(02-22-2015, 06:51 AM)fonzy35 Wrote: wireshark the cap file, then you see the beacon that broadcast the SSID, mark toggle that beacon, then filter eapol, mark toggle the eapol 1 and 2 in sequence.
Then clear the filter en hit enter, that will bring you back to the full cap file
then export specify packets, choose mark packets, there should be 3, put a name ex.: 3_packets_beacon_eapol_1_2.cap
after that cap2haccp in linux,
./cap2hccap.bin 3_packets_beacon_eapol_1_2.cap 3_packets_beacon_eapol_1_2.hccap
works for me every time..
eapol packet need to be in sequence if there are many eapol 1, and 2
m1/4
m1/4
m2/4
m2/4
you take the 2 in the middle that match the same client and ap
*You could see a handshake when you did your capture even if someone try to connect with a wrong wpa key.. Best thing is when you can deauthenticat a client that is already connect.*
check you private message
PS don't put the mac address,ssid,hash public.. Admin don't like that
best of luck
Thanks for that info regarding wireshark, I knew it could be done that way but for the life of me I couldn't remember how to or find info on how to do it! I have already been trying to crack this network and am about half way through but felt it time to ask in the right place if the cap was any good as I hadn't found anything yet (strange logic I know but hey!) I will edit my previous post and omit the info you mentioned to stay within the rules. Thanks again.