot be used with more than one file.) )
Usage Examples "use example"
The following removes the wireless headers from an open network (no WEP) Capture:
to split the 802.11 frame headers for wireless packets captured from an open (non-WEP protected) network, use the following command:
Airdecap-ng-b 00:09:5b:10:bc:5a Open-network.cap
The following decrypts a wep-encrypted capture using a hexadecimal WEP key:to decrypt a WEP-encrypted wireless network packet using the hexadecimal form of the WEP key, use the following command:
Airdecap-ng-w 11a3e229084349bc25d97e2939 Wep.cap
The following decrypts a WPA/WPA2 encrypted capture using the passphrase:to decrypt a WPA/WPA2 encrypted packet using passphrase (that is, a pre-shared password), use the following command:
Airdecap-ng-e ' The SSID '-p passphrase Tkip.cap
Usage Tips "Using tips" WPA/WPA2 Requirements "(successfully decrypted using) WPA/WPA2 (protected packets)"
The capture file must contain a valid Four-way handshake. For this purpose has (packets 2 and 3) or (packets 3 and 4) would work correctly. In fact, you don ' t truly need all four handshake packets.
The pcap file to be decrypted must contain a valid "four-time handshake packet". In practice, however, you do not need to catch the full "four-time handshake package". For decryption purposes, you only need to catch the handshake packets 2 and 3, or handshake packets 3 and 4, can be decrypted normally.
As well, only data packets following the handshake would be decrypted. This is because information are required from the handshake in order to decrypt the data packets.
In addition, (Airdecap-ng) can only decrypt session packets (between a specific client and a specific AP) after the handshake package. This is because the decryption process must use some of the information generated during the handshake.
How to use spaces, double quote and a quote in AP names?
"How to use spaces, double quotes, and single quotes in the name of the AP (i.e., Essid)"
See this FAQ entry
Click this FAQ entry to view this issue.
Usage troubleshooting "Using a fault diagnosis"
None at this time.
there is no current.
Translator Description:
The translation is marked with a blue font, in which the contents of the Chinese Parenthesis "()" are not derived from the original text, but are added by the translator according to his own understanding, as well as the requirement of the fluent statement;
The translator himself is also involved in this field, insight shallow, translation of this article, on the one hand to facilitate communication, on the other hand is also as a deepening of learning, if there is misinterpretation, wrong translation, hope the forerunner informed;
In the future, the minor maintenance will be carried out irregularly, so please look forward to it.
Can and welcome reprint, but please be sure to indicate the source.
------This article by csdn-蚍蜉 Shake Pine "Homepage: HTTP://BLOG.CSDN.NET/HOWEVERPF "Collation translation, reproduced please indicate the source!" ------
Aircrack-ng Official document translation [Chinese-English control]---airdecap-ng