12-17-2019, 09:24 AM
cap2hccapx, hcxpcaptool and hcxpcapng tool calculating EAPOL time values (count time between EAPOL messages), because you can't trust the RC in case of a packet loss (therefore we have nonce-error-corrections, too).
If this values are outside the defined EAPOL timer values, the hash will not be converted.
Additional hcxpcaptool has options to control this behavior:
--ignore-replaycount : allow not replaycount checked best handshakes
--time-error-corrections=<digit> : maximum time gap between EAPOL frames - EAPOL TIMEOUT (default: 600s)
--nonce-error-corrections=<digit> : maximum replycount/nonce gap to be converted (default: 8)
example: --nonce-error-corrections=60
convert handshakes up to a possible packetloss of 59 packets
hashcat nonce-error-corrections should be twice as much as hcxpcaptool value
hcxpcapngtool (provide new hashmode 22000) have them too:
--eapoltimeout=<digit> : set EAPOL TIMEOUT (milliseconds)
: default: 20 ms
--nonce-error-corrections=<digit> : set nonce error correction
warning: values > 0 can lead to uncrackable handshakes
: default: 0
Read more about this timers, used by APs, here:
https://community.cisco.com/t5/wireless-...-p/3122477
If this values are outside the defined EAPOL timer values, the hash will not be converted.
Additional hcxpcaptool has options to control this behavior:
--ignore-replaycount : allow not replaycount checked best handshakes
--time-error-corrections=<digit> : maximum time gap between EAPOL frames - EAPOL TIMEOUT (default: 600s)
--nonce-error-corrections=<digit> : maximum replycount/nonce gap to be converted (default: 8)
example: --nonce-error-corrections=60
convert handshakes up to a possible packetloss of 59 packets
hashcat nonce-error-corrections should be twice as much as hcxpcaptool value
hcxpcapngtool (provide new hashmode 22000) have them too:
--eapoltimeout=<digit> : set EAPOL TIMEOUT (milliseconds)
: default: 20 ms
--nonce-error-corrections=<digit> : set nonce error correction
warning: values > 0 can lead to uncrackable handshakes
: default: 0
Read more about this timers, used by APs, here:
https://community.cisco.com/t5/wireless-...-p/3122477