@ C-Sky91
Thanks for the cap file. Unfortunately the attached cap file is cleaned deadly. It doesn't contain an ESSID.
Only 4 packets inside:
packet 1: EAPOL M1 - replaycount 1
packet 2: EAPOL M4 (zeroed) - replaycount 2
packet 3: EAPOL M1 replaycount 1 (nonce-error +1)
packet 4: EAPOL M2 replaycount 2
This cap file is useless!
Did you run (too many) deauthentications? EAPOL timer of AP was destroyed between packet 2 and packet 3.
BTW:
If you need to clean a cap file, tshark is a good friend:
$ tshark -r inputcapfile -R "(wlan.fc.type_subtype == 0x00 || wlan.fc.type_subtype == 0x02 || wlan.fc.type_subtype == 0x04 || wlan.fc.type_subtype == 0x05 || wlan.fc.type_subtype == 0x08 || eapol)" -2 -F pcapng -w outputpcapngfile
or (if you prefer ancient formats)
$ tshark -r inputcapfile -R "(wlan.fc.type_subtype == 0x00 || wlan.fc.type_subtype == 0x02 || wlan.fc.type_subtype == 0x04 || wlan.fc.type_subtype == 0x05 || wlan.fc.type_subtype == 0x08 || eapol)" -2 -F pcap -w outputpcapfile
https://cloudshark.io/articles/5-reasons...to-pcapng/
Thanks for the cap file. Unfortunately the attached cap file is cleaned deadly. It doesn't contain an ESSID.
Only 4 packets inside:
packet 1: EAPOL M1 - replaycount 1
packet 2: EAPOL M4 (zeroed) - replaycount 2
packet 3: EAPOL M1 replaycount 1 (nonce-error +1)
packet 4: EAPOL M2 replaycount 2
This cap file is useless!
Did you run (too many) deauthentications? EAPOL timer of AP was destroyed between packet 2 and packet 3.
BTW:
If you need to clean a cap file, tshark is a good friend:
$ tshark -r inputcapfile -R "(wlan.fc.type_subtype == 0x00 || wlan.fc.type_subtype == 0x02 || wlan.fc.type_subtype == 0x04 || wlan.fc.type_subtype == 0x05 || wlan.fc.type_subtype == 0x08 || eapol)" -2 -F pcapng -w outputpcapngfile
or (if you prefer ancient formats)
$ tshark -r inputcapfile -R "(wlan.fc.type_subtype == 0x00 || wlan.fc.type_subtype == 0x02 || wlan.fc.type_subtype == 0x04 || wlan.fc.type_subtype == 0x05 || wlan.fc.type_subtype == 0x08 || eapol)" -2 -F pcap -w outputpcapfile
https://cloudshark.io/articles/5-reasons...to-pcapng/