hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
If you got more information on how many VENDORs still using this fields, please keep us in the loop, here.

BTW:
tshark is a powerfull tool to perform several kinds of analysis and to receive the results directly on the command line. Via simple bash scripts, you can evaluate the results of tshark and hcxdumptool/hcxtools in an easy way. Wireshark's default capture format is pcapng, too. So the tools are nearly 100% compatible to each other.
Only one exception:
tshark/Wireshark can't handle foreign binary custom option fields, well.

This are hcxdumptool options codes to "communicate" with hcxpcangtool or multicapconverter (conversion tool):
Code:
pcapng option codes (Custom Block and/or Section Header Block) used by hcxdumptool:
ENTERPRISE NUMBER        0x2a, 0xce, 0x46, 0xa1
MAGIC NUMBER             0x2a, 0xce, 0x46, 0xa1, 0x79, 0xa0, 0x72, 0x33,
                         0x83, 0x37, 0x27, 0xab, 0x59, 0x33, 0xb3, 0x62,
                         0x45, 0x37, 0x11, 0x47, 0xa7, 0xcf, 0x32, 0x7f,
                         0x8d, 0x69, 0x80, 0xc0, 0x89, 0x5e, 0x5e, 0x98
OPTIONCODE_MACMYORIG     0xf29a (6 byte)
OPTIONCODE_MACMYAP       0xf29b (6 byte)
OPTIONCODE_RC            0xf29c (8 byte)
OPTIONCODE_ANONCE        0xf29d (32 byte)
OPTIONCODE_MACMYSTA      0xf29e (6 byte)
OPTIONCODE_SNONCE        0xf29f (32 byte)
OPTIONCODE_WEAKCANDIDATE 0xf2a0 (64 byte) == 63 characters + zero
OPTIONCODE_GPS           0xf2a1 (max 128 byte)

This are hcxpcapngtool messagepair codes to "communicate" with hashcat:
Code:
Bitmask message pair field used by hcxpcapngtool:
0: MP info (https://hashcat.net/wiki/doku.php?id=hccapx#message_pair_table)
1: MP info (https://hashcat.net/wiki/doku.php?id=hccapx#message_pair_table)
2: MP info (https://hashcat.net/wiki/doku.php?id=hccapx#message_pair_table)
3: x unused
4: ap-less attack (set to 1) - no nonce-error-corrections neccessary
5: LE router detected (set to 1) - nonce-error-corrections only for LE necessary
6: BE router detected (set to 1) - nonce-error-corrections only for BE necessary
7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections definitely necessary
Reply


Messages In This Thread
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by ZerBea - 02-05-2020, 09:10 AM