Running this combination:
nonce-error-corrections is in automatic mode. Mostly it is set to 0 by automatic on hcxdumptool captured traffic.
The last field of a 22000 hash line will show you this.
You can override the automatic on all three tools running:
Or you can disable the automatic, running hashcat --nonce-error-corrections=0
Additional, you can use the suggested (measured) value from hcxpcapngtool to override the automatic:
Please keep in mind:
This will work in combination of hcxdumptool/hcxtools/hashcat only! Running other tools (especially for capturing WiFi traffic), you should enable hashcat --nonce-error-corrections >= 8!
As an alternative to hcxpcapngtool you can use multicapconverter:
https://github.com/s77rt/multicapconverter
Less options, but more portable than hcxpcapngtool.
Code:
hcxdumptool -> hcxpcapngtool -> hashcatThe last field of a 22000 hash line will show you this.
You can override the automatic on all three tools running:
Code:
hcxdumptool --eapoltimeout > 20000 -> hcxpcapngtool --nonce-error-corrections > 0 -> hashcat --nonce-error-corrections > 0Additional, you can use the suggested (measured) value from hcxpcapngtool to override the automatic:
Code:
EAPOL ANONCE error corrections (NC)......: working
REPLAYCOUNT gap (suggested NC)...........: 81
hashcat -m 22000 --nonce-error-corrections=81Please keep in mind:
This will work in combination of hcxdumptool/hcxtools/hashcat only! Running other tools (especially for capturing WiFi traffic), you should enable hashcat --nonce-error-corrections >= 8!
As an alternative to hcxpcapngtool you can use multicapconverter:
https://github.com/s77rt/multicapconverter
Less options, but more portable than hcxpcapngtool.