hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
I have been asked to explain this 2 commadlines and the behavior of the tool

hcxdumptool -i <interface> -o dumpfile.pcap -B blacklistown1 -c 1 -t 5 -D
-B inside are the mac_ap we do not want to deauthenticate or disassociate
-t is the rest time on the chanel
-D run deauthentications/disassociations until we receive the first M2 from a connected client - then stop the attack

hcxdumptool -i <interface> -o dumpfile.pcap -B blacklistown1 -c 1 -t 15
The same like above, but we do not send deauthentications or disassociations.
We are waiting for a client that attempt to connect us by proberequest - than we will answer him with a proberesponse.
If the client accept this, first the authentication, second the association und third transmitting of the M1 follows.
If we got the clients M2 we ack this (like a regualar AP) and stop sending M1.
The complete behavior of the client after this point solely and exclusively depend on his retry counter.
If he is stupid, he will try it again, and again, and again - regardless whether we answer or not.



But let's do some stats:
hcxdumptool -i <interface> -o dumpfile.pcap -B blacklistown1 -c 1 -t 5 -s
running for 2 minutes

$ hcxpcaptool -V dumpfile.pcap
start reading from dumpfile.pcap
                                             
summary:                                        
--------
file name..............: ws2.pcap
file type..............: pcap 2.4
network type...........: DLT_IEEE802_11_RADIO (127)
endianess..............: little endian
read errors............: flawless
packets inside.........: 4532
skipped packets........: 0
packets with FCS.......: 0
WDS packets............: 7
beacons................: 2461
probe requests.........: 38
probe responses........: 147
deauthentications......: 2
disassociations........: 1


The biggest jammers are the APs in the neighbourhood......
Every regular AP transmit every 100ms his stupid and useless BEACON.

Deauthentications and disassociations came from a regular AP - not from us.
So, no DOS and no jamming from us....
Reply


Messages In This Thread
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by ZerBea - 02-06-2018, 06:29 PM
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM