hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Your firmware is old.

[46356.910951] usb 5-4.1.3: Manufacturer: ATHEROS
[46356.910952] usb 5-4.1.3: SerialNumber: 12345
[46356.922044] usb 5-4.1.3: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[46357.202532] usb 5-4.1.3: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[46357.452903] ath9k_htc 5-4.1.3:1.0: ath9k_htc: HTC initialized with 33 credits
[46357.678909] ath9k_htc 5-4.1.3:1.0: ath9k_htc: FW Version: 1.4
[46357.678912] ath9k_htc 5-4.1.3:1.0: FW RMW support: On
[46357.678913] ath: EEPROM regdomain: 0x809c
[46357.678914] ath: EEPROM indicates we should expect a country code
[46357.678915] ath: doing EEPROM country->regdmn map search
[46357.678915] ath: country maps to regdmn code: 0x52
[46357.678916] ath: Country alpha2 being used: CN
[46357.678916] ath: Regpair used: 0x52
[46357.683281] ieee80211 phy1: Atheros AR9271 Rev:1
[46357.684834] ath9k_htc 5-4.1.3:1.0 wlp39s0f3u4u1u3: renamed from wlan0
[46402.096342] device wlp39s0f3u4u1u3 entered promiscuous mode


Your wireless subsystem doesn't allow all possible channels (on 2.4 GHz only 1 to 13).
$ iw reg get
global
country 98: DFS-FCC
(2402 - 2482 @ 40), (N/A, 20), (N/A)
(5170 - 5250 @ 80), (N/A, 23), (N/A), AUTO-BW
(5250 - 5330 @ 80), (N/A, 23), (0 ms), DFS, AUTO-BW
(5735 - 5835 @ 80), (N/A, 30), (N/A)

hcxdumptool default scanlist:
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
34, 36, 38, 40, 42, 44, 46, 48, 52, 56, 58, 60, 62, 64,
100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 147, 149, 151, 153, 155, 157,
161, 165, 167, 169, 184, 188, 192, 196, 200, 204, 208, 212, 216,
So you will run into trouble, if the scan reached a "not allowed channel".
You can try a custom scanlist (-c 1,2,3,4,5,6,7,8,9,10,11)

And the important part of dmesg:
[46402.096342] device wlp39s0f3u4u1u3 entered promiscuous mode
your interface didn't enter promiscuous mode

If everything is fine, hcxdumptool show this status:
$ sudo hcxdumptool -i wlp39s0f3u4u7 -o test.hccapx -s

start capturing (stop with ctrl+c)
INTERFACE: wlp39s0f3u4u7
MAC_AP...: 00259d61542c (rogue access point)
MAC_STA..: f0a225dd6912 (rogue client)
INFO.....: cha=3, rcv=76, err=0

cha (current channel) should change
rcv (received packets) should increase
err (error) should be 0

If this doesn't happen, your system is misconfigured or your driver isn't working as expected.
Reply


Messages In This Thread
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by ZerBea - 04-19-2018, 09:56 PM