ELCOMSOFT.COM » Elcomsoft Wireless Security Auditor

Working with EWSA

Top  Previous  Next

Input data


EWSA (Professional edition only) includes an integrated network sniffer that supports AipPCap adapters, as well as most modern 'generic' consumer models. If you use AirPCap, you need to install its own drivers; with third-party adapters, you need to install a custom NDIS drivers bundled with EWSA.


EWSA also supports the following input data:


tcpdump log

Tamos CommView log

PSPR log

Local Registry

Manual entry


For more details on using the built-in sniffer and importing data from tcpdump and Tamos CommView logs, see Capturing network packets.


Alternatively, you can import the data from a PSPR log, where PSPR stands for Proactive System Password Recovery. When used on a computer with WZC (Wireless Zero Configuration), that program can save the WPA-PSK password hash into a text file (press Export in Misc Features | Wireless network). EWSA can also dump password hashes from the local Registry  (use the Dump Windows WPAPSK hashes menu). Please note that neither PSPR nor EWSA cannot extract hashes in a situation when wireless configuration is driven by a third-party (vendor-supplied) utility instead of WZC.


Finally, you can add the password hash manually.


Program options


CPU Options


Processor utilization: sets the number of CPUs or CPU cores to run the attack. Press Auto detect to set this option automatically according to the number of processors installed. The Summary box shows more information about the OS, machine name, user name, Administrator privileges, and CPU(s).




The Available devices box shows information about compatible video cards or hardware accelerators that can be utilized by EWSA to accelerate the attacks. If multiple cards are installed, all of them will be shown; click to see more information, and check out the Device info box; press Drivers info to get additional information about the video drivers installed. For more information, check out Hardware acceleration.


General options


When attack is over, switch to the next hash item and rerun the attack: if checked, the program will start working on the next handshake after the current one is processed completely (regardless of the result).


Logging: specifies the log level: regular messages, warnings, error messages. You can duplicate all log messages to a file.


Autosave: set an interval to automatically save the attack status. If the program crashes for any reason, the next time you start it, you can restore the attack from the last saved point. The status is also saved when the password is found, the attack is stopped or started, as well as on some other events.


Wireless network snifer: set wireless sniffing  parameters:


Install/reinstall ESNDISMON driver

Minimize program into the tray

Mirror captured packets into a .pcap-file (adds reliability in a case of a crash)

The ability to disable WLAN service when the sniffer starts; helps with some adapters on Windows 7

Deauthentication options (only if two or more adapters are available)


Get more information about Elcomsoft Wireless Security Auditor
Get full version of Elcomsoft Wireless Security Auditor

(c) 2016 ElcomSoft Co.Ltd.