Are you running an old version? That was fixed by this commit on 27th of January 2022:
https://github.com/ZerBea/hcxdumptool/pu...b2d99a1cae
Please notice that hcxdumptool/hcxlabtool/hcxtools is not suitable for beginners. From README.md:
- knowledge of radio technology
- knowledge of electromagnetic-wave engineering
- detailed knowledge of 802.11 protocol
- detailed knowledge of key derivation functions
- detailed knowledge of Linux
Regarding this, the default settings are less weird. On other tools you have to enable the attack modes, here you have to disable them. By default, hcxdumptool will request EAP frames from the target in a very short time so that it can be terminated after a few minutes.
BTW:
There are (much) better ways to get an EAPOL M2 frame (the most important frame, because it is unencrypted!) from a CLIENT or a PMKID from an ACCESS POINT than injection stupid DEAUTHENTICATION frames. So there is an option to disable this old school attack:
Additional, you can choose several other options to disable every single attack and/or to use BPF code, so that the behavior will turn from noisy (aggressive as hell) to silent.
If you are interested in this 802.11 stuff and to take a closer look behind the scenes, I recommend to read:
Chapter "4.4.1 Frames Classes" is very interesting. Often the reaction of an ACCESS POINT is violent after it received an unexpected class 3 frame or class 2 frame outside the actual authentication state. In that case the ACCESS POINT (not hcxdumptool) will disconnect all(!) connected CLIENTs immediately.
https://github.com/ZerBea/hcxdumptool/pu...b2d99a1cae
Code:
$ hcxdumptool -h
hcxdumptool 6.2.5-58-g121c620 (C) 2021 ZeroBeat
usage : hcxdumptool <options>
press ctrl+c to terminate hcxdumptool
press GPIO button to terminate hcxdumptool
hardware modification is necessary, read more:
https://github.com/ZerBea/hcxdumptool/tree/master/docs
do not set monitor mode by third party tools (iwconfig, iw, airmon-ng)
do not run hcxdumptool on logical (NETLINK) interfaces (monx, wlanxmon, prismx, ...) created by airmon-ng and iw
do not run hcxdumptool on virtual machines or emulators
do not run hcxdumptool in combination with tools (channel hopper), that take access to the interface (except: tshark, wireshark, tcpdump)
do not use tools like macchanger, because hcxdumptool runs its own MAC space and will ignore this changes
stop all services (e.g.: wpa_supplicant.service, NetworkManager.service) that take access to the interface
short options:
...Please notice that hcxdumptool/hcxlabtool/hcxtools is not suitable for beginners. From README.md:
- knowledge of radio technology
- knowledge of electromagnetic-wave engineering
- detailed knowledge of 802.11 protocol
- detailed knowledge of key derivation functions
- detailed knowledge of Linux
Regarding this, the default settings are less weird. On other tools you have to enable the attack modes, here you have to disable them. By default, hcxdumptool will request EAP frames from the target in a very short time so that it can be terminated after a few minutes.
BTW:
There are (much) better ways to get an EAPOL M2 frame (the most important frame, because it is unencrypted!) from a CLIENT or a PMKID from an ACCESS POINT than injection stupid DEAUTHENTICATION frames. So there is an option to disable this old school attack:
Code:
--disable_deauthentication : do not send deauthentication or disassociation frames
affected: conntected clientsIf you are interested in this 802.11 stuff and to take a closer look behind the scenes, I recommend to read:
Code:
802.11 Wireless Networks: The Definitive Guide, O'Reilly, April 2002