In the past we have written a couple articles on using tshark to strip WPA capture files down to a specific ESSID or SSID but in some cases it can be more useful to strip the capture down by BSSID or MAC address of the WAP. Isolating packets by BSSID or WAP MAC address is…
A while ago I wrote a short tutorial on how to strip down a wireless capture which contained a wpa handshake so that only eapol packets and beacon frames where left. I have since found a little bit better way to do it so I decided to make a new post. In the previous article…
I recently had a customer upload a WPA capture to our tools.question-defense.com server which failed immediately. This can happen from time to time and is for a variety of reasons Sometimes if captures does not contain all 4 eapol packets they will fail , and sometimes if a capture has lots of other wifi garbage…
I have had lots of people email me and ask if there is anyway to make it impossible for a attacker to recover your mac address from a capture file. If you are using one of our tools like the WPA Cracker in our tools section, you may be hesitant to upload a clients capture…
Earlier today I needed to find the quickest and easiest way to monitor all traffic to and from a specific device on my network. The goal was to see how much bandwidth based on a specific amount of time that the device was using. My initial hope was that I could configure port monitoring on…
Trying to capture a 4-way TKIP handshake without help can involve sitting and watching traffic for hours and hours, waiting for a client to connect to a network. By using a tool called aircrack-ng we can forcefully deauthenticate a client who is connected to the network and force them to reconnect back up. During the…
Sometimes you have a very large capture file and would like to extract the WPA/WPA2 handshake packets from it to a separate file. The can be done with “tshark” which is a command line version of the Wireshark suite. Installing the linux version of the Wireshark suite on your system should also install tshark. **NOTE**…
There are various reasons why you may want to log the incoming packets for your Skype messaging client. You can log both calls and instant messages made via your Skype client using Wireshark. Wireshark is a free utility that can be used to log any traffic on your computer.
I needed to capture some packets on a server to import into Wireshark on a Windows XP computer but hadn’t done this in awhile so I needed to refresh on how to do this. I ended up using dumpcap to capture the data, then obtain the dump file on the windows computer, and then imported…