hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
#54
hcxtools filter options
------------------------
To satisfy hashcat, hcxtools have many build-in filteroptions:

1.
The Berkeley Packet Filter (BPF) is a very fast kernel filter.
It allows many filter options (by mac_ap, mac_sta, frametyp, ...)

You have two choices:

a. hard-coded BPF
works for wlandump-ng, wlanresponse and wlancap2hcx together
add your filter string to berkeleyfilter.h
then compile hcxtools
 
b. soft-coded BPF (option -F)
works for wlandump-ng or wlanresponse or wlancap2hcx
overrides hard-coded BPF

Syntax can be found here:
https://biot.com/capstats/bpf.html
http://www.tcpdump.org/manpages/pcap-filter.7.html

A good idea is to use the BPF only on mac_ap's and/or mac_sta's you don't want to attack!
For example: place the mac's from your own ap and your own devices into the BPF!


2.
For all other cases use the various filter options from wlanhcx2ssid:

-i <file>     : input hccapx file
-p <path>     : change directory for outputfiles
-a            : output file by mac_ap's
-s            : output file by mac_sta's
-o            : output file by vendor's (oui)
-e            : output file by essid's
-E <essid>    : output file by part of essid name
-X <essid>    : output file by essid name (exactly)
-x <digit>    : output by essid len (1 <= 32)
-A <mac_ap>   : output file by single mac_ap
-S <mac_sta>  : output file by single mac_sta
-O <oui>      : output file by single vendor (oui)
-L <mac_list> : input list containing mac_ap's (need -l)
             : format of mac_ap's each line: 112233445566
-l <file>     : output file (hccapx) by mac_list (need -L)
-w <file>     : write only wlandump forced to hccapx file
-W <file>     : write only not wlandump forced to hccapx file
-r <file>     : write only replaycount checked to hccapx file
-R <file>     : write only not replaycount checked to hccapx file
-N <file>     : output stripped file (only one record each mac_ap, mac_sta, essid, message_pair combination)
-n <file>     : output stripped file (only one record each mac_sta, essid)
-0 <file>     : write only MESSAGE_PAIR_M12E2 to hccapx file
-1 <file>     : write only MESSAGE_PAIR_M14E4 to hccapx file
-2 <file>     : write only MESSAGE_PAIR_M32E2 to hccapx file
-3 <file>     : write only MESSAGE_PAIR_M32E3 to hccapx file
-4 <file>     : write only MESSAGE_PAIR_M34E3 to hccapx file
-5 <file>     : write only MESSAGE_PAIR_M34E4 to hccapx file
Reply


Messages In This Thread
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by ZerBea - 08-28-2017, 09:10 AM
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM