ELCOMSOFT.COM » Elcomsoft Wireless Security Auditor

Working with EWSA

Top  Previous  Next

Input data


EWSA (Professional edition only) includes an integrated network sniffer that supports AipPCap adapters, as well as most modern 'generic' consumer models. If you use AirPCap, you need to install its own drivers; with 3rd party adapters, you need to install the special/custom NDIS drivers bundled with the program.


The program also supports the following input data:


tcpdump log

Tamos CommView log

PSPR log

Local Registry

Manual entry


For more details on using the built-in sniffer and importing data from tcpdump and Tamos CommView logs, see Capturing network packets chapter.


Alternatively, you can import the data from PSPR log, where PSPR stands for Proactive System Password Recovery. When used on the computer with WZC (Wireless Zero Configuration), that program can save WPA-PSK password hash into the text file (press Export button on Misc Features | Wireless network page); EWSA can also dump password hashes from the local Registry itself (use Dump Windows WPAPSK hashes menu item). Please note that neither PSPR nor EWSA cannot extract hashes in the situation when wireless configuration is driven by 3rd party (vendor-supplied) utility instead of WZC.


Finally, you can add the password hash manually.


Program options


CPU Options


Here you can set the number of CPU(s) or cores to run the attack on (Processor utilization option). Press Auto detect to set this option automatically according to the number of processors you have installed. The Summary box shows more information on your operating system, machine name, user name (and whether you have Administrator privileges), CPU(s) name and speed.




Available devices box shows information about "compatible" video cards (or special hardware accelerators) EWSA can run the attack on. If multiple cards are installed, all of them are shown; select the one you want to get more information about, and look at Device info box; press Drivers info to get additional information about video drivers installed. For more information, consult with Hardware acceleration chapter.


General options


Common: if 'When attack is over, switch to the next hash item and rerun the attack' is checked, them program will start working on the next handshake when current one is processed completely (regardless the result).


Logging: Select what kind of information you want to be printed by the program: regular messages, warnings, error messages. You can also duplicate all log messages to file.


Autosave: set an interval to automatically save attack status. If the program crashes for some reason, next time you start it, you can restore the attack from the last saved point. The status is also saved not just by interval but also when the password is found, the attack is stopper or the new one is set and started etc.


Wireless network snifer: set wireless sniffing  parameters:


install/reinstall ESNDISMON driver

minimize program into the tray

mirror captured packets into .pcap-file (adds program reliability in case it crashes)

an ability to disable WLAN service when the sniffer starts; helps with some adapters on Windows 7

deauthentication options (only if two or more adapters are available)


Get more information about Elcomsoft Wireless Security Auditor
Get full version of Elcomsoft Wireless Security Auditor

(c) 2016 ElcomSoft Co.Ltd.