Forrest logo
back to the airdecap-ng tool

airdecap-ng:tldr:2d8bb

airdecap-ng: Decrypt a WPA/WPA2 encrypted capture file preserving the headers using the access point's [e]ssid and [p]assword.
$ airdecap-ng -l -e ${essid} -p ${password} ${path-to-capture-cap}
try on your machine

The command "airdecap-ng -l -e ${essid} -p ${password} ${path-to-capture-cap}" is used to decrypt and capture wireless network packets that have been captured using a tool like Wireshark or Airodump-ng.

Here is a breakdown of the different components of the command:

  • "airdecap-ng": This is the command used to decrypt wireless network packets.
  • "-l": This option is used to enable live decryption, which means the packets are decrypted as they are captured.
  • "-e ${essid}": This option specifies the ESSID (Extended Service Set Identifier) or the name of the wireless network that you want to decrypt the packets for. Replace "${essid}" with the actual name of the network.
  • "-p ${password}": This option is used to specify the password or network key required to decrypt the packets. Replace "${password}" with the actual password.
  • "${path-to-capture-cap}": This is the path to the capture file (.cap) that contains the captured network packets. Replace "${path-to-capture-cap}" with the actual path to the capture file.

By running this command, airdecap-ng will decrypt the captured packets for the specified wireless network, using the provided password, and display the decrypted information on the screen.

This explanation was created by an AI. In most cases those are correct. But please always be careful and never run a command you are not sure if it is safe.
back to the airdecap-ng tool