hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Added iw functionality to hcxdumptool.
From now on hcxdumptool will set monitor mode and restore old interface settings when terminated. You do not need to run iw, ip, iwconfig, ifconfig any longer.
To check this functionality run iw dev <your interface> info

$ iw dev wlp39s0f3u4u5 info
output should be something like this:
Interface wlp39s0f3u4u5
ifindex 4
wdev 0x100000001
addr xx:xx:xx:xx:xx:xx
type managed
wiphy 1
txpower 20.00 dBm

Now run hcxdumptool:
$ sudo hcxdumptool -i wlp39s0f3u4u5 -o capture.pcapng -t 5 --enable_status=3
output should be something like this:
start capturing (stop with ctrl+c)
INTERFACE:...............: wlp39s0f3u4u5
FILTERLIST...............: 0 entries
MAC CLIENT...............: f0a225ccee18 (client)
MAC ACCESS POINT.........: e00db9a6c73b (start NIC)
EAPOL TIMEOUT............: 150000
REPLAYCOUNT..............: 64915
ANONCE...................: 60250eced10289aa05a7d2e2c6dfa991fd236020918235cb8f7bd57d40f1daa0

[10:46:44 - 001] xxxxxxxxxxxx -> f0a225ccee18 networkname [PROBERESPONSE, SEQUENCE 1315, AP CHANNEL 1]

Open second terminal and type this (while hcxdumptool is running in first terminal):
$ iw dev wlp39s0f3u4u5 info
output should be something like this:
Interface wlp39s0f3u4u5
ifindex 4
wdev 0x100000001
addr xx:xx:xx:xx:xx:xx
type monitor
wiphy 1
channel 1 (2412 MHz), width: 20 MHz (no HT), center1: 2412 MHz
txpower 20.00 dBm

Terminate hcxddumptool (Ctrl +c) and retrieve interface info
$ iw dev wlp39s0f3u4u5 info
output should be something like this:
Interface wlp39s0f3u4u5
ifindex 4
wdev 0x100000001
addr xx:xx:xx:xx:xx:xx
type managed
wiphy 1
txpower 20.00 dBm

Keep in mind:
hcxdumptool will not stop other services that takes access to the interface - you must do it!
Reply


Messages In This Thread
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by ZerBea - 08-30-2018, 10:53 AM