The other day I had a wireless network packet capture file saved as a .cap file. The ESSID that was displaying via normal aircrack-ng output of the WPA/WPA2 wireless packet capture lead me to believe there was at least one space included in the beginning of the ESSID and likely after the ESSID since it was not processing properly using oclHashcat-plus. I had never run into this before so wasn’t exactly sure the easiest way to figure out the number of spaces so I posed the question in the Freenode aircrack-ng IRC channel and got a couple responses which are noted below as well as instructions following the clearest solution.
In the past we have written a couple articles on using tshark to strip WPA capture files down to a specific ESSID or SSID but in some cases it can be more useful to strip the capture down by BSSID or MAC address of the WAP. Isolating packets by BSSID or WAP MAC address is useful in a scenario where a wireless deployment has numerous WAP’s and you have captured a specific SSID’s traffic from more than one WAP. Below is information on how to strip down a capture file based on BSSID and information on capture size before stripping the file down.
It is possible to crack WPA/WPA2 wireless network credentials using any number of open source tools available now including oclHashcat+, aircrack-ng, or pyrit to name a few. If you are having trouble cracking a password it is possible that the network uses RADIUS authentication instead of pre-shared keys(PSK). Now you could see this when if you looked at the details of the network you were attempting to capture authentication packets for as it would display as WPA Enterprise versus WPA Personal. It definitely happens though that this is not considered during the capture so you may need to verify that a network is WPA/WPA2 Personal versus WPA/WPA2 Enterprise once you are attempting to crack the authentication. You can do this using Wireshark and the details below.
Earlier while working on a laptop that I rarely use because it is only required to access one of my clients networks the Wireless network interface stopped working. Initially I thought the Windows XP computer was in the process of crashing however I soon figured out that this was not the case. I started looking for the Wireless switch, which is typically used on modern laptops to turn the Wireless interface off and on, but I was unable to locate it initially. Below I describe how I eventually noticed that the Wireless switch had been disabled, where the WiFi switch is located, and how to turn the Wireless switch on a HP Pavillion 6555b back to the on position.
I recently aquired a new GPS device for use with programs like Kismet and Airodump-ng. Its been a while since I have used GPS devices in Linux and back then they were serial devices. The BU-353 dvice is a USB device so I had to figure out how to get it going.