hcxtools filter options
------------------------
To satisfy hashcat, hcxtools have many build-in filteroptions:
1.
The Berkeley Packet Filter (BPF) is a very fast kernel filter.
It allows many filter options (by mac_ap, mac_sta, frametyp, ...)
You have two choices:
a. hard-coded BPF
works for wlandump-ng, wlanresponse and wlancap2hcx together
add your filter string to berkeleyfilter.h
then compile hcxtools
b. soft-coded BPF (option -F)
works for wlandump-ng or wlanresponse or wlancap2hcx
overrides hard-coded BPF
Syntax can be found here:
https://biot.com/capstats/bpf.html
http://www.tcpdump.org/manpages/pcap-filter.7.html
A good idea is to use the BPF only on mac_ap's and/or mac_sta's you don't want to attack!
For example: place the mac's from your own ap and your own devices into the BPF!
2.
For all other cases use the various filter options from wlanhcx2ssid:
-i <file> : input hccapx file
-p <path> : change directory for outputfiles
-a : output file by mac_ap's
-s : output file by mac_sta's
-o : output file by vendor's (oui)
-e : output file by essid's
-E <essid> : output file by part of essid name
-X <essid> : output file by essid name (exactly)
-x <digit> : output by essid len (1 <= 32)
-A <mac_ap> : output file by single mac_ap
-S <mac_sta> : output file by single mac_sta
-O <oui> : output file by single vendor (oui)
-L <mac_list> : input list containing mac_ap's (need -l)
: format of mac_ap's each line: 112233445566
-l <file> : output file (hccapx) by mac_list (need -L)
-w <file> : write only wlandump forced to hccapx file
-W <file> : write only not wlandump forced to hccapx file
-r <file> : write only replaycount checked to hccapx file
-R <file> : write only not replaycount checked to hccapx file
-N <file> : output stripped file (only one record each mac_ap, mac_sta, essid, message_pair combination)
-n <file> : output stripped file (only one record each mac_sta, essid)
-0 <file> : write only MESSAGE_PAIR_M12E2 to hccapx file
-1 <file> : write only MESSAGE_PAIR_M14E4 to hccapx file
-2 <file> : write only MESSAGE_PAIR_M32E2 to hccapx file
-3 <file> : write only MESSAGE_PAIR_M32E3 to hccapx file
-4 <file> : write only MESSAGE_PAIR_M34E3 to hccapx file
-5 <file> : write only MESSAGE_PAIR_M34E4 to hccapx file
------------------------
To satisfy hashcat, hcxtools have many build-in filteroptions:
1.
The Berkeley Packet Filter (BPF) is a very fast kernel filter.
It allows many filter options (by mac_ap, mac_sta, frametyp, ...)
You have two choices:
a. hard-coded BPF
works for wlandump-ng, wlanresponse and wlancap2hcx together
add your filter string to berkeleyfilter.h
then compile hcxtools
b. soft-coded BPF (option -F)
works for wlandump-ng or wlanresponse or wlancap2hcx
overrides hard-coded BPF
Syntax can be found here:
https://biot.com/capstats/bpf.html
http://www.tcpdump.org/manpages/pcap-filter.7.html
A good idea is to use the BPF only on mac_ap's and/or mac_sta's you don't want to attack!
For example: place the mac's from your own ap and your own devices into the BPF!
2.
For all other cases use the various filter options from wlanhcx2ssid:
-i <file> : input hccapx file
-p <path> : change directory for outputfiles
-a : output file by mac_ap's
-s : output file by mac_sta's
-o : output file by vendor's (oui)
-e : output file by essid's
-E <essid> : output file by part of essid name
-X <essid> : output file by essid name (exactly)
-x <digit> : output by essid len (1 <= 32)
-A <mac_ap> : output file by single mac_ap
-S <mac_sta> : output file by single mac_sta
-O <oui> : output file by single vendor (oui)
-L <mac_list> : input list containing mac_ap's (need -l)
: format of mac_ap's each line: 112233445566
-l <file> : output file (hccapx) by mac_list (need -L)
-w <file> : write only wlandump forced to hccapx file
-W <file> : write only not wlandump forced to hccapx file
-r <file> : write only replaycount checked to hccapx file
-R <file> : write only not replaycount checked to hccapx file
-N <file> : output stripped file (only one record each mac_ap, mac_sta, essid, message_pair combination)
-n <file> : output stripped file (only one record each mac_sta, essid)
-0 <file> : write only MESSAGE_PAIR_M12E2 to hccapx file
-1 <file> : write only MESSAGE_PAIR_M14E4 to hccapx file
-2 <file> : write only MESSAGE_PAIR_M32E2 to hccapx file
-3 <file> : write only MESSAGE_PAIR_M32E3 to hccapx file
-4 <file> : write only MESSAGE_PAIR_M34E3 to hccapx file
-5 <file> : write only MESSAGE_PAIR_M34E4 to hccapx file