Skip to content
/ eapol-dump Public

small script for dumping and analyzing EAPOLs from a .cap file in order to find non-broken 4-way handshakes

License

MIT license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

franky436/eapol-dump

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
eapol_dump.sh
eapol_dump.sh
 
 

Repository files navigation

eapol-dump

Small script for dumping and analyzing EAPOLs from a .cap file in order to find non-broken 4-way handshakes

Use this to extract a clean EAPOL handshake ("consecutive" frame numbers, e.g. 1001, 1003, 1005, 1007!) by using the 4 frame numbers of the handshake:

tshark -r ./bla-01.cap -Y "wlan.fc.type_subtype == 0x08 || frame.number==128160 || frame.number==128162 || frame.number==128164 || frame.number==128168" -w eapol.cap

FYI, "wlan.fc.type_subtype == 0x08" exports the beacons so the SSID can be identified

About

small script for dumping and analyzing EAPOLs from a .cap file in order to find non-broken 4-way handshakes

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages