Removes wep cloaked framed from a pcap file.
see also :
airbase-ng - aircrack-ng - airdecap-ng - airdriver-ng - aireplay-ng - airmon-ng - airodump-ng - airolib-ng - airserv-ng - airtun-ng - buddy-ng - easside-ng - ivstools - kstats - makeivs-ng - packetforge-ng - tkiptun-ng - wesside-ng
add an example, a script, a trick and tips
no example yet ...
... Feel free to add your own example above to help other Linux-lovers !
is a tool that removes wep cloaking from a pcap file. Some
WIPS (actually one) can actively "prevent"
cracking a WEP key by inserting chaff (fake wep frames) in
the air to fool aircrack-ng. In some rare cases, cloaking
fails and the key can be recovered without removing this
chaff. In the cases where the key cannot be recovered, use
this tool to filter out chaff.
works by reading the input file and selecting packets from a
specific network. Each selected packet is put into a list
and classified (default status is "unknown").
Filters are then applied (in the order specified by the
user) on this list. They will change the status of the
packets (unknown, uncloaked, potentially cloaked or
cloaked). The order of the filters is really important since
each filter will base its analysis amongst other things on
the status of the packets and different orders will give
requirement: The pcap file needs to have all packets
(including beacons and all other "useless"
packets) for the analysis (and if possible, prism/radiotap
Shows the help screen.
Path to the capture file.
Essid of the network (not yet
implemented) to filter.
BSSID of the network to
Assume that null packets can be
Do not apply base filter.
Drop fragmented packets.
Apply different filters
(separated by a comma). See below.
Try to filter based on signal (prism or radiotap headers in the
Remove all duplicate sequence numbers for both the AP and the
client (that are close to each other).
Remove duplicate sequence number for the AP only (that are close
to each other).
Remove duplicate sequence number for the client only (that are
close to each other).
Filter based on the fact that IV should be consecutive (only for
Filter out all duplicate IV.
Use signal (if available), duplicate and consecutive sequence
number (filtering is much more precise than using all these
filters one by one).
page was written by Thomas d’Otreppe. Permission is
granted to copy, distribute and/or modify this document
under the terms of the GNU General Public License, Version 2
or any later version published by the Free Software
Foundation On Debian systems, the complete text of the GNU
General Public License can be found in