small improvement on wlandump-ng and wlancap2hcx:
Added detection of "Fast BSS transition (fast roaming)" authentication and write frames to cap file.
More and more vendors will add "802.11r-2008", so it's time for us to detect it.
https://en.wikipedia.org/wiki/IEEE_802.11r-2008
To test the detection, you can download a demo cap example-ft.pcapng from
here: https://github.com/vanhoefm/krackattacks-test-ap-ft
Then run wlancap2hcx:
$ wlancap2hcx example-ft.pcapng
start reading from example-ft.pcapng
1378 packets processed (1378 wlan, 0 lan, 0 loopback)
total 2 usefull wpa handshakes
found 2 WPA2 AES Cipher, AES-128-CMAC
found Fast BSS transition (fast roaming)
found WPA encrypted data packets
But keep in mind:
We have analyzed hundreds of thousands handshakes:
802.1x Version 2001...............: 2158871
802.1x Version 2004...............: 272160
and found only 18(!) 802.11r inside.
Added detection of "Fast BSS transition (fast roaming)" authentication and write frames to cap file.
More and more vendors will add "802.11r-2008", so it's time for us to detect it.
https://en.wikipedia.org/wiki/IEEE_802.11r-2008
To test the detection, you can download a demo cap example-ft.pcapng from
here: https://github.com/vanhoefm/krackattacks-test-ap-ft
Then run wlancap2hcx:
$ wlancap2hcx example-ft.pcapng
start reading from example-ft.pcapng
1378 packets processed (1378 wlan, 0 lan, 0 loopback)
total 2 usefull wpa handshakes
found 2 WPA2 AES Cipher, AES-128-CMAC
found Fast BSS transition (fast roaming)
found WPA encrypted data packets
But keep in mind:
We have analyzed hundreds of thousands handshakes:
802.1x Version 2001...............: 2158871
802.1x Version 2004...............: 272160
and found only 18(!) 802.11r inside.