I'll do my very best.
BTW:
Feedback appreciated regarding this commit:
https://github.com/ZerBea/hcxdumptool/co...2d48e02cc5
Target: AP with activated Management Frame Protection (MFP) and (if possible) deactivated PMKID caching and connected CLIENT(s)
$ hcxdumptool -i interface --enable_status=63 --reactive_beacon -c working_channel_of_AP
expected result:
12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx REASSOCIATION (NETWORKNAME)
12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx MP:M1M2 RC:x EAPOLTIME:xxxxx (NETWORKNAME)
12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx MP:M2M3 RC:x EAPOLTIME:xxxxx (NETWORKNAME)
or
12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx REASSOCIATION (NETWORKNAME)
12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx MP:M1M2 RC:xxxxx EAPOLTIME:xxxxx (NETWORKNAME)
or
12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx REASSOCIATION (NETWORKNAME)
12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx MP:M1M2 RC:xxxxxx EAPOLTIME:xxxxx (NETWORKNAME)
12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx MP:M2M3 RC:x EAPOLTIME:xxxxx (NETWORKNAME)
or any combination of this message pairs.
For this test, it is important that the CLIENT is connected before hcxdumtool starts. Only then MFP is active.
If it isn't possible to deactivate PMKID caching, it is very likely that hcxdumptool got a PMKID before MFP is active and stops the attack. In that case please retry it.
Requesting a PMKID is much faster than retrieving a full 4-way handshake.
Read more about MFP (PMF) here:
https://en.wikipedia.org/wiki/IEEE_802.11w-2009
BTW:
Feedback appreciated regarding this commit:
https://github.com/ZerBea/hcxdumptool/co...2d48e02cc5
Target: AP with activated Management Frame Protection (MFP) and (if possible) deactivated PMKID caching and connected CLIENT(s)
$ hcxdumptool -i interface --enable_status=63 --reactive_beacon -c working_channel_of_AP
expected result:
12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx REASSOCIATION (NETWORKNAME)
12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx MP:M1M2 RC:x EAPOLTIME:xxxxx (NETWORKNAME)
12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx MP:M2M3 RC:x EAPOLTIME:xxxxx (NETWORKNAME)
or
12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx REASSOCIATION (NETWORKNAME)
12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx MP:M1M2 RC:xxxxx EAPOLTIME:xxxxx (NETWORKNAME)
or
12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx REASSOCIATION (NETWORKNAME)
12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx MP:M1M2 RC:xxxxxx EAPOLTIME:xxxxx (NETWORKNAME)
12:16:18 6 xxxxxxxxxxxx <-> xxxxxxxxxxxx MP:M2M3 RC:x EAPOLTIME:xxxxx (NETWORKNAME)
or any combination of this message pairs.
For this test, it is important that the CLIENT is connected before hcxdumtool starts. Only then MFP is active.
If it isn't possible to deactivate PMKID caching, it is very likely that hcxdumptool got a PMKID before MFP is active and stops the attack. In that case please retry it.
Requesting a PMKID is much faster than retrieving a full 4-way handshake.
Read more about MFP (PMF) here:
https://en.wikipedia.org/wiki/IEEE_802.11w-2009