Please login or register.

Login with username, password and session length

Post reply

Warning: this topic has not been posted in for at least 120 days.
Unless you're sure you want to reply, please consider starting a new topic.
Message icon:

(Clear Attachment)
(more attachments)
Restrictions: 10 per post, maximum total size 8920KB, maximum individual size 1536KB
Note that any files attached will not be displayed until approved by a moderator.
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Which Aircrack-ng program captures traffic? Lowercase:

shortcuts: hit alt+s to submit/post or alt+p to preview

Topic Summary

Posted by: roy_m
« on: February 17, 2015, 02:42:19 am »


I am trying to work my way through the following network forensics contest.

I have the packet capture file:

and I have cracked the key with aircrack-ng. I am then trying to get a decrypted packet capture with:

airdecap-ng -w 4A:7D:B5:08:CD evidence-defcon2010.pcap

but the resulting packet capture seems not quite correct. It feels like perhaps the packet disectors might be slightly offset in the resulting packet capture because the IP addresses that I can see in wireshark and NetworkMiner seem off.

I am using Ubuntu 14.04 and  Airdecap-ng 1.2 beta1

Thanks a lot for your time