Hi,
I am trying to work my way through the following network forensics contest.
http://forensicscontest.com/2011/07/31/puzzle-7-anns-dark-tangent-defcon-2010I have the packet capture file:
http://forensicscontest.com/contest07/evidence-defcon2010.pcapand I have cracked the key with aircrack-ng. I am then trying to get a decrypted packet capture with:
airdecap-ng -w 4A:7D:B5:08:CD evidence-defcon2010.pcap
but the resulting packet capture seems not quite correct. It feels like perhaps the packet disectors might be slightly offset in the resulting packet capture because the IP addresses that I can see in wireshark and NetworkMiner seem off.
I am using Ubuntu 14.04 and Airdecap-ng 1.2 beta1
Thanks a lot for your time