hcxdumptool - missing frames w/ filtering
#40
Today i’ve tested RPi4 w/_Kali-32bit+ACM36+ powebank 10000 mAh. Onboard HDMI, Bluetooth and Wifi are disabled on boot, scanning time 5 minutes:
1) “Office” (AP was ON), got hashlines from printer, Android 8 and MS Surface 6. Obvious improvement over VMware setup, when i got hashline from printer only.
2) “Safari” (AP was OFF), got all hashlines from all CLIENTs.

Observations:
1) When AP is OFF, scanning channel must be exactly the same, as before leaving (or switching off) AP. Otherwise no traffic captured. Looks like CLIENTs don’t want to connect back to hcxtools AP by essid only, also last known connected channel from real AP must be the same.
2) Difficultness  to get hashline from easiest to most difficult: corporate class printer, Android 8, MS Surface 6, Android 9, MacBook Pro M1. No hasline from iPhone/iPad’s.
3) Most delicate was iPhone SEiii, to reconnect it back to AP after attack, (when scanner was already off), needed to restart, switch on and of WiFi, retype password many times. But no hashline was captured.

Trying now play with Archlinux, but compared to _Kali, Arch installation on RPi looks like real hardcore. They don’t have ready image to flash to SD. Is there any step by step instructions to install Arch on RPi for hcxtools? Please advise, thank you.
Reply


Messages In This Thread
RE: hcxdumptool - missing frames w/ filtering - by pipss - 01-25-2023, 04:24 PM