Hi, Wireshark is not the better software for this.
Why not use airdecap-ng ( http://www.aircrack-ng.org/doku.php?id=airdecap-ng) from Aircrack-ng suite ? and use Wireshark ( tshark ? ) after for split pcap file Regards, On Sun, May 1, 2011 at 10:10 AM, Sreenivasulu Yellamaraju < [email protected]> wrote: > Hi , > > All of us who are working with 802.11 protocol know that Wireshark can > decrypt WEP/WPA/WPA2 traffic if passphrase is provided by the user. > > Is there any method to save the decrypted WEP or WPA or WAP2 traffic of > 802.11 protocol to an output pcap file? > > My requirement is to > > - decrypt a huge file containing WPA2 traffic and save the decrypted > packets to the output pcap file. > > - Split the output pcap file to smaller and manageable files, using > the File Save As and Range feature. For example save packet number 1 to > 1000,1001 to 2000, 2001 to 3000 etc in separate files > > - Open any one smaller output file for analysis. Since the file size > will be less, it can even be e-mailed across to someone else > > The disadvantages with the bigger input file are > > - although it can be opened and decrypted in Wireshark, it takes longer > to load ( for example a 800KB file takes 3 minutes to load). > - even if the input file can be split into smaller files using the File > Save As and Range feature,not all of the output files can be decrypted with > the known passphrase as only one of > the split files will have the EAPOL 4-way key handshake captured and the > rest will have only data traffic without EAPOL 4-way handshake captured in > them. > > > Please suggest if there are any known solutions? > > > > *Regards,* > > *Sreenivasulu Y* > > > > > > > Member of the CSR plc group of companies. CSR plc registered in England and > Wales, registered number 4187346, registered office Churchill House, > Cambridge Business Park, Cowley Road, Cambridge, CB4 0WZ, United Kingdom > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
