That behavior is easy to explain. On option --enable_status=1 hcxdumptool will show only PMKIDs and EAPOL messages from connected CLIENTs. All other messages are suppressed.
If you would like to monitor more traffic (e.g. connection attempts), you must enable this by --enable_status=31
If you choose --enable_status=95 you will get an additional alive message every minute
Every ERROR value < 10 is ok. Mostly this are radiotap errors during init of the device.
If you would like to attack CLIENTs, too I recommend to activate beaconing by --active_beacon
The init process on some devices will take some time. Especially on dual or triple band devices, because hcxdumptool request all available frequencies from the device. The more frequencies, the longer the init time.
BTW:
You should know that you're running a driver (rtl8814au) that depend on NETLINK and hcxdumptool doesn't work well on this drivers.
Please take a look at the beginning of your status and you'll see that some information is not present or wrong:
INTERFACE PROTOCOL........: unassociated
INTERFACE TX POWER........: 0 dBm (lowest value reported by the device)
Looks like the interface isn't fully initialized.
Instead of reporting the NETWORK protocol the driver reported the association state which is unusual. Also it doesn't report the tx power.
compared to drivers without NETLINK dependency:
INTERFACE PROTOCOL........: IEEE 802.11
INTERFACE TX POWER........: 20 dBm (lowest value reported by the device)
DRIVER....................: rt2800usb
or
INTERFACE PROTOCOL........: IEEE 802.11
INTERFACE TX POWER........: 20 dBm (lowest value reported by the device)
DRIVER....................: mt7601u
The reason, why I don't use NETLINK stuff is explained here:
https://github.com/ZerBea/hcxdumptool/pu...-858375892
A workaround could be to to activate monitor mode for the device by ip:
Assuming the interface is successfully initialized (by NETLINK commands), start hcxdumptool, that will skip some checks, now:
Please check the status. Is INTERFACE PROTOCOL and INTERFACE POWER correct shown, after setting monitor mode by iw (running NETLINK API)?
Please notice:
It is important to set monitor mode on the phy device and not to add a virtual interface.
If you would like to monitor more traffic (e.g. connection attempts), you must enable this by --enable_status=31
If you choose --enable_status=95 you will get an additional alive message every minute
Code:
10:21:00 2447/8 ERROR:1 INCOMING:1090 AGE:1 OUTGOING:432 PMKIDROGUE:1 PMKID:0 M1M2ROGUE:0 M1M2:0 M2M3:0 M3M4:0 M3M4ZEROED:0 GPS:0If you would like to attack CLIENTs, too I recommend to activate beaconing by --active_beacon
The init process on some devices will take some time. Especially on dual or triple band devices, because hcxdumptool request all available frequencies from the device. The more frequencies, the longer the init time.
BTW:
You should know that you're running a driver (rtl8814au) that depend on NETLINK and hcxdumptool doesn't work well on this drivers.
Please take a look at the beginning of your status and you'll see that some information is not present or wrong:
INTERFACE PROTOCOL........: unassociated
INTERFACE TX POWER........: 0 dBm (lowest value reported by the device)
Looks like the interface isn't fully initialized.
Instead of reporting the NETWORK protocol the driver reported the association state which is unusual. Also it doesn't report the tx power.
compared to drivers without NETLINK dependency:
INTERFACE PROTOCOL........: IEEE 802.11
INTERFACE TX POWER........: 20 dBm (lowest value reported by the device)
DRIVER....................: rt2800usb
or
INTERFACE PROTOCOL........: IEEE 802.11
INTERFACE TX POWER........: 20 dBm (lowest value reported by the device)
DRIVER....................: mt7601u
The reason, why I don't use NETLINK stuff is explained here:
https://github.com/ZerBea/hcxdumptool/pu...-858375892
A workaround could be to to activate monitor mode for the device by ip:
Code:
$ sudo ip link set dev wlan0 down
$ sudo iw dev wlan0 set type monitor
$ sudo ip link set dev wlan0 upCode:
interface is already in monitor mode, skipping ioctl(SIOCSIWMODE) and ioctl(SIOCSIFFLAGS) system callsPlease check the status. Is INTERFACE PROTOCOL and INTERFACE POWER correct shown, after setting monitor mode by iw (running NETLINK API)?
Please notice:
It is important to set monitor mode on the phy device and not to add a virtual interface.