12-28-2022, 01:23 PM
A single received EAPOL M1 or M3 message is not enough to calculate if nonce-error-corrections is possible. Therefor you need at least 2 M1 or M3 messages from the same AP as explained here:
https://hashcat.net/forum/thread-6361.html
In a case if you got of a PMKID you can ignore the warning of hcxdumptool.
"Another observation that my AP's MAC has two different addresses."
That is correct:
One MAC is the MAC transmitted by the AP
The second one is the MAC calculated and transmitted by hcxdumptool to retrieve its M2.
You'll see EAPOL: M1M2 or M2M3 or M3M4 if the CLIENT connected to your AP
You'll see EAPOL: M1M2ROGUE if the CLIENT connected to the MAC transmitted from hcxdumptool
Filtermode and filterlists do not have an impact on monitoring. Whether this filter options are in use or not does not have any influence on the reception. The filter is active only in transmission branch.
https://hashcat.net/forum/thread-6361.html
In a case if you got of a PMKID you can ignore the warning of hcxdumptool.
"Another observation that my AP's MAC has two different addresses."
That is correct:
One MAC is the MAC transmitted by the AP
The second one is the MAC calculated and transmitted by hcxdumptool to retrieve its M2.
You'll see EAPOL: M1M2 or M2M3 or M3M4 if the CLIENT connected to your AP
You'll see EAPOL: M1M2ROGUE if the CLIENT connected to the MAC transmitted from hcxdumptool
Filtermode and filterlists do not have an impact on monitoring. Whether this filter options are in use or not does not have any influence on the reception. The filter is active only in transmission branch.