One last question: Which options have you used to capture the dumpfile?
I noticed that all(!) undirected proberequest frames are not present (filtered out).
This frames may contain information about PSKs. So it is definitely not a good idea to remove them from your cap file!
BTW:
Again, thanks for the cap file. It reminded me to add several warnings (hcxpcapngtool), to inform about missing frames, zeroed timestamps, broken timestamps, bit errors (PLCP errors).
I noticed that all(!) undirected proberequest frames are not present (filtered out).
This frames may contain information about PSKs. So it is definitely not a good idea to remove them from your cap file!
Code:
$ hcxpcapngtool ptcl_l2-test-01.cap
reading from ptcl_l2-test-01.cap...
summary capture file
--------------------
file name................................: ptcl_l2-test-01.cap
version (pcap/cap).......................: 2.4 (very basic format without any additional information)
timestamp minimum (GMT)..................: 22.01.2020 23:09:00
timestamp maximum (GMT)..................: 22.01.2020 23:11:52
link layer header type...................: DLT_IEEE802_11 (105)
endianess (capture system)...............: little endian
packets inside...........................: 70694
BEACON (total)...........................: 1
PROBEREQUEST (directed)..................: 17
PROBERESONSE.............................: 574
DEAUTHENTICATION (total).................: 10779
DISASSOCIATION (total)...................: 4
AUTHENTICATION (total)...................: 30
AUTHENTICATION (OPEN SYSTEM).............: 30
ASSOCIATIONREQUEST (total)...............: 7
ASSOCIATIONREQUEST (PSK).................: 7
REASSOCIATIONREQUEST (total).............: 6
REASSOCIATIONREQUEST (PSK)...............: 6
WPA encrypted............................: 17929
EAPOL messages (total)...................: 275
EAPOL RSN messages.......................: 275
ESSID (total unique).....................: 1
EAPOLTIME gap (measured maximum usec)....: 518630
REPLAYCOUNT gap for NC (measured maximum): 6
EAPOL M1 messages........................: 264
EAPOL M2 messages........................: 4
EAPOL M3 messages........................: 5
EAPOL M4 messages........................: 2
EAPOL pairs (total)......................: 26
EAPOL pairs (best).......................: 1
EAPOL M12E2..............................: 1
PMKID (total)............................: 270
PMKID (best).............................: 3
Warning: missing frames!
This dump file contains no undirected proberequest frames.
An undirected proberequest may contain information about the PSK.
That makes it hard to recover the PSK.BTW:
Again, thanks for the cap file. It reminded me to add several warnings (hcxpcapngtool), to inform about missing frames, zeroed timestamps, broken timestamps, bit errors (PLCP errors).