Aircrack-ng forum
General Category => Newbies => Topic started by: roy_m on February 17, 2015, 07:42:19 am
-
Hi,
I am trying to work my way through the following network forensics contest. http://forensicscontest.com/2011/07/31/puzzle-7-anns-dark-tangent-defcon-2010
I have the packet capture file: http://forensicscontest.com/contest07/evidence-defcon2010.pcap
and I have cracked the key with aircrack-ng. I am then trying to get a decrypted packet capture with:
airdecap-ng -w 4A:7D:B5:08:CD evidence-defcon2010.pcap
but the resulting packet capture seems not quite correct. It feels like perhaps the packet disectors might be slightly offset in the resulting packet capture because the IP addresses that I can see in wireshark and NetworkMiner seem off.
I am using Ubuntu 14.04 and Airdecap-ng 1.2 beta1
Thanks a lot for your time