Hi ee10.
Everything has a price tag and beautiful status costs performance (if function follows form).
wlandump-ng shows you the network names at the first occurrence or if an association/re-associationrequest is received (option -s).
wlandump-rs is an experimental version, optimized for speed on a raspberry (limited status out). According to latest tests (special thanks to TOXIC and freeroute), we retrieved 20% more (ap-less) handshakes.
Latest device updates (all vendors) makes it necessary to handle additional frames during the authentication process. That costs cpu cycles. So wlandump-rs is designed according to the principle "form follows function".
Later on (>= v 4.1.0), I'll rename this version to hcxdump and I'll add a tool to retrieve detailed informations from the actual pcap file.
example 1 (4h field operation on top of a hill above a little village):
$ wlancap2hcx 201712160914.cap
start reading from 201712160914.cap
28256 packets processed (28256 wlan, 0 lan, 0 loopback)
total 293 usefull wpa handshakes
found 293 WPA2 AES Cipher, HMAC-SHA1
found 255 valid WPA handshakes (retrieved from clients)
nonce-error-corrections is working on that file
found EAP-SIM (GSM Subscriber Modules) Authentication
using a panel antenna (TP-Link TL-ANT2414A)
and a common WiFi dongle (Tenda W311U+)
connected to a Raspberry Pi A+
example 2 (short walk through a capital city during the rush hour):
$ wlancap2hcx 201712141400.cap
start reading from 201712141400.cap
58728 packets processed (58728 wlan, 0 lan, 0 loopback)
total 801 usefull wpa handshakes
found 801 WPA2 AES Cipher, HMAC-SHA1
found 493 valid WPA handshakes (retrieved from clients)
nonce-error-corrections is working on that file
found EAP-SIM (GSM Subscriber Modules) Authentication
found WPS Authentication
using a nano WiFi dongle (ALLNET ALL0235NANO)
connected to a Raspberry Pi B+
example 3 ( 15m short trip by car):
$ wlancap2hcx 201712120033.pcap
start reading from 201712120033.pcap
5385 packets processed (5385 wlan, 0 lan, 0 loopback)
found 102 WPA2 AES Cipher, HMAC-SHA1
found 60 valid WPA handshakes (retrieved from clients)
nonce-error-corrections is working on that file
using a omni magnet D-LINK ANT24-0400 Antenna on top of the car
and a common WiFi dongle (LOGILINK WL0145 - not the A variant as that driver isn't working)
Please do not compare hcxtools (wlandump-ng/sr) with other tools. The main purpose is completely different:
- connect a rechargeable battery pack (15000mAh) to a Raspberry Pi
- connect a WiFi dongle (with or without external antenna) to the Raspberry Pi
- put this into your bag (or the bag of your grandma, if she's on shopping tour) or your car and forget it for the next 10-15 hours
- if you're back home, do the evaluation
There is also no(!) real need to use a high power WiFi dongle as it reduces the time of use dramatically.
It is much better to use less power and a high gain antenna.
Everything has a price tag and beautiful status costs performance (if function follows form).
wlandump-ng shows you the network names at the first occurrence or if an association/re-associationrequest is received (option -s).
wlandump-rs is an experimental version, optimized for speed on a raspberry (limited status out). According to latest tests (special thanks to TOXIC and freeroute), we retrieved 20% more (ap-less) handshakes.
Latest device updates (all vendors) makes it necessary to handle additional frames during the authentication process. That costs cpu cycles. So wlandump-rs is designed according to the principle "form follows function".
Later on (>= v 4.1.0), I'll rename this version to hcxdump and I'll add a tool to retrieve detailed informations from the actual pcap file.
example 1 (4h field operation on top of a hill above a little village):
$ wlancap2hcx 201712160914.cap
start reading from 201712160914.cap
28256 packets processed (28256 wlan, 0 lan, 0 loopback)
total 293 usefull wpa handshakes
found 293 WPA2 AES Cipher, HMAC-SHA1
found 255 valid WPA handshakes (retrieved from clients)
nonce-error-corrections is working on that file
found EAP-SIM (GSM Subscriber Modules) Authentication
using a panel antenna (TP-Link TL-ANT2414A)
and a common WiFi dongle (Tenda W311U+)
connected to a Raspberry Pi A+
example 2 (short walk through a capital city during the rush hour):
$ wlancap2hcx 201712141400.cap
start reading from 201712141400.cap
58728 packets processed (58728 wlan, 0 lan, 0 loopback)
total 801 usefull wpa handshakes
found 801 WPA2 AES Cipher, HMAC-SHA1
found 493 valid WPA handshakes (retrieved from clients)
nonce-error-corrections is working on that file
found EAP-SIM (GSM Subscriber Modules) Authentication
found WPS Authentication
using a nano WiFi dongle (ALLNET ALL0235NANO)
connected to a Raspberry Pi B+
example 3 ( 15m short trip by car):
$ wlancap2hcx 201712120033.pcap
start reading from 201712120033.pcap
5385 packets processed (5385 wlan, 0 lan, 0 loopback)
found 102 WPA2 AES Cipher, HMAC-SHA1
found 60 valid WPA handshakes (retrieved from clients)
nonce-error-corrections is working on that file
using a omni magnet D-LINK ANT24-0400 Antenna on top of the car
and a common WiFi dongle (LOGILINK WL0145 - not the A variant as that driver isn't working)
Please do not compare hcxtools (wlandump-ng/sr) with other tools. The main purpose is completely different:
- connect a rechargeable battery pack (15000mAh) to a Raspberry Pi
- connect a WiFi dongle (with or without external antenna) to the Raspberry Pi
- put this into your bag (or the bag of your grandma, if she's on shopping tour) or your car and forget it for the next 10-15 hours
- if you're back home, do the evaluation
There is also no(!) real need to use a high power WiFi dongle as it reduces the time of use dramatically.
It is much better to use less power and a high gain antenna.