To make it more clear. To get a PSK (by hashcat) you can:
attack AP and get a PMKID - AP must be in range
attack connection between an AP and a connected CLIENT and get 4way handshake (M1M2M3M4) - AP and CLIENT must be in range
attack CLIENT only and get M1M2ROGUE - only CLIENT must be in range (the AP can be located on a different continent )
hcxdumptool provide all three attack modes by default. But the most important mode is the last one (attack a CLIENT), because you can get a lot of useful information from it (undirected PROBEREQUEST, EAP identity, username and an EAPOL M2) to feed hashcat. Due to MAC randomization it is nearly impossible to use a filter on this mode.
attack AP and get a PMKID - AP must be in range
attack connection between an AP and a connected CLIENT and get 4way handshake (M1M2M3M4) - AP and CLIENT must be in range
attack CLIENT only and get M1M2ROGUE - only CLIENT must be in range (the AP can be located on a different continent )
hcxdumptool provide all three attack modes by default. But the most important mode is the last one (attack a CLIENT), because you can get a lot of useful information from it (undirected PROBEREQUEST, EAP identity, username and an EAPOL M2) to feed hashcat. Due to MAC randomization it is nearly impossible to use a filter on this mode.