02-19-2026, 10:31 PM
Hi,
I have a problem extracting Hashes from a WPA2 Handshake captured using Wireshark/TShark (not at the same time) by monitoring interface that was acting as an AP. I am using hcxpcapngtool but it does not seem to extract any hashes even though it seems to me that valid M1 and M2 from the 4-Way Handshake were captured.
The Tool is giving me the following output:
When looking in my capture I can see Message 1 and Message 2 Packets that belong together and have the Nonces set to valid values. I am attaching the capture because this was just a test not using real values (the password is password).
Do you have any idea on what might be the problem?
I have a problem extracting Hashes from a WPA2 Handshake captured using Wireshark/TShark (not at the same time) by monitoring interface that was acting as an AP. I am using hcxpcapngtool but it does not seem to extract any hashes even though it seems to me that valid M1 and M2 from the 4-Way Handshake were captured.
The Tool is giving me the following output:
Code:
hcxpcapngtool 6.3.5 reading from tshark.pcapng...
summary capture file
--------------------
file name................................: tshark.pcapng
version (pcapng).........................: 1.0
operating system.........................: Linux 6.16.8+The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)-amd64
application..............................: Dumpcap (Wireshark) 4.6.3
interface name...........................: wlan1
interface vendor.........................: 000000
openSSL version..........................: 1.1
weak candidate...........................: N/A
MAC ACCESS POINT.........................: 000000000000 (incremented on every new client)
MAC CLIENT...............................: 000000000000
REPLAYCOUNT..............................: 0
ANONCE...................................: 0000000000000000000000000000000000000000000000000000000000000000
SNONCE...................................: 0000000000000000000000000000000000000000000000000000000000000000
timestamp minimum (timestamp)............: 19.02.2026 16:36:20 (1771518980)
timestamp maximum (timestamp)............: 19.02.2026 16:36:23 (1771518983)
duration of the dump tool (seconds)......: 3
used capture interfaces..................: 1
link layer header type...................: DLT_EN10MB (1)
endianness (capture system)..............: little endian
packets inside...........................: 8
EAPOL ANONCE error corrections (NC)......: not detected
session summary
---------------
processed pcapng files................: 1When looking in my capture I can see Message 1 and Message 2 Packets that belong together and have the Nonces set to valid values. I am attaching the capture because this was just a test not using real values (the password is password).
Do you have any idea on what might be the problem?