NetStumbler.org Forums

Go Back   NetStumbler.org Forums > Software > Unix/Linux
Reload this Page airdecap 2.2, strange results...
Register Search Today's Posts Mark Forums Read

Closed Thread
 
LinkBack Thread Tools Display Modes
Old 08-06-2005   #1 (permalink)
Weifei
No wires required
 
Join Date: Aug 2005
Posts: 8
airdecap 2.2, strange results...
Hi,

I've captured some WEP-encrypted traffic and used airdecap to decrypt the traffic (I do now the key...). However the resulting name-dec.cap file is very short and cannot be read with tcpdump (complains about "unknown data link type" or Ethereal refusing to open the file at all. (I know I can enter the WEP-key in Ethereal directly thus not needing airdecap at all...)

Anyway I'd like to know what I'm doing wrong with airdecap here...

Cheers,
Weifei
Weifei is offline  
Old 08-06-2005   #2 (permalink)
itsnotme
Dumbass checker
 
itsnotme's Avatar
 
Join Date: Sep 2002
Location: Somewhere below Lake Ontario
Posts: 1,076
Google?

Search?

Read the included documentation? ( I haven't read the documentation yet since I dont use the program so I can't vouch for this one, but have you even looked at the documentation yet? )
itsnotme is offline  
Old 08-06-2005   #3 (permalink)
wrzwaldo
I amuse you?
 
Join Date: Dec 2003
Posts: 9,127
Quote:
Originally Posted by Weifei
Hi,

I've captured some WEP-encrypted traffic and used airdecap to decrypt the traffic (I do now the key...). However the resulting name-dec.cap file is very short and cannot be read with tcpdump (complains about "unknown data link type" or Ethereal refusing to open the file at all. (I know I can enter the WEP-key in Ethereal directly thus not needing airdecap at all...)

Anyway I'd like to know what I'm doing wrong with airdecap here...

Cheers,
Weifei
http://www.cr0.net:8040/code/network/aircrack/
wrzwaldo is offline  
Old 08-06-2005   #4 (permalink)
Weifei
No wires required
 
Join Date: Aug 2005
Posts: 8
@itsnotme, wrzwaldo:

Thank you for being soooo helpful!

If there was any suitable information either in google or the documentation I would have said "shame on me" but since this is not the case I wonder why you guys think you must point me to some useless/non-existing information...

I HAVE read the documentation and I HAVE googled for any results.

Have you two Misters Know-it-all have even _READ_ my question????

Just to recap:
1) I HAVE captured encrypted traffic
2) I HAVE the WEP-key
3) I CAN decrypt the captured traffic in Ethereal providing the dump + key to Ethereal

HOWEVER the decrypted-cap-File which airdecap produces can not be read by tcpdump nor by Ethereal.


Another guy who has the same problem (found by Google)

And about the documentation for airdecap: All it says about airdecap is:

> I've found the key, how do I decrypt a capture file ?
> Simply use the airdecap program:
> usage: airdecap [options] <pcap file>
> -l : don't remove the 802.11 header
> -b bssid : access point MAC address filter
> -k pmk : WPA Pairwise Master Key in hex
> -e essid : target network ascii identifier
> -p pass : target network WPA passphrase
> -w key : target network WEP key in hex
> examples:
> airdecap -b 00:09:5B:10:BC:5A open-network.cap
> airdecap -w 11A3E229084349BC25D97E2939 wep.cap
> airdecap -e my_essid -p my_passphrase tkip.cap

I see no hint here, do you? I've provided the WEP-Key in Hex (tried with and without colons, tried with -l flag and without and so on) but the resulting decrypted .cap file can not be used!

Anybody out there being more helpful than itsnotme and wrzwaldo?

Cheers
Weifei
Last edited by Weifei : 08-06-2005 at 12:26 PM.
Weifei is offline  
Old 08-06-2005   #5 (permalink)
devine
Emergence
 
Join Date: Jul 2004
Location: Paris
Posts: 389
Quote:
Originally Posted by wrzwaldo
Actually, it's a real bug in the code. Weifei: line 847 in airdecap.c, add:

Code:
n = sizeof( pfh );
devine is offline  
Old 08-06-2005   #6 (permalink)
wrzwaldo
I amuse you?
 
Join Date: Dec 2003
Posts: 9,127
Quote:
Originally Posted by Weifei
@itsnotme, wrzwaldo:

Thank you for being soooo helpful!

If there was any suitable information either in google or the documentation I would have said "shame on me" but since this is not the case I wonder why you guys think you must point me to some useless/non-existing information...

I HAVE read the documentation and I HAVE googled for any results.

Have you two Misters Know-it-all have even _READ_ my question????
Yes I actually read your question and seeing you didn't mention if you had visited the source site (most assholes don't). I figured I'd point you there. Now I can see that even assholes visit it.

P.S. Fuck You!
Last edited by wrzwaldo : 08-06-2005 at 01:29 PM.
wrzwaldo is offline  
Old 08-06-2005   #7 (permalink)
theprez98
SpoonfeederExtraordinaire
 
theprez98's Avatar
 
Join Date: Jan 2005
Location: Maryland
Posts: 3,619
Quote:
Originally Posted by wrzwaldo
Yes I actually read your question and seeing you didn't mention if you had visited the source site (most assholes don't). I figured I'd point you there. Now I can see that even assholes visit it.

P.S. Fuck You!
You might ruin more than Dutch's keyboard...LOL
__________________
:00475160 0E A6 AE A0 19 E3 A3 46 .......F
:00475168 0D 65 17 0C 53 70 6F 6F .e..Spoo
:00475170 6E 66 65 65 64 65 72 2E nfeeder.
:00475178 45 78 74 72 61 6F 72 64 Extraord
:00475180 69 6E 61 69 72 65 5D 3B inaire];
:00475188 8B 9E 92 5A FF 5D A6 F0 ...Z.]..
theprez98 is offline  
Old 08-07-2005   #8 (permalink)
Weifei
No wires required
 
Join Date: Aug 2005
Posts: 8
Quote:
Originally Posted by devine
Actually, it's a real bug in the code. Weifei: line 847 in airdecap.c, add:

Code:
n = sizeof( pfh );
Devine, thank you very much, works like a charm now!

Cheers
Weifei
Weifei is offline  
Old 08-07-2005   #9 (permalink)
Weifei
No wires required
 
Join Date: Aug 2005
Posts: 8
Quote:
Originally Posted by wrzwaldo
Yes I actually read your question and seeing you didn't mention if you had visited the source site (most assholes don't). I figured I'd point you there. Now I can see that even assholes visit it.
P.S. Fuck You!
Well, your avatar is really nice but your manners are not, bummer

Besides: Having read the infos on the source site or not is irrelevant to the mentioned problem which was in fact - see above - a bug in the code!

Cheers
Weifei
Weifei is offline  
Old 08-07-2005   #10 (permalink)
wrzwaldo
I amuse you?
 
Join Date: Dec 2003
Posts: 9,127
Quote:
Originally Posted by Weifei
Well, your avatar is really nice but your manners are not, bummer

Besides: Having read the infos on the source site or not is irrelevant to the mentioned problem which was in fact - see above - a bug in the code!

Cheers
Weifei
Oh you wanted manners? That's two doors down the hall on the left! You may be interested in reading this.

Besides, having mentioned you had visited the apps support site would have precluded me from providing you with the link to it. So to refresh your memory, here is your lacking in detail opening post. So you fixed the "bug in the code" what are you going to use to kill that bug in your ass?

P.S. Fuck You, and Fuck Manners!
Last edited by wrzwaldo : 08-07-2005 at 06:50 AM.
wrzwaldo is offline  
Closed Thread

« suggestions for a linux laptop to run Kismet | HOWTO: Run Kismet on an IPAQ (3900 series) »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



Google
 
Web NetStumbler.org

All times are GMT -7. The time now is 01:21 AM.

Contact Us - NetStumbler.org - NetStumbler.com - Online Backup - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0 ©2007, Crawlability, Inc.


All messages express the views of the author and are for entertainment purposes only. Netstumbler.org cannot be held responsible for the authenticity of the content or the actions of its members. By using this site and its services, you warrant that you will not post any messages that are discriminating, obscene, hateful, threatening, or otherwise violates any laws and you release Netstumbler.org from any future claims of any kind whatsoever including, but not limited to, addiction and loss of productivity. All forum messages, private messages and any other content are properties of Netstumbler.org. Even if publicly available, personal or copyrighted information are not to be posted without the consent of the owner. Distribution of licensed and copyrighted materials in any way not endorsed by the copyright owner is strictly prohibited. You may not use this site and its resources to spam other sites or individuals or perform any action that violates any law. Items sold or bought in the For Sale forum are sold as is and no warranty or insurance of any kind is provided. Netstumbler.org cannot be held responsible for the outcome of any transactions and no warranty of any kind is provided, either express or implied. Vulgar words are not allowed in the subject lines ; they may be used in the message body in any forum. The Administrator, Super Moderators and Moderators of Netstumbler.org have the right to remove, edit, move or close any thread for any reason and to reveal your identity and other known information in the event of a complaint or legal action arising from any message posted by you.