Aircrack-ng forum

General Category => Newbies => Topic started by: roy_m on February 17, 2015, 07:42:19 am

Title: airdecap-ng
Post by: roy_m on February 17, 2015, 07:42:19 am
Hi,

I am trying to work my way through the following network forensics contest. http://forensicscontest.com/2011/07/31/puzzle-7-anns-dark-tangent-defcon-2010

I have the packet capture file: http://forensicscontest.com/contest07/evidence-defcon2010.pcap

and I have cracked the key with aircrack-ng. I am then trying to get a decrypted packet capture with:

airdecap-ng -w 4A:7D:B5:08:CD evidence-defcon2010.pcap

but the resulting packet capture seems not quite correct. It feels like perhaps the packet disectors might be slightly offset in the resulting packet capture because the IP addresses that I can see in wireshark and NetworkMiner seem off.

I am using Ubuntu 14.04 and  Airdecap-ng 1.2 beta1

Thanks a lot for your time