according to many user requests:
merged wlanresponse and wlandump-ng
refactored wlandump-ng and removed wlanresponse
wlandump-ng
----------------
- waterfall status
- improved deauthentication
stop when retrieved one complete handshake (M1-M4) from ap <-> client
- improved disassociation
stop when received one complete handshake (M1-M4) from ap <-> client
- send one undirected proberequest to broadcast after channel change
- improved expanded EAPOL handling
- improved authentication
- improved beaconing on proberequests
- now wlandump-ng is passive by default (only receive) - transmit must be enabled
- changed / new options:
-R : enable to respond to all requests
-D : enable deauthentications
-d : enable disassociations
-E <digit> : stop deauthentications and disassociations if xx complete handshakes received
: default = 1 complete handshake (M1-M4)
-U : send one undirected proberequest to broadcast after channel change
-B : enable beaconing on last proberequest
-s : enable status messages\n"
localtime, channel, mac_ap, mac_sta, information
11:02:52 11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M1M2 handshake (forced)
11:01:45 11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M1M2 handshake (forced-retransmission)
11:03:57 11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M1M2 handshake (not verified)
11:03:57 11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M2M3 handshake (verified)
11:03:57 11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M3M4 handshake (established)
and full detection of WPS:
16:36:13 1 xxxxxxxxxxxx --> xxxxxxxxxxxx identity request: hello
16:36:13 1 xxxxxxxxxxxx <-- xxxxxxxxxxxx identity response: WFA-SimpleConfig-Registrar-1-0
16:36:14 1 xxxxxxxxxxxx --> xxxxxxxxxxxx WPS-M1 message
16:36:14 1 xxxxxxxxxxxx <-- xxxxxxxxxxxx WPS-M2 message
16:36:16 1 xxxxxxxxxxxx --> xxxxxxxxxxxx WPS-M3 message
16:36:16 1 xxxxxxxxxxxx <-- xxxxxxxxxxxx WPS-M4 message
16:36:16 1 xxxxxxxxxxxx --> xxxxxxxxxxxx WPS-M5 message
16:36:16 1 xxxxxxxxxxxx <-- xxxxxxxxxxxx WPS-M6 message
16:36:16 1 xxxxxxxxxxxx --> xxxxxxxxxxxx WPS-M7 message
16:36:16 1 xxxxxxxxxxxx <-- xxxxxxxxxxxx WPS-M8 message
aggressive mode:
wlandump-ng -i <device> -o output.cap -c 1 -t 4 -D -d -E 2 -R -U -B
wlandump-ng attacks everything - deauthentication/disassociation stops when 2 complete handshakes retrieved (ap-client)
friendly mode:
wlandump-ng -i $WLANDEV -o output.cap -c 1 -t 120 -R -B
wlandump-ng just looks for clients
silent mode:
wlandump-ng -i $WLANDEV -o output.cap -c 1 -t 120
wlandump-ng doesn't transmit
merged wlanresponse and wlandump-ng
refactored wlandump-ng and removed wlanresponse
wlandump-ng
----------------
- waterfall status
- improved deauthentication
stop when retrieved one complete handshake (M1-M4) from ap <-> client
- improved disassociation
stop when received one complete handshake (M1-M4) from ap <-> client
- send one undirected proberequest to broadcast after channel change
- improved expanded EAPOL handling
- improved authentication
- improved beaconing on proberequests
- now wlandump-ng is passive by default (only receive) - transmit must be enabled
- changed / new options:
-R : enable to respond to all requests
-D : enable deauthentications
-d : enable disassociations
-E <digit> : stop deauthentications and disassociations if xx complete handshakes received
: default = 1 complete handshake (M1-M4)
-U : send one undirected proberequest to broadcast after channel change
-B : enable beaconing on last proberequest
-s : enable status messages\n"
localtime, channel, mac_ap, mac_sta, information
11:02:52 11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M1M2 handshake (forced)
11:01:45 11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M1M2 handshake (forced-retransmission)
11:03:57 11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M1M2 handshake (not verified)
11:03:57 11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M2M3 handshake (verified)
11:03:57 11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M3M4 handshake (established)
and full detection of WPS:
16:36:13 1 xxxxxxxxxxxx --> xxxxxxxxxxxx identity request: hello
16:36:13 1 xxxxxxxxxxxx <-- xxxxxxxxxxxx identity response: WFA-SimpleConfig-Registrar-1-0
16:36:14 1 xxxxxxxxxxxx --> xxxxxxxxxxxx WPS-M1 message
16:36:14 1 xxxxxxxxxxxx <-- xxxxxxxxxxxx WPS-M2 message
16:36:16 1 xxxxxxxxxxxx --> xxxxxxxxxxxx WPS-M3 message
16:36:16 1 xxxxxxxxxxxx <-- xxxxxxxxxxxx WPS-M4 message
16:36:16 1 xxxxxxxxxxxx --> xxxxxxxxxxxx WPS-M5 message
16:36:16 1 xxxxxxxxxxxx <-- xxxxxxxxxxxx WPS-M6 message
16:36:16 1 xxxxxxxxxxxx --> xxxxxxxxxxxx WPS-M7 message
16:36:16 1 xxxxxxxxxxxx <-- xxxxxxxxxxxx WPS-M8 message
aggressive mode:
wlandump-ng -i <device> -o output.cap -c 1 -t 4 -D -d -E 2 -R -U -B
wlandump-ng attacks everything - deauthentication/disassociation stops when 2 complete handshakes retrieved (ap-client)
friendly mode:
wlandump-ng -i $WLANDEV -o output.cap -c 1 -t 120 -R -B
wlandump-ng just looks for clients
silent mode:
wlandump-ng -i $WLANDEV -o output.cap -c 1 -t 120
wlandump-ng doesn't transmit