hashcat Forum Support hashcat v
Can't convert cap file to 22000

Threaded Mode
Can't convert cap file to 22000
Fallenman Offline
Junior Member
**
Posts: 1
Threads: 1
Joined: Feb 2026
#1
Star  02-01-2026, 08:31 PM
Hello , I'm need little help , i'm can't convert cap file to 22000
i'm try https://www.onlinehashcrack.com/tools-ca...verter.php and this https://hashcat.net/cap2hashcat/
but this don't worked

how i'm can convert? please help

cap file right here https://dropmefiles.com/TsWqY
Find
Reply
ZerBea Offline
Moderator
*****
Posts: 1,062
Threads: 2
Joined: Jun 2017
#2
02-01-2026, 10:01 PM (This post was last modified: Yesterday, 10:26 AM by ZerBea.)
The handshake is a "FT using PSK" handshake. This is neither supported by hashcat nor by john. That is the reason why hcxpcapngtool does not convert it.

Take a look at packet nr 4247:
Code:
Auth Key Management (AKM) List 00:0f:ac (Ieee 802.11) FT using PSK
    Auth Key Management (AKM) Suite: 00:0f:ac (Ieee 802.11) FT using PSK
        Auth Key Management (AKM) OUI: 00:0f:ac (Ieee 802.11)
        Auth Key Management (AKM) type: FT using PSK (4)

hcxpcapngtool told you that:
Code:
ASSOCIATIONREQUEST (FT using PSK)........: 2
WPA encrypted............................: 188
EAPOL messages (total)...................: 5
EAPOL RSN messages.......................: 5
EAPOL ANONCE error corrections (NC)......: not detected
EAPOL M1 messages (total)................: 1
EAPOL M2 messages (total)................: 1
EAPOL M2 messages (oversized)............: 1 (not supported by hashcat/JtR)
EAPOL M3 messages (total)................: 1
EAPOL M3 messages (oversized)............: 1 (not supported by hashcat/JtR)
EAPOL M4 messages (total)................: 2
EAPOL M4 messages (zeroed NONCE).........: 2
packet read error........................: 1

Information: no hashes written to hash files

And it shows a lot (really a lot) of warnings:
Code:
Information: limited dump file format detected!
This file format is a very basic format to save captured network data.
It is recommended to use PCAP Next Generation dump file format (or pcapng for short) instead. The PCAP Next Generation dump file format is an attempt to overcome the limitations of the currently widely used (but very limited) libpcap (cap, pcap) format.
https://www.wireshark.org/docs/wsug_html_chunked/AppFiles.html#ChAppFilesCaptureFilesSection
https://github.com/pcapng/pcapng

Information: radiotap header is missing!
Radiotap is a de facto standard for 802.11 frame injection and reception. The radiotap header format is a mechanism to supply additional information about frames, from the driver to userspace applications.
https://www.radiotap.org/

Warning: too many deauthentication/disassociation frames detected!
That can cause that an ACCESS POINT change channel, reset EAPOL TIMER, renew ANONCE and set PMKID to zero. This could prevent to calculate a valid EAPOL MESSAGE PAIR, to get a valid PMKID or to decrypt the traffic.

Information: missing frames!
This dump file does not contain undirected proberequest frames.
An undirected proberequest may contain information about the PSK. It always happens if the capture file was cleaned or it could happen if filter options are used during capturing.
That makes it hard to recover the PSK.
https://github.com/ZerBea/hcxdumptool/discussions/526

Information: missing frames!
This dump file does not contain enough EAPOL M1 frames.
It always happens if the capture file was cleaned or it could happen if filter options are used during capturing.
That makes it impossible to calculate nonce-error-correction values.
https://hashcat.net/forum/thread-6361.html

The ACCESS POINT announces that it accepts PSK beside "FT using PSK".
Take a look at packet nr 8:
Code:
Auth Key Management (AKM) Suite Count: 2
Auth Key Management (AKM) List 00:0f:ac (Ieee 802.11) PSK 00:0f:ac (Ieee 802.11) FT using PSK
    Auth Key Management (AKM) Suite: 00:0f:ac (Ieee 802.11) PSK
        Auth Key Management (AKM) OUI: 00:0f:ac (Ieee 802.11)
        Auth Key Management (AKM) type: PSK (2)
    Auth Key Management (AKM) Suite: 00:0f:ac (Ieee 802.11) FT using PSK
        Auth Key Management (AKM) OUI: 00:0f:ac (Ieee 802.11)
        Auth Key Management (AKM) type: FT using PSK (4)

To retrieve a proper handshake and to avoid all this warnings, use an attack tool
- that is able to force an AUTHENTICATION KEY MANAGEMENT suite (PSK instead of "FT using PSK") hashcat or john can work on and
- that is designed for collaboration with hashcat or john.

A how to is here:
https://hashcat.net/wiki/doku.php?id=cracking_wpawpa2
and here:
https://github.com/ZerBea/hcxdumptool/bl...example.md

Important note:
Always analyze the target (by tshark or Wireshark) before you attack it.

The tool you used flooded the entire channel with useless DEAUTHENTICATION frames!
Code:
$ tshark -r handshake_Marta_50-FF-20-B4-E8-95_2026-02-01T07-31-49.cap  -Y "wlan.fc.type_subtype == 0x0c" -o 'gui.column.format:"No.","%m","Time","%t","Protocol","%p","Length","%L","Info","%i"'
Find
Reply