wireshark the cap file, then you see the beacon that broadcast the SSID, mark toggle that beacon, then filter eapol, mark toggle the eapol 1 and 2 in sequence.
Then clear the filter en hit enter, that will bring you back to the full cap file
then export specify packets, choose mark packets, there should be 3, put a name ex.: 3_packets_beacon_eapol_1_2.cap
after that cap2haccp in linux,
./cap2hccap.bin 3_packets_beacon_eapol_1_2.cap 3_packets_beacon_eapol_1_2.hccap
works for me every time..
eapol packet need to be in sequence if there are many eapol 1, and 2
m1/4
m1/4
m2/4
m2/4
you take the 2 in the middle that match the same client and ap
*You could see a handshake when you did your capture even if someone try to connect with a wrong wpa key.. Best thing is when you can deauthenticat a client that is already connect.*
check you private message
PS don't put the mac address,ssid,hash public.. Admin don't like that
best of luck
Then clear the filter en hit enter, that will bring you back to the full cap file
then export specify packets, choose mark packets, there should be 3, put a name ex.: 3_packets_beacon_eapol_1_2.cap
after that cap2haccp in linux,
./cap2hccap.bin 3_packets_beacon_eapol_1_2.cap 3_packets_beacon_eapol_1_2.hccap
works for me every time..
eapol packet need to be in sequence if there are many eapol 1, and 2
m1/4
m1/4
m2/4
m2/4
you take the 2 in the middle that match the same client and ap
*You could see a handshake when you did your capture even if someone try to connect with a wrong wpa key.. Best thing is when you can deauthenticat a client that is already connect.*
check you private message
PS don't put the mac address,ssid,hash public.. Admin don't like that
best of luck