Skip to content

Airedecap-ng

With airdecap-ng you can decrypt WEP/WPA/WPA2 capture files. As well, it can also be used to strip the wireless headers from an unencrypted wireless capture.

It outputs a new file ending with “-dec.cap” which is the decrypted/stripped version of the input file.

Usage:

Airdecap-ng [options] <pcap file>

Options:

OptionParametersDescription
-l don’t remove the 802.11 header
-bbssidaccess point MAC address filter
-kpmkWPA/WPA2 Pairwise Master Key in hex
-eessidtarget network ascii identifier
-ppasstarget network WPA/WPA2 passphrase
-wkeytarget network WEP key in hexadecimal

Usage Examples:

The following removes the wireless headers from an open network (no WEP) capture:

        Airdecap-ng -b 00:09:5B:10:BC:5A open-network.cap

The following decrypts a WEP-encrypted capture using a hexadecimal WEP key:

        Airdecap-ng -w 11A3E229084349BC25D97E2939 wep.cap

The following decrypts a WPA/WPA2 encrypted capture using the passphrase:

       Airdecap-ng -e ‘the ssid’ -p passphrase tkip.cap