The other day I had a wireless network packet capture file saved as a .cap file. The ESSID that was displaying via normal aircrack-ng output of the WPA/WPA2 wireless packet capture lead me to believe there was at least one space included in the beginning of the ESSID and likely after the ESSID since it…
In the past we have written a couple articles on using tshark to strip WPA capture files down to a specific ESSID or SSID but in some cases it can be more useful to strip the capture down by BSSID or MAC address of the WAP. Isolating packets by BSSID or WAP MAC address is…
Pyrit was recently upgraded on a server that I use and when I logged in to run it manually from the CLI I noticed an error. The error, which is explained in more detail below, complains that the libpcap is to old. The server that this pyrit installation is installed on is CentOS 5.4. CentOS…
I recently had a customer upload a WPA capture to our tools.question-defense.com server which failed immediately. This can happen from time to time and is for a variety of reasons Sometimes if captures does not contain all 4 eapol packets they will fail , and sometimes if a capture has lots of other wifi garbage…
I have had lots of people email me and ask if there is anyway to make it impossible for a attacker to recover your mac address from a capture file. If you are using one of our tools like the WPA Cracker in our tools section, you may be hesitant to upload a clients capture…