User Tools

Site Tools


This is an old revision of the document!



With airdecap-ng you can decrypt WEP/WPA/WPA2 capture files. As well, it can be used to strip the wireless headers from an unencrypted wireless capture.


airdecap-ng [options] <pcap file>
-l don't remove the 802.11 header
-bbssidaccess point MAC address filter
-kpmkWPA/WPA2 Pairwise Master Key in hex
-eessidtarget network ascii identifier
-ppasstarget network WPA/WPA2 passphrase
-wkey target network WEP key in hexadecimal

Usage Examples

The following removes the wireless headers from an open network (no WEP) capture:

airdecap-ng -b 00:09:5B:10:BC:5A open-network.cap

The following decrypts a WEP-encrypted capture using a hexadecimal WEP key:

airdecap-ng -w 11A3E229084349BC25D97E2939 wep.cap

The following decrypts a WPA/WPA2 encrypted capture using the passphrase:

airdecap-ng -e 'the ssid' -p passphrase  tkip.cap

Usage Tips

WPA/WPA2 Requirements

The capture file must contain a valid four-way handshake. For this purpose having (packets 2 and 3) or (packets 3 and 4) will work correctly. You in fact don't truly need all four handshake packets.

As well, only data packets following the handshake will be decrypted. This is because information is required from the handshake in order to decrypt the data packets.

How to use spaces, double quote and single quote in AP names?

See thisFAQ entry

Usage Troubleshooting

None at this time.

airdecap-ng.1202159467.txt.gz · Last modified: 2008/02/04 22:11 by darkaudax