Can I see the type of encryption used through a pcapdump file?
Posted on 2011-10-14
Part of my bachelor project is about encryption. The first "not theory" stage is to find statistics on how many still use WEP as an encryption compared to WPA etc. This will be done through "wardriving".
I am still waiting for the correct network card which is being shipped to me. Meanwhile, I have done a testrun with Kismet through BackTrack 5 R1 with my internal network card (And this picks up many networks). I get 5 files; alert, gpsxml, nettxt, netxml, and pcapdump. On this last testrun, the pcapdump file is 195.7 KiB.
While in Kismet I can see different networks. The colors in Kismet give an identification of WEP and WPA. I open this pcapdump file in Wireshark. Here I see; time, source, destination, protocol, length, and info.
QUESTION: Why am I not seeing WEP or WPA? Is this the wrong file to open? Are there configurations I need in my Kismet.conf file? Or am I completely on the wrong track here.
QUESTION: I am also getting some of the same networks over again in this file. I can see that, because I see my own and neighbors networks more than once.
Can somebody guide me a little in the right direction.