Re: Saving 802.11 WPA/WPA2 decrypted packets

["j.snelders" <j.snelders () telfort nl>]

On Sun, 1 May 2011 08:10:18 +0000 Sreenivasulu Yellamaraju wrote:
> - even if the input file can be split into smaller files using the File
Save
> As and Range feature,not all of the output files can be decrypted with the
> known passphrase as only one of
>  the split files will have the EAPOL 4-way key handshake captured and the
> rest will have only data traffic without EAPOL 4-way handshake captured
in
> them.

Hi Sreenivasulu,

You can save the EAPOL packets to a separate file and merge this file with
the other smaller files:
- mark the 4 EAPOL packets
- save the marked packets: File | Save As... | Packet Range: select Marked
packets

The next step is to merge the EAPOL packets with the other files.
Wireshark:
- open the file, with the EAPOL packets
- got to File | Merge...
- select file2.pcap and click Open
- save the new file

mergecap
$ mergecap -w outfile.pcap EAPOL.pcap file2.pcap

Hope this helps
Joke


       


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe