airdecap-ng

Decrypt WEP capture file

$ airdecap-ng -w [hex_key] [capture.cap]

$ airdecap-ng -p [passphrase] -e [SSID] [capture.cap]

$ airdecap-ng -l [capture.cap]

$ airdecap-ng -p [passphrase] -e [SSID] -b [00:11:22:33:44:55] [capture.cap]

airdecap-ng [-l] [-w key] [-p pass -e essid] [-b bssid] capture-file

airdecap-ng decrypts WEP and WPA/WPA2 encrypted capture files when you know the key. It produces an unencrypted capture file that can be analyzed with tools like Wireshark.
The tool can also strip 802.11 wireless headers to convert captures to standard ethernet format, useful when analyzing the actual network traffic content.

-w key

WEP key in hexadecimal

WPA/WPA2 passphrase

Network name (required for WPA)

Access point MAC address filter

Remove 802.11 header (don't decrypt)

For WPA decryption, you need the passphrase AND the SSID. The capture file must contain the 4-way handshake for initial WPA key derivation. Output file is named input-dec.cap by default.

airdecap-ng is part of the aircrack-ng suite, developed in the mid-2000s. It provides the complementary function to aircrack-ng: once a key is recovered, airdecap-ng can decrypt the traffic for analysis.

aircrack-ng(1), wireshark(1), tcpdump(1)