Can I see the type of encryption used through a pcapdump file?

Posted on 2011-10-14
Last Modified: 2012-05-12
Part of my bachelor project is about encryption. The first "not theory" stage is to find statistics on how many still use WEP as an encryption compared to WPA etc. This will be done through "wardriving".

I am still waiting for the correct network card which is being shipped to me. Meanwhile, I have done a testrun with Kismet through BackTrack 5 R1 with my internal network card (And this picks up many networks). I get 5 files; alert, gpsxml, nettxt, netxml, and pcapdump. On this last testrun, the pcapdump file is 195.7 KiB.

While in Kismet I can see different networks. The colors in Kismet give an identification of WEP and WPA. I open this pcapdump file in Wireshark. Here I see; time, source, destination, protocol, length, and info.

QUESTION: Why am I not seeing WEP or WPA? Is this the wrong file to open? Are there configurations I need in my Kismet.conf file? Or am I completely on the wrong track here.

QUESTION: I am also getting some of the same networks over again in this file. I can see that, because I see my own and neighbors networks more than once.

Can somebody guide me a little in the right direction.
Question by:Hashes
    LVL 39

    Assisted Solution

    You have to look into the beacon frames that are transmitted by the Wifi Endpoints.
    LVL 60

    Accepted Solution

    This is useful link talking abt the log @

    You will see "IEEE 802.11" but not the "Encryption" used directly. It is normally stated in "wlan.fc.protected" in the 802.11 Header Fields. You can use Wireshark display filter @

    Check out "Identifying Wireless Encryption Mechanisms" below

    For WEP traf¿c, we can identify by looking for any frames that include the mandatory WEP Initialization Vector (IV): wlan.wep.iv

    For WPA, as mentioned by noci, check out the beacon frames (wlan.fc.type_subtype eq 8). . Look for an information element labeled “Vendor Speci¿c: WPA” or “RSN Information.”
    LVL 27

    Expert Comment

    This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    If you are on a Windows computer and decide to protect a file with sensitive data, you can encrypt the file, password protect it or rely on steganography (hiding a file in an image). This technique is especially useful because unless someone knows t…
    There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now