hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
We have some bad issues in radioptap and/or wireshark.
read more about the issue here:
https://github.com/secdev/scapy/issues/1465

hcxpcaptool and hcxdumptool will ignore this issues.

Get example pcap from here:
https://github.com/secdev/scapy/files/20...t.pcap.txt
and rename to rt_ext.pcap (not neccessary for hcxpcaptool, but wireshark requiere this).

$ hcxpcaptool -V *.pcap
start reading from rt_ext.pcap
summary:
--------
file name....................: rt_ext.pcap
file type....................: pcap 2.4
network type.................: DLT_IEEE802_11_RADIO (127)
endianess....................: little endian
read errors..................: flawless
packets inside...............: 10
skipped packets..............: 0
packets with FCS.............: 10
beacons (with ESSID inside)..: 9

and compare to wireshark output (Malformed Packet)!

BTW:
Normally hcxtools are not interested in evaluation of BEACON frames, but BEACON frames which contain an ESSID are counted by hcxpcaptool.
AUTHENTICATION, ASSOCIATIONREQUEST, ASSOCIATIONRESPONSE, REASSOCIATIONREQUEST, REASSOCIATIONRESPONSE frames contains more and important informations than stupid BEACON frames.
So do not use tools which remove (clean) this frames from your capfiles!
Reply


Messages In This Thread
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by ZerBea - 07-15-2018, 11:50 AM