[Video] Cracking WiFi - Sniffing Traffic (airdecap-ng & wireshark)

[g0tmi1k]

Links
Watch video on-line: http://g0tmi1k.blip.tv/file/3373448
Download video: http://www.mediafire.com/?t6c22rhb7b93n4c
What is this?
This video shows, that you don't have to be connect to a wireless network, to see what data has been sent over it!


What do I need?
> Aircrack-ng
> Wireless Network Key
> Wireshark
> Pre Captured data


Software
Name: Aircrack-ng
Version: 1.0-rc3
Home Page: http://www.aircrack-ng.org/doku.php
Download Link: http://download.aircrack-ng.org/airc...1.0-rc3.tar.gzName: Wireshark
Version: 1.2.6
Home Page: http://www.wireshark.org
Download Link: http://media-2.cacetech.com/wireshar...-1.2.6.tar.bz2


Commands:

Code:

airmon-ng start wlan0
airodump-ng mon0
airodump-ng mon0 -c 8 -w output --bssid 00:19:5B:E7:52:70


airdecap-ng -e g0tmi1k -w 59EF19C76A output-01.cap

wireshark
http.authbasic

Notes:
Song: D Kay - Barcelona
Video length: 01:46
Capture length: 03:45

Blog Post: http://g0tmi1k.blogspot.com/2010/03/video-cracking-wifi-sniffing-traffic.html
Forum post: http://www.backtrack-linux.org/forum....html#post8092

[nightlybuild]

Quick and simple...I like it!

[Big_Mike]

Hello i been working with backtrack for about two months now and im starting to get the hang of it till this video came along
As you can see im unable to decrypted WEP packets for some reason..I log into two different sites. A forum for my gaming called Entropia Universe and my Router ip address and still nothing. I folled your instructions but didnt work. The question i have is what
are these numbers for 59EF19C76A ? I understand -w and all the rest of the commands but not sure what this (59EF19C76A ) is for. Is that for your set of numbers or do i need to get mine? Or is that the mac address from your wifi usb card? Other then that great video I been watching you for awhile now. You do go a bit fast and wished that there was some instructions as you do the videos.

PHP Code:

Total number of packets read          8350
Total number of WEP data packets      4332
Total number of WPA data packets         0
Number of plaintext data packets         0
Number of decrypted WEP  packets         0
Number of corrupted WEP  packets         0
Number of decrypted WPA  packets         0 


[nightlybuild]

Hello i been working with backtrack for about two months now and im starting to get the hang of it till this video came along
As you can see im unable to decrypted WEP packets for some reason..I log into two different sites. A forum for my gaming called Entropia Universe and my Router ip address and still nothing. I folled your instructions but didnt work. The question i have is what
are these numbers for 59EF19C76A ? I understand -w and all the rest of the commands but not sure what this (59EF19C76A ) is for. Is that for your set of numbers or do i need to get mine? Or is that the mac address from your wifi usb card? Other then that great video I been watching you for awhile now. You do go a bit fast and wished that there was some instructions as you do the videos.

PHP Code:

Total number of packets read          8350
Total number of WEP data packets      4332
Total number of WPA data packets         0
Number of plaintext data packets         0
Number of decrypted WEP  packets         0
Number of corrupted WEP  packets         0
Number of decrypted WPA  packets         0 


-w means wep key and "59EF19C76A" is the wep key that was used on the network that he sniffed. If you really did understand what -w means then you should know that what follows it is the wep key.

[Big_Mike]

-w means wep key and "59EF19C76A" is the wep key that was used on the network that he sniffed. If you really did understand what -w means then you should know that what follows it is the wep key.

..

Yes i figured it out but on your comment that you said it follows wep key is wrong..You can use a lot of commands after -w so its not always true to assume its the wep key..but in this situation i see what your saying

[Archangel-Amael]

Big_Mike it is nice to see you getting somewhere, however you should slow down, a bit and understand more about what you are trying to do.
A command is given then a "flag" (there are other names, but they all mean the same) may be set after the command. Multiple instances of flags can also be given. In most cased their order is not really important other than the readability of said command. Iin your case from above

Code:

 # airdecap-ng -e g0tmi1k -w 59EF19C76A output-01.cap

The command "airdecap-ng followed by the first flag is -e target network essid, this is followed by -w target wep key in hex. As such anything that comes after this -w should be the above. Otherwise you might get an error.
Generally most commands are built in such a way that they will not run if there is a syntax error.
For more info on the above command look at airdecap-ng(1) - Linux man page

Also in case you didn't notice the commands gotmilk used are all in the first post. As well as in the pastebin link.
You can take each one and google for more info.

[Encrypted_Soldier]

Cool video, short and sweet to the point! Nice!

[Big_Mike]

Big_Mike it is nice to see you getting somewhere, however you should slow down, a bit and understand more about what you are trying to do.
A command is given then a "flag" (there are other names, but they all mean the same) may be set after the command. Multiple instances of flags can also be given. In most cased their order is not really important other than the readability of said command. Iin your case from above

Code:

 # airdecap-ng -e g0tmi1k -w 59EF19C76A output-01.cap

The command "airdecap-ng followed by the first flag is -e target network essid, this is followed by -w target wep key in hex. As such anything that comes after this -w should be the above. Otherwise you might get an error.
Generally most commands are built in such a way that they will not run if there is a syntax error.
For more info on the above command look at airdecap-ng(1) - Linux man page

Also in case you didn't notice the commands gotmilk used are all in the first post. As well as in the pastebin link.
You can take each one and google for more info.

Thanks for the heads up Archangel.Amael. I havent heard of airdecap-ng yet till this video. Ohh shoot now more studying to do..cant wait to study more on this..

[franny550]

Hello, when I put in the wep key

airdecap-ng -e g0tmi1k -w 59EF19C76A output-01.cap ,
it doesn't work, my wep key is a hex "e7a991********************", is there something I should add after -w to make this work?

Thanks in advance
Frank

[nightlybuild]

Hello, when I put in the wep key

airdecap-ng -e g0tmi1k -w 59EF19C76A output-01.cap ,
it doesn't work, my wep key is a hex "e7a991********************", is there something I should add after -w to make this work?

Thanks in advance
Frank

What exactly are you getting? What's the error or message?