@kryplasemv
every client will receive its own (calculated) PMKID from the access point because the MAC addresses are part of the calculation
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)
If you receive 3 of them and MAC_AP and ESSID is the same, you can delete 2 of them and keep only one for calculation, that will make hashcat a little bit faster.
If MAC_AP, MAC_STA and ESSID are the same, but the PMKID is different,
the access point changed the PMK or
it is a Authentication Key Mangement PMKID (EAP, RADIUS, WPA3,...)
hashline:
PMKID:MAC_AP:MAC_STA:ESSID
where MAC_AP is your target access point and the (E)SSID is in HEX-ASCII.
We have some good reasons to use HEX-ASCII:
"These SSIDs can be zero to 32 octets (32 bytes) long, and are, for convenience, usually in a natural language, such as English. The 802.11 standards prior to the 2012 edition did not define any particular encoding/representation for SSIDs, which were expected to be treated and handled as an arbitrary sequence of 0–32 octets that are not limited to printable characters. The IEEE 802.11-2012 defines a tag that the SSID is UTF-8 encoded and when interpreting could contain any non-ISO basic Latin characters within it. Wireless network stacks must still be prepared to handle arbitrary values in the SSID field."
BTW:
Do not run hcxdumptool on monitor interfaces created by airmon-ng.
hcxdumptool run its own monitor mode (without using netlink library libnl).
every client will receive its own (calculated) PMKID from the access point because the MAC addresses are part of the calculation
PMKID = HMAC-SHA1-128(PMK, "PMK Name" | MAC_AP | MAC_STA)
If you receive 3 of them and MAC_AP and ESSID is the same, you can delete 2 of them and keep only one for calculation, that will make hashcat a little bit faster.
If MAC_AP, MAC_STA and ESSID are the same, but the PMKID is different,
the access point changed the PMK or
it is a Authentication Key Mangement PMKID (EAP, RADIUS, WPA3,...)
hashline:
PMKID:MAC_AP:MAC_STA:ESSID
where MAC_AP is your target access point and the (E)SSID is in HEX-ASCII.
We have some good reasons to use HEX-ASCII:
"These SSIDs can be zero to 32 octets (32 bytes) long, and are, for convenience, usually in a natural language, such as English. The 802.11 standards prior to the 2012 edition did not define any particular encoding/representation for SSIDs, which were expected to be treated and handled as an arbitrary sequence of 0–32 octets that are not limited to printable characters. The IEEE 802.11-2012 defines a tag that the SSID is UTF-8 encoded and when interpreting could contain any non-ISO basic Latin characters within it. Wireless network stacks must still be prepared to handle arbitrary values in the SSID field."
BTW:
Do not run hcxdumptool on monitor interfaces created by airmon-ng.
hcxdumptool run its own monitor mode (without using netlink library libnl).