wpaclean

Clean capture and save only the 4-way handshake and a beacon in the result

$ wpaclean [path/to/result.cap] [path/to/capture.cap]

$ wpaclean [path/to/result.cap] [path/to/capture1.cap path/to/capture2.cap ...]

wpaclean <input.cap> <output.cap>

<input.cap>
    The path to the input capture file (e.g., .cap, .pcap) containing WPA/WPA2 handshakes to be cleaned. This file is typically generated by network sniffers.

<output.cap>
    The path where the cleaned and optimized capture file will be saved. This new file contains only valid and unique handshakes.

wpaclean is a utility primarily used in Wi-Fi security auditing to process capture files (.cap or .pcap) containing WPA/WPA2 handshakes. Its main function is to clean and optimize these files by removing duplicate handshakes, invalid frames, or corrupted entries. This preprocessing step is crucial for efficiency.
By providing a clean input, wpaclean ensures that the data used by password cracking tools like Aircrack-ng or Hashcat is efficient and accurate, thereby improving the success rate and speeding up the cracking process. It simplifies the overall workflow by transforming raw, potentially noisy network captures into a refined and optimized format perfectly suited for subsequent security analysis.

wpaclean is not a standard Linux command included in most default distributions. It is typically found as part of specialized security tool suites (e.g., Aircrack-ng, Hashcat-utils) or as a custom script. Its availability and exact functionality can vary significantly between different distributions or specific tool versions. Users should verify its presence and usage specific to their installed tools.
It primarily focuses on WPA/WPA2 handshakes; it may not handle other capture types or network protocols effectively.

wpaclean is most often employed as an intermediate step in the process of cracking WPA/WPA2 passwords. After capturing raw network traffic using tools like airmon-ng (part of Aircrack-ng) or tcpdump, the resulting capture file may contain various types of packets, including duplicate handshakes or incomplete ones.
wpaclean takes this raw file and produces a refined version that contains only unique, valid handshakes. This significantly reduces the size of the file and improves the performance of subsequent password cracking attempts by ensuring the cracker only processes relevant and correct data.

The concept of cleaning WPA/WPA2 capture files emerged with the increasing need for efficient password cracking against wireless networks. Tools like wpaclean were developed to preprocess large or noisy .cap files, specifically filtering for valid 4-way handshakes. While not a single, universally versioned command, various implementations (often Python scripts or small C utilities) appeared within wireless security toolkits (like Aircrack-ng's ecosystem or Hashcat's utilities) as early as the mid-2000s to streamline the cracking workflow and improve the success rate of password recovery attempts.

aircrack-ng(1), hashcat(1), tshark(1), wireshark(1), tcpdump(1)