hcxdumptool and hcxpcapngtool are able to detect the endianness (BE/LE) of a router.
https://en.wikipedia.org/wiki/Endianness
This value is used to tell hashcat that it should use NC LE (nonce-error-corrections) or NC BE, both (if endianness is not detected) or none. That will speed up hashcat.
NC is explained here:
https://hashcat.net/forum/thread-6361.html
That is a fantastic feature to compensate packet loss (mostly if passive dumpers, e.g. Wireshark are in use, or if stupid deauthentication tools destroyed the authentication sequence).
00001010 is impossible, because bit 3 is reserved and not in use.
00010010 is impossible, because hcxdumptool is not able to calculate a valid M3. To do this, we must know the PSK!
https://en.wikipedia.org/wiki/Endianness
This value is used to tell hashcat that it should use NC LE (nonce-error-corrections) or NC BE, both (if endianness is not detected) or none. That will speed up hashcat.
NC is explained here:
https://hashcat.net/forum/thread-6361.html
That is a fantastic feature to compensate packet loss (mostly if passive dumpers, e.g. Wireshark are in use, or if stupid deauthentication tools destroyed the authentication sequence).
Code:
0x10 = 00010000
.....000 = M1+M2, EAPOL from M2 (challenge)
...1.... = hcxdumptool requested M2 from CLIENT (ap-less attack)
nonce-error-corrections not required because packet loss is impossible
0xc0 = 11000000
.....000 = M1+M2, EAPOL from M2 (challenge)
.1...... = big endian (BE) router detected
1....... = hashcat must use at least default NC value +-8 (in this case only NC BE)00001010 is impossible, because bit 3 is reserved and not in use.
00010010 is impossible, because hcxdumptool is not able to calculate a valid M3. To do this, we must know the PSK!