Capturing network packets

tcpdump is a common packet sniffer that allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. It was originally written by several people working in the Lawrence Berkeley Laboratory; now distributed under a permissive free software licence, and works on most Unix-like operating systems. There are also a few ports of tcpdump for Windows.

All existing packet sniffers can export the packets in tcpdump format:

In addition, EWSA supports the 'native' file format produced by CommView for Wi-Fi software.

The captured data should contain the full authentication handshake from a real client and the access point. Please note that the program does not work with the packets where linktype is LINKTYPE_ETHERNET (they come from wired, not wireless networks).