Due to performance reasons, hcxdumptool is designed to run headless by default, e.g. on small systems like this one:
https://github.com/ZerBea/hcxdumptool/wi...g-system-2
Everything that take much CPU cycles and slows hcxdumptool down is limited to an absolute minimum (form always follows function).
That include that only the most common channels (1a, 6a and 11a) are used.
To show retrieved PMKIDs and EAPOL MESSAGE PAIRS add --rds=1 to the command line (1 = sort by status (last PMKID/EAPOL on top)). Now the status display shows only retrieved PMKIDs, EAPOL MESSAGEPAIRs of connected CLIENTs and EAPOL MESSAGEs (M2) from CLIENTs connected to hcxdumptool.
To use all available frequencies, add -F to the command line-
All this (and the meaning of a + in the columms) is explained on -h and --help.
To see if the target is in range, do a rcascan first (-F scans all available frequencies):
If everything is working as expected (driver is working as expected and target(s) are in range), the status display shows the last response time of an AP and a count how many times it has responded. If terminated, you'll get something like this:
If something went wrong, RESPONSE column remains empty and the count is [0].
The exit status is something like this:
In that case, either no target is in range or the driver is broken (most likely) or your system is misconfigured (services that take access to the device are still running).
Make sure you're running latest version of hcxdumptool and hcxtools (6.3.4).
Due to massive driver issues make sure you're running the latest Linux Kernel. and not one of these ones as mentioned below:
https://github.com/ZerBea/hcxdumptool/discussions/465
https://github.com/ZerBea/hcxdumptool/discussions/454
This issues have been fixed since longterm kernel 6.6.44 and stable kernel 6.10.3.
Please note:
The requirements that must meet to show a PMKID or an EAPOL MESSAGEPAIR are much higher than the requirements of hcxpcapngtool.
hcxdumptool is on the fly and we need to ensure to capture a valid PMKID or a valid MESSAGEpAIR.
hcxpcapngtool does the conversion off-line and we have all the time we need to search for the best PMKID or the best EAPOL MESSAGEPAIR.
https://github.com/ZerBea/hcxdumptool/wi...g-system-2
Everything that take much CPU cycles and slows hcxdumptool down is limited to an absolute minimum (form always follows function).
That include that only the most common channels (1a, 6a and 11a) are used.
To show retrieved PMKIDs and EAPOL MESSAGE PAIRS add --rds=1 to the command line (1 = sort by status (last PMKID/EAPOL on top)). Now the status display shows only retrieved PMKIDs, EAPOL MESSAGEPAIRs of connected CLIENTs and EAPOL MESSAGEs (M2) from CLIENTs connected to hcxdumptool.
To use all available frequencies, add -F to the command line-
All this (and the meaning of a + in the columms) is explained on -h and --help.
To see if the target is in range, do a rcascan first (-F scans all available frequencies):
Code:
$ sudo hcxumptool -i INTERFACE --rcascan=active -FIf everything is working as expected (driver is working as expected and target(s) are in range), the status display shows the last response time of an AP and a count how many times it has responded. If terminated, you'll get something like this:
Code:
^C
374 Packet(s) captured by kernel
22 Packet(s) dropped by kernel
71 PROBERESPONSE(s) capturedIf something went wrong, RESPONSE column remains empty and the count is [0].
The exit status is something like this:
Code:
^C
0 Packet(s) captured by kernel
0 Packet(s) dropped by kernel
Warning: too less packets received (monitor mode may not work as expected)
Possible reasons:
no transmitter in range
frames are filtered out by BPF
driver is broken
Warning: no PROBERESPONSES received (frame injection may not work as expected)
Possible reasons:
no AP in range
frames are filtered out by BPF
driver is broken
driver does not support frame injection
exit on sigtermMake sure you're running latest version of hcxdumptool and hcxtools (6.3.4).
Due to massive driver issues make sure you're running the latest Linux Kernel. and not one of these ones as mentioned below:
https://github.com/ZerBea/hcxdumptool/discussions/465
https://github.com/ZerBea/hcxdumptool/discussions/454
This issues have been fixed since longterm kernel 6.6.44 and stable kernel 6.10.3.
Please note:
The requirements that must meet to show a PMKID or an EAPOL MESSAGEPAIR are much higher than the requirements of hcxpcapngtool.
hcxdumptool is on the fly and we need to ensure to capture a valid PMKID or a valid MESSAGEpAIR.
hcxpcapngtool does the conversion off-line and we have all the time we need to search for the best PMKID or the best EAPOL MESSAGEPAIR.