[kismac] Re: Decrypt Output

Hurray! I finally got ettercap installed, but when I run your command all it outputs is:

ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

Dissector "ssh" not supported (etter.conf line 67)
Using WEP key: 5fb136a806
Reading from kismacdump2... (802.11)

 28 plugins
 39 protocol dissectors
 53 ports monitored
7587 mac vendor fingerprint
1698 tcp OS fingerprint
2183 known services

Starting Unified sniffing...


End of dump file...

Terminating ettercap...

This is what I used to run ettercap on my dump file.
ettercap -T -q --wep-key '64:s:\x5F\xB1\x36\xA8\x06' -r kismacdump -m resultsfile2.txt
where the key that kismac cracked was 5F:B1:36:A8:06 for Key 0.
Am I executing this correctly? Thanks for the help this far we are almost there!

Erik Winkler wrote:

I recommend you take a look at the ettercap tool (http:// ettercap.sourceforge.net/). When analyzing wireless packet dumps you can issue the command line:

ettercap -T -q --wep-key '128:s:\x11\x22\x33\x44\x55\x79\x69\x73\x71 \x76\x66\x54\x6E' -r kismacdump -m resultsfile.txt

Ettercap will decrypt the packets and show any clear text usernames and passwords in the decrypted data stream.

On Oct 6, 2005, at 7:00 AM, Michael Peth wrote:

Hey everyone,
I just got kismac up and running last week and have begun sniffing etc. I am running ibook with airport extreme so I'm not able to inject or deauthorize, but when I do find a network and sniff it for a while and then successfully crack the key, I am not able to join the network. I played around with it for a while and then Saw the decrypt feature and I load up the dump file in it and then put in the key it cracked and it says it successfully decrypted with no packets lost. From there I don't know what to do with the output file because I dont have anything to open it. Any help would be greatly appreciated, thanks in advance.
-Mike





Other related posts: