标签:
With airdecap-ng you can decrypt WEP/WPA/WPA2 capture files. As well, it can also be used to strip the wireless headers from an unencrypted wireless capture.
It outputs a new file ending with ”-dec.cap” which is the decrypted/stripped version of the input file.
通过airdecap-ng,您可以解密基于WEP/WPA/WPA2加密的pcap文件。当然,airdecap-ng也可以用来给未加密的无线数据包剥离无线帧头(即802.11帧的首部)。它会生成一个以"-dec.cap"结尾命名的新文件,以此作为原始输入文件的 解密后/解封装 版本。
airdecap-ng [options] <pcap file>
Option
选项Param.
参数Description
描述-l don‘t remove the 802.11 header
不要移除802.11帧头-b bssid access point MAC address filter
以AP的MAC地址作为过滤条件-k pmk WPA/WPA2 Pairwise Master Key in hex
十六进制形式的WPA/WPA2 PMK-e essid target network ascii identifier
ascii形式的目标网络标识符-p pass target network WPA/WPA2 passphrase
目标网络的WPA/WPA2 passphrase(即预共享口令)-w key target network WEP key in hexadecimal
目标网络十六进制形式的WEP密钥
Wildcards may be used on the input file name providing it only matches a single file. In general, it is recommended that you use a single file name as input, not wildcarding.
您或许会在输入的pcap文件名中使用通配符,但请保证(使用通配符后)匹配的还是一个单一的文件。通常来说,airdecap-ng要求您以一个唯一的文件名作为输入,而非通配符。(可以理解为airdecap-ng一次仅能处理一个文件,所以您的输入不能通配多于一个文件。 )
The following removes the wireless headers from an open network (no WEP) capture:
要为从开放式(没有使用WEP保护)网络中捕获的无线数据包剥离802.11帧头,使用下面的命令:
airdecap-ng -b 00:09:5B:10:BC:5A open-network.capThe following decrypts a WEP-encrypted capture using a hexadecimal WEP key:
airdecap-ng -w 11A3E229084349BC25D97E2939 wep.capThe following decrypts a WPA/WPA2 encrypted capture using the passphrase:
airdecap-ng -e ‘the ssid‘ -p passphrase tkip.cap
The capture file must contain a valid four-way handshake. For this purpose having (packets 2 and 3) or (packets 3 and 4) will work correctly. In fact, you don‘t truly need all four handshake packets.
待解密的Pcap文件中必须含有有效的“四次握手包”。但实际上,您并不需要抓到完整的”四次握手包“。出于解密的目的,您仅需要抓到握手包2和3,或者握手包3和4,就可以正常解密了。
As well, only data packets following the handshake will be decrypted. This is because information is required from the handshake in order to decrypt the data packets.
此外,(airdecap-ng)只能解密(特定客户端和特定AP之间)在握手包之后的会话数据包。这是因为解密的时候必须要用到握手过程中产生的一些信息。
None at this time.
当前尚无。
译文用蓝色字体标注,其中用中文圆括号“()”括起来的内容并非来自原文,而是译者根据自己的理解,以及语句通顺的需要自行添加;
译者自己也是初涉此领域,见识浅薄,翻译本文,一方面便于交流,另一方面也是作为深化学习之用,如有曲解、错译,望先行者告知;
以后还会不定期地进行小型维护,敬请期待;
可以并欢迎转载,但请务必注明出处。
------本文由CSDN-蚍蜉撼青松【主页:http://blog.csdn.net/howeverpf】整理翻译,转载请注明出处!------
Aircrack-ng官方文档翻译[中英对照]---Airdecap-ng
标签:
原文地址:http://www.cnblogs.com/kaifayuan/p/4394736.html