Hcxdumptools Not Picking Up Data
#4
(12-07-2021, 09:11 AM)ZerBea Wrote: There are EAPOL messages from REASSOCIATION attack 20:48:05 2417/2 EAPOL:M1M2
There are EAPOL messages from attacks against CLIENT: 20:48:15 2427/4 EAPOL:M1M2ROGUE
There are PMKIDs 20:50:33 2412/1 PMKIDROGUE
There are PROBERESONSEs on 5Ghz band

We can assume that all attacks are working as expected (however I recommend to add --active_beacon option).

Unfortunately you received this ERROR message,
Code:
failed to read packet: Network is down
because hcxdumptool detected a broken socket.
That can be caused if another tool has access to the interface (in your case NetworkManager and wpa_supplicant).
That also can be caused when running in a VM:
https://github.com/ZerBea/hcxdumptool/issues/196

As ciccio17 mentioned above, you have make sure that hcxdumptool has full access to the device. You have to stop all services that take access to the interface. That include all services of the HOST (in case if running within a VM - which is not recommended), too.

To get more information, use --enable_status=95

Code:
-enable_status=<digit>            : enable real-time display (waterfall)
                                    only incoming traffic
                                    each message is displayed only once at the first occurrence to avoid spamming the real-time display
                                    bitmask:
                                        0: no status (default)
                                        1: EAPOL
                                        2: ASSOCIATION and REASSOCIATION
                                        4: AUTHENTICATION
                                        8: BEACON and PROBERESPONSE
                                        16: ROGUE AP
                                        64: internal status (once a minute)


From --help:
Code:
$ hcxdumptool -h
hcxdumptool 6.2.5-5-gb29b655  (C) 2021 ZeroBeat
usage  : hcxdumptool <options>
        press ctrl+c to terminate hcxdumptool
        press GPIO button to terminate hcxdumptool
        hardware modification is necessary, read more:
        https://github.com/ZerBea/hcxdumptool/tree/master/docs
        do not set monitor mode by third party tools (iwconfig, iw, airmon-ng)
        do not run hcxdumptool on logical (NETLINK) interfaces (monx, wlanxmon, prismx, ...) created by airmon-ng and iw
        do not run hcxdumtool on virtual machines or emulators
        do not run hcxdumptool in combination with tools (channel hopper), that take access to the interface (except: tshark, wireshark, tcpdump)
        do not use tools like machcanger, because hcxdumptool run its own MAC space and will ignore this changes
        stop all this services (e.g.: wpa_supplicant.service, NetworkManager.service) that take access to the interface


BTW:
To allow packet injection on 5GHz band it is mandatory to set the wireless regulatory domain to a country code which allow this!
The default setting on most distributions will not allow it:
Code:
$ sudo iw reg get
global
country 00: DFS-UNSET
(2402 - 2472 @ 40), (N/A, 20), (N/A)
(2457 - 2482 @ 20), (N/A, 20), (N/A), AUTO-BW, PASSIVE-SCAN
(2474 - 2494 @ 20), (N/A, 20), (N/A), NO-OFDM, PASSIVE-SCAN
(5170 - 5250 @ 80), (N/A, 20), (N/A), AUTO-BW, PASSIVE-SCAN
(5250 - 5330 @ 80), (N/A, 20), (0 ms), DFS, AUTO-BW, PASSIVE-SCAN
(5490 - 5730 @ 160), (N/A, 20), (0 ms), DFS, PASSIVE-SCAN
(5735 - 5835 @ 80), (N/A, 20), (N/A), PASSIVE-SCAN
(57240 - 63720 @ 2160), (N/A, 0), (N/A)

versus, e.g.:
Code:
$ sudo iw reg set US
$ sudo iw reg get
global
country US: DFS-FCC
(2400 - 2472 @ 40), (N/A, 30), (N/A)
(5150 - 5250 @ 80), (N/A, 23), (N/A), AUTO-BW
(5250 - 5350 @ 80), (N/A, 23), (0 ms), DFS, AUTO-BW
(5470 - 5730 @ 160), (N/A, 23), (0 ms), DFS
(5730 - 5850 @ 80), (N/A, 30), (N/A), AUTO-BW
(5850 - 5895 @ 40), (N/A, 27), (N/A), NO-OUTDOOR, AUTO-BW, PASSIVE-SCAN
(57240 - 71000 @ 2160), (N/A, 40), (N/A)

Please read more here:
https://wiki.archlinux.org/title/Network...and_tricks

Thank you so much for all the time you put in to replying to people's requests. I've learned so much just from reading your input. That being said I'd like to ask you a question to grt a straight and definitive answer. It seems my Raspberry PI runs my wifi cards and software the best with the least issues but unfortunately doesn't have the power to really crack anything with hashcat. So, I've tried installing an external SSD with The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) and it runs okay but the CPU/GPU will not work and Cuda tools or something refused to see the Nvidia drivers I installed. VMs don't allow cpu/gpu use for me either to run hashcat. 

The only thing I can think to do is add a partition on my internal SSD and hope the drivers and all work that way so I can GPU/CPU crack (I have high end equipment for both). As of now my Raspberry PI is the only thing that works exactly as it should and I do have it setup to run awhile on a battery with an ssh from my phone. 

So, all that being said how do you recommend best to be mobile on the go with The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) linux but preserve or even obtain cpu/gpu abilities and preferably have more computing power than a Pi?
Reply


Messages In This Thread
Hcxdumptools Not Picking Up Data - by Rocuronium - 12-07-2021, 12:04 AM
RE: Hcxdumptools Not Picking Up Data - by ZerBea - 12-07-2021, 09:11 AM
RE: Hcxdumptools Not Picking Up Data - by Rocuronium - 12-07-2021, 10:11 AM
RE: Hcxdumptools Not Picking Up Data - by ZerBea - 12-07-2021, 12:07 PM