Airdecap-ng

This tool decrypts captured WEP, WPA/PSK or WPA2/PSK traffic after obtaining the key to a wireless network. Also, we will use to strip off unnecessary wireless headers.

---

Removing Wireless Headers

Because wireless capture files contain a lot of wireless headers that are mixed with network traffic, and we are not interested in these frames, so we need to strip off these frames. Using the command below we can such a thing:

airdecap-ng -b <BSSID> <Capture File> # or -e <ESSID>

We want to filter the traffic only to the MAC address of the AP we targeted.

---

Decrypting Traffic

Another thing to do with this tool is to decrypt the traffic, because what is the point of having encrypted traffic? there are 2 options to decrypt the traffic depending on what the network uses:

WEP

For WEP we need to specify the network key in hex:

airdecap-ng -b <BSSID> -e <ESSID> -w <Hex Key> <Capture File> 

WPA/WPA2

For this also we need to specify the passphrase (not hex):

airdecap-ng -b <BSSID> -e <ESSID> -p <Passphrase> <Capture File>