http://qs321.pair.com?node_id=1162465

Muskovitz has asked for the wisdom of the Perl Monks concerning the following question:

Hello Monks,
Is there a way to crack a captured .cap file using perl? i tried to search the perl module PCAP Net::Pcap. But i guess it's not it.
Please explain to me if this is possible or not, Thanks!

Replies are listed 'Best First'.
Re: Is there a way to crack .CAP file in Perl?
by Corion (Patriarch) on May 08, 2016 at 07:06 UTC

    What do you mean by "crack"?

    How did Net::Pcap fail to work for you?

    How did you obtain the .cap file? What program was used and what format is the file in?

      I use airodump-ng to obtain the .cap file, I was trying to know if it is possible to analyze the .cap file if there's an wpa handshake using perl and if it is possible to decrypt the .cap file. Thanks for reply

        A cursory Google search for airodump-ng capture file format shows this tutorial, where Wireshark is used to display and analyze a capture file. This means that libpcap can read the capture files. So maybe now it's time to revisit your failed attempts with Net::PCap and try again?

Re: Is there a way to crack .CAP file in Perl?
by haukex (Archbishop) on May 08, 2016 at 09:41 UTC

    Hi Muskovitz,

    Several years ago I wrote a script using Net::Pcap and NetPacket to read a capture file - however, there is a lot of low-level decoding involved (e.g. reassembling IP fragments is fun), and a lot of re-inventing the wheel. So my suggestion would be that you use the already highly advanced features of Wireshark, which you can access from the command line via tshark, to get at the data in the capture file and filter it, and have tshark output it in a format your Perl program can parse. In your Perl program you can capture the data from tshark using a module like Capture::Tiny.

    Hope this helps,
    -- Hauke D