hcxpcaptool does not detect beacon packet

[ZerBea]

The timestamps are completely useless:
$ tshark -r hs_plus_beacon.pcapng -T fields -e frame.number -e frame.time
1 Feb 14, 2020 11:43:57.000000000 CET
2 Feb 14, 2020 11:43:57.000000000 CET
3 Feb 14, 2020 11:43:57.000000001 CET
4 Feb 14, 2020 11:43:57.000000002 CET
5 Feb 14, 2020 11:43:57.000000003 CET


The merged pcapng file is a mixed header file:
DLT_IEEE802_11 (105)
DLT_IEEE802_11_RADIO (127).

Added support (hcxpcapngtool) for multiple interfaces by this commit:
https://github.com/ZerBea/hcxtools/commi...bbfdf54bc1

Code:

hcxpcapngtool -o test.22000 hs_plus_beacon.pcapng
reading from hs_plus_beacon.pcapng...

summary capture file
--------------------
file name................................: hs_plus_beacon.pcapng
version (pcapng).........................: 1.0
operating system.........................: Linux 5.2.0-kali2-amd64
application..............................: Mergecap (Wireshark) 3.0.3 (Git v3.0.3 packaged as 3.0.3-1)
interface name...........................: N/A
interface vendor.........................: 000000
weak candidate...........................: N/A
MAC ACCESS POINT.........................: 000000000000 (incremented on every new client)
MAC CLIENT...............................: 000000000000
REPLAYCOUNT..............................: 0
ANONCE...................................: 0000000000000000000000000000000000000000000000000000000000000000
SNONCE...................................: 0000000000000000000000000000000000000000000000000000000000000000
timestamp minimum (GMT)..................: 14.02.2020 11:43:57
timestamp maximum (GMT)..................: 14.02.2020 11:43:57
used capture interfaces..................: 2
link layer header type...................: DLT_IEEE802_11_RADIO (127)
link layer header type...................: DLT_IEEE802_11 (105)
endianess (capture system)...............: little endian
packets inside...........................: 5
frames with correct FCS..................: 1
BEACON (total)...........................: 1
EAPOL messages (total)...................: 4
EAPOL RSN messages.......................: 4
ESSID (total unique).....................: 1
EAPOLTIME gap (measured maximum usec)....: 1
EAPOL ANONCE error corrections (NC)......: not detected
EAPOL M1 messages........................: 1
EAPOL M2 messages........................: 1
EAPOL M3 messages........................: 1
EAPOL M4 messages........................: 1
EAPOL pairs (total)......................: 2
EAPOL pairs (best).......................: 1
EAPOL pairs written to combi hash file...: 1 (RC checked)
EAPOL M12E2..............................: 1

Warning: missing frames!
This dump file contains no important frames like
authentication, association or reassociation.
That makes it hard to recover the PSK.

Warning: missing frames!
This dump file contains no undirected proberequest frames.
An undirected proberequest may contain information about the PSK.
That makes it hard to recover the PSK.

Warning: missing frames!
This dump file doesn't contain enough EAPOL M1 frames.
That makes it impossible to calculate nonce-error-correction values.

Please keep in mind:
Neither EAPOLTIME calculation nor detection of nonce error correction will work on text2cap converted files, because we are missing original timestamps and multiple M1 frames.

Edit:
By latest commit hcxpcangtool is able to handle tv_nsec from this cap files, too.