User Tools

Site Tools


This is an old revision of the document!



With airdecap-ng you can decrypt WEP/WPA/WPA2 capture files. As well, it can be used to strip the wireless headers from an unencrypted wireless capture.


airdecap-ng [options] <pcap file>
-l don't remove the 802.11 header
-bbssidaccess point MAC address filter
-kpmkWPA/WPA2 Pairwise Master Key in hex
-eessidtarget network ascii identifier
-ppasstarget network WPA/WPA2 passphrase
-wkey target network WEP key in hexadecimal

Usage Examples

The following removes the wireless headers from an open network (no WEP) capture:

airdecap-ng -b 00:09:5B:10:BC:5A open-network.cap

The following decrypts a WEP-encrypted capture using a hexadecimal WEP key:

airdecap-ng -w 11A3E229084349BC25D97E2939 wep.cap

The following decrypts a WPA/WPA2 encrypted capture using the passphrase:

airdecap-ng -e 'the ssid' -p passphrase  tkip.cap

Usage Tips

For ESSIDs which contain spaces, put the ESSID in quotes: 'this contains spaces'.

Usage Troubleshooting

None at this time.

airdecap-ng.1172079427.txt.gz · Last modified: 2007/02/21 18:37 (external edit)