+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: User Contributions (https://hashcat.net/forum/forum-25.html)
+--- Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats (/thread-6661.html)
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-09-2019
No, hcxdumptool running own monitor mode.
Just stop all tasks which take access to the device and than run hcxdumptool. If you forgot one task, hcxdumptool will tell you that.
airmon-ng running iw. Sometimes iw creates an interface (netlink), which hcxdumptool doesn't like. To get full advantage, hcxdumptool need full access to the physical device. It control the device running ioctl() commands. That is very fast.
Read more here:
https://www.quora.com/What-are-the-differences-between-netlink-sockets-and-ioctl-calls
especially this parts here:
"Netlink messages can be lost for various reasons (e.g. out of memory), while ioctls are generally more reliable due to their immediate-processing nature."
"Control: ioctl should be your first choice, unless there’s an overriding reason, due to its immediacy and reliable delivery."
I fully agree with this!
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - powermi - 06-10-2019
When I try to start without airmon-ng, the command line says that interface is not up.
I use airmon-ng to check kill process too. Any other command alternatives?
Thanks
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-10-2019
Is the interface detected by hcxdumptool?
$ hcxdumptool -I
What is the output of:
$ hcxdumptool -i <interface> -C
and
$ iw dev
To set monitor mode manually:
$ ip link set <interface> down
$ iw dev <interface> set type monitor
$ ip link set <interface> up
$ iw dev <interface> info
The last command (iw dev <interface> info) will show you the status of the interface.
It should look like that:
Interface wlp3s0
ifindex 5
wdev 0x200000001
addr wlp3s0
type monitor
wiphy 2
channel 1 (2412 MHz), width: 20 MHz (no HT), center1: 2412 MHz
txpower 20.00 dBm
If it doesn't look like that (type monitor), your device isn't able to run full monitor mode. In that case, get more info here:
https://wikidevi.com/wiki/Main_Page
For example 1:
$ hcxdumptool -I
wlan interfaces:
c83a35cb08e3 wlp3s0 (rtl8821ae)
warning: NetworkManager is running with pid 464
warning: wpa_supplicant is running with pid 509
You must stop this two tasks, because they have access to the device.
The run hcxdumptool again.
For example 2:
$ hcxdumptool -i wlp3s0 --enable_status=1 -o capture.pcapng
initialization...
warning: NetworkManager is running with pid 464
warning: wpa_supplicant is running with pid 509
interface is not up
failed to init socket
You must stop this two tasks, because they have access to the device.
The run hcxdumptool again.
For example 3:
You can blacklist the capture device in NetworkManager config. In that case you do not need to stop the tasks. Instead run hcxdumptool with option --ignore-warning
$ hcxdumptool --ignore_warning -i wlp3s0 --enable_status=1 -o capture.pcapng
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - powermi - 06-12-2019
those are the detailed results.. fails to start, but it does work after airmon-ng start wlan0.
root@raspberrypiB:/home/pi# hcxdumptool -I
wlan interfaces:
90f652e42668 wlan0 (ath9k_htc)
root@raspberrypiB:/home/pi# hcxdumptool -i wlan0 -C
initialization...
interface is not up
failed to init socket
root@raspberrypiB:/home/pi# ip link set wlan0 down
root@raspberrypiB:/home/pi# iw dev wlan0 set type monitor
root@raspberrypiB:/home/pi# ip link set wlan0 up
root@raspberrypiB:/home/pi# iw dev wlan0 info
Interface wlan0
ifindex 3
wdev 0x1
addr 90:f6:52:e4:26:68
type monitor
wiphy 0
channel 1 (2412 MHz), width: 20 MHz (no HT), center1: 2412 MHz
txpower 20.00 dBm
root@raspberrypiB:/home/pi# hcxdumptool -i wlan0 -o test.pcapng --enable_status=15
initialization...
interface is not up
failed to init socket
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-12-2019
Ok, does this work?
hcxdumptool -i wlan0 -o test.pcapng --enable_status=15 --ignore_warning
Something within your installation is misconfigured or it blocks the device.
Normally it looks like this (TP-LINK TL-WN722):
$ lsusb
ID 0cf3:9271 Qualcomm Atheros Communications AR9271 802.11n
$ hcxdumptool -I
wlan interfaces:
f81a67077d0e wlp3s0f0u2 (ath9k_htc)
hcxdumptool -i wlp3s0f0u2 -C
initialization...
available channels:
1 / 2412MHz (20 dBm)
2 / 2417MHz (20 dBm)
3 / 2422MHz (20 dBm)
4 / 2427MHz (20 dBm)
5 / 2432MHz (20 dBm)
6 / 2437MHz (20 dBm)
7 / 2442MHz (20 dBm)
8 / 2447MHz (20 dBm)
9 / 2452MHz (20 dBm)
10 / 2457MHz (20 dBm)
11 / 2462MHz (20 dBm)
12 / 2467MHz (20 dBm)
13 / 2472MHz (20 dBm)
14 / 2484MHz (20 dBm)
terminated...
and a --do_rcascan will show this results:
$ hcxdumptool -i wlp3s0f0u2 --do_rcascan
...
INFO: cha=6, rx=2825, rx(dropped)=0, tx=179, err=0, aps=23 (19 in range)
-----------------------------------------------------------------------------------
By commit:
https://github.com/ZerBea/hcxdumptool/commit/b12dee39bbd74a486cc81b67ed62d30eed0b5a02
hcxdumptool ignore all warnings related to the current status of the interface. Interface may not work as expected.
Do not report issues related to this option!
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - powermi - 06-12-2019
root@raspberrypiB:/home/pi# hcxdumptool -i wlan0 -o test.pcapng --enable_status=15 --ignore_warning
initialization...
warning: wpa_supplicant is running with pid 416 351
start capturing (stop with ctrl+c)
INTERFACE................: wlan0
ERRORMAX.................: 100 errors
FILTERLIST...............: 0 entries
MAC CLIENT...............: f0a2252d7d8c
MAC ACCESS POINT.........: 7ce4aa77a603 (incremented on every new client)
EAPOL TIMEOUT............: 150000
REPLAYCOUNT..............: 62040
ANONCE...................: 0a9ceaa82c7b721e6962a701ac22f0be2fd973f6ab0d31b32bac210de3c3326e
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - powermi - 06-12-2019
And then starts to capture packages.
and with:
root@raspberrypiB:/home/pi# hcxdumptool -i wlan0 -C --ignore_warning
initialization...
available channels:
1 / 2412MHz (20 dBm)
2 / 2417MHz (20 dBm)
3 / 2422MHz (20 dBm)
4 / 2427MHz (20 dBm)
5 / 2432MHz (20 dBm)
6 / 2437MHz (20 dBm)
7 / 2442MHz (20 dBm)
8 / 2447MHz (20 dBm)
9 / 2452MHz (20 dBm)
10 / 2457MHz (20 dBm)
11 / 2462MHz (20 dBm)
12 / 2467MHz (20 dBm)
13 / 2472MHz (20 dBm)
14 / 2484MHz (20 dBm)
terminated...
Im running Raspbian BTW
thanks a lot
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-12-2019
Ok, Raspbian is a good choice! Easy to install and easy to use. Fine that it works, at least.
Now we know what prevent full access to the interface:
wpa_supplicant is running...
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - powermi - 06-12-2019
So. How could I solve it?
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 06-12-2019
That can be done by systemctl:
systemctl start
systemctl stop
systemctl status
systemctl enable
systemctl disable
Some examples:
Get information about all running services:
$ systemctl | grep running
Get information about all enabled services:
$ systemctl list-unit-files | grep enabled
Get information about service:
$ systemctl status NetworkManager.service
$ systemctl status wpa_supplicant.service
To stop a service:
$ systemctl stop NetworkManager.service
$ systemctl stop wpa_supplicant.service
To start a service permanent:
$ systemctl enable NetworkManager.service
To disable a service permanent:
$ systemctl disable NetworkManager.service