hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
I suggest to do some tests running two terminals (attached screenshot).
It is important to start the CLIENT first

Code:
Terminal one -> hcxdumdptool in servermode
$ sudo hcxdumptool -i wlp39s0f3u1u6 --enable_status=128
initialization of hcxdumptool 6.2.7-16-g29c1743 (depending on the capabilities of the device, this may take some time)...

Terminal two -> hcxdumptool in client mode (start CLIENT first)
$ hcxdumptool --enable_status=287
initialization of hcxdumptool 6.2.7-16-g29c1743 (depending on the capabilities of the device, this may take some time)...
waiting for hcxdumptool server...
hello hcxdumptool client...

start capturing (stop with ctrl+c)
NMEA 0183 PROTOCOL........: N/A
PHYSICAL INTERFACE........: phy0
INTERFACE NAME............: wlp39s0f3u1u6
INTERFACE PROTOCOL........: IEEE 802.11
INTERFACE TX POWER........: 20 dBm (lowest value reported by the device)
INTERFACE HARDWARE MAC....: 74da38f2038e (not used for the attack)
INTERFACE VIRTUAL MAC.....: 74da38f2038e (not used for the attack)
DRIVER....................: mt7601u
DRIVER VERSION............: 6.0.8-arch1-1
DRIVER FIRMWARE VERSION...: N/A
openSSL version...........: 1.0
ERRORMAX..................: 100 errors
BPF code blocks...........: 0
FILTERLIST ACCESS POINT...: 0 entries
FILTERLIST CLIENT.........: 0 entries
FILTERMODE................: unused
WEAK CANDIDATE............: 12345678
ESSID list................: 0 entries
ACCESS POINT (ROGUE)......: 000da7661a5f (BROADCAST WILDCARD used for the attack)
ACCESS POINT (ROGUE)......: 000da7661a60 (BROADCAST OPEN used for the attack)
ACCESS POINT (ROGUE)......: 000da7661a61 (used for the attack and incremented on every new client)
CLIENT (ROGUE)............: fcc233734714
EAPOLTIMEOUT..............: 20000 usec
EAPOLEAPTIMEOUT...........: 2500000 usec
REPLAYCOUNT...............: 62806
ANONCE....................: 53cef37b4adde1872c4d156fc17515d5892da3a4d77623f3818249d0df24fa5d
SNONCE....................: 54457ea7af879fb903b208ba6d99b5e7a57da8ed82ba7d4f4116718ac574f984

TIME    FREQ/CH  MAC_DEST    MAC_SOURCE  ESSID [FRAME TYPE]

Now play around with the status options until everything is shown as expected.

Please notice:
If the server - clients session is slow or timed out you run into a pselect() error which result in a heavy packet loss on the server. I do not recommend to use WiFi (overlapped channels) or bluetooth.


Attached Files
.png   screenshot1.png (Size: 163.48 KB / Downloads: 5)
Reply


Messages In This Thread
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by ZerBea - 11-17-2022, 01:43 PM