Sunday, April 05, 2009

Tshark: Decrypt WEP

Yes, you can decrypt wep using airdecap-ng from aircrack-ng suite, or using wireshark gui. However you can also use tshark to decrypt wep with known key, and you can define many keys to be used to decrypt wep packets as well.

Quick example -

shell>tshark -t ad -o 'wlan.enable_decryption:TRUE' \
-o "wlan.wep_key1:1122aabbcc" -nr wlan-wep.pcap

By the way, you can also decrypt wpa similarly.

Enjoy (;])

4 comments:

Paul Ooi said...

what about wpa2?

rd said...

airdecap-ng is better

mark said...

There's a new tool called wepbuster. an interface to aircrack-ng. everything fully automated. http://code.google.com/p/wepbuster/

chethak said...

THANKS a lot for this blog,it was very helpful. I was trying to use the same command for wpa. But failed. Can u please let me know how to decrypt packets for wpa.

Thanks in advance.
chethak