Posts: 1,042
Threads: 2
Joined: Jun 2017
01-06-2018, 03:57 PM
(This post was last modified: 01-06-2018, 06:54 PM by ZerBea.)
Hi hulley.
Do you get pcaperrors?
status should look like this:
$ wlandump-ng -i wlp36s0f3u4u5 -o test.cap -c 1 -t 5 -R -B -s
start capturing on channel 1 using mac_ap 00bb3a8991e5 (stop with ctrl+c)...
14:41:24 3 xxxxxxxxxxxx --> ffffffffffff beacon: networkname1
14:41:34 5 xxxxxxxxxxxx --> ffffffffffff beacon: networkname2
14:41:39 6 xxxxxxxxxxxx --> ffffffffffff beacon: networkname3
14:42:05 11 xxxxxxxxxxxx --> ffffffffffff beacon: networkname4
Channel: 1, received packets: 137, pcaperrors: 0
If you get pcaperrors, there are more services that must be killed.
Well, seems to be a ***The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)*** driver issue (continuosly disconnecting from wifi)
Post in ***The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)*** forum:
(Realtek RTL8192cu) still the problem continues. I am using another usb wireless adapter (Ralink RT3072). no freezing on connection, no interruption in data flow, no breaks. Only the signal looks low.
Posts: 15
Threads: 0
Joined: Mar 2017
01-07-2018, 03:30 PM
(This post was last modified: 01-07-2018, 03:31 PM by hulley.)
(01-06-2018, 03:57 PM)ZerBea Wrote: Hi hulley.
Do you get pcaperrors?
status should look like this:
$ wlandump-ng -i wlp36s0f3u4u5 -o test.cap -c 1 -t 5 -R -B -s
start capturing on channel 1 using mac_ap 00bb3a8991e5 (stop with ctrl+c)...
14:41:24 3 xxxxxxxxxxxx --> ffffffffffff beacon: networkname1
14:41:34 5 xxxxxxxxxxxx --> ffffffffffff beacon: networkname2
14:41:39 6 xxxxxxxxxxxx --> ffffffffffff beacon: networkname3
14:42:05 11 xxxxxxxxxxxx --> ffffffffffff beacon: networkname4
Channel: 1, received packets: 137, pcaperrors: 0
If you get pcaperrors, there are more services that must be killed.
Well, seems to be a ***The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))*** driver issue (continuosly disconnecting from wifi)
Post in ***The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))*** forum:
(Realtek RTL8192cu) still the problem continues. I am using another usb wireless adapter (Ralink RT3072). no freezing on connection, no interruption in data flow, no breaks. Only the signal looks low.
Hi ZerBea!
I had tested the command. No I don't get pcaperrors, infact I never get one. channels change now with the shorter time (-t 5) but it stop at randomly channels. I been researching AWUS036NHR-Driver and its bad news, It seems there is no fixed.
Thanks for your help!
Posts: 1,042
Threads: 2
Joined: Jun 2017
01-07-2018, 05:36 PM
(This post was last modified: 01-07-2018, 05:37 PM by ZerBea.)
Hi hulley.
Right now, the driver situation is a big disaster. Many of the drivers are buggy, "not present" (rtl8812au) or doesn't support monitor mode (r8188eu). And there is no improvement foreseeable!
To make matters worse, latest chipsets requires exact this "ugly" drivers.
So it's possible that you buy a WiFi-adapter xxx rev A (with a working chipset/driver) and a xxx rev B (same case, but newer -not working- chipset/driver).
Posts: 1,042
Threads: 2
Joined: Jun 2017
01-09-2018, 09:36 PM
(This post was last modified: 01-09-2018, 10:30 PM by ZerBea.)
hcxtools moved to v 4.0.2:
- renamed wlandump-rs to hcxdumptool
+get rid of wiringPiDev, libgcrypt and libpcap dependency)
- removed wlancapinfo -> replaced by hcxpcaptool
+get rid of libpcap dependency
+added full pcapng support
+use of wildcards instead of -i option
+full support of big endian files and big endian machines
$ hcxpcaptool -h
hcxpcaptool 4.0.2 (C) 2018 ZeroBeat
usage:
hcxpcaptool <options>
hcxpcaptool <options> [input.pcap] [input.pcap] ...
hcxpcaptool <options> *.cap
hcxpcaptool <options> *.*
options:
-h : show this help
-v : show version
example:
$ hcxpcaptool *.*
start reading from wpa.cap
file type............: pcap 2.4
network type.....: DLT_IEEE802_11 (105)
endianess.........: little endian
packets inside...: 9
read errors.......: flawless
warning............: use of wpaclean detected
Posts: 22
Threads: 2
Joined: Oct 2016
Building on macOS now fails with error:
Code:
Undefined symbols for architecture x86_64:
"_strdupa", referenced from:
_main in hcxpcaptool-996a55.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [build] Error 1
Posts: 1,042
Threads: 2
Joined: Jun 2017
Thanks for reporting this issue.
Should now be fixed with latest update. Please test.
Posts: 22
Threads: 2
Joined: Oct 2016
Posts: 1,042
Threads: 2
Joined: Jun 2017
Hi ee10.
That's fine.
Is zlib part of the SDK? I want to integrate support for gzip compressed pcap/pcapng files using zlib.
Posts: 1,042
Threads: 2
Joined: Jun 2017
01-14-2018, 04:04 PM
(This post was last modified: 01-14-2018, 04:07 PM by ZerBea.)
update on hcxpcaptool:
added support for gzip compressed cap/pcap/pcapng files.
new dependency: zlib!
$ hcxpcaptool -h
hcxpcaptool 4.0.2 (C) 2018 ZeroBeat
usage:
hcxpcaptool <options>
hcxpcaptool <options> [input.pcap] [input.pcap] ...
hcxpcaptool <options> *.cap
hcxpcaptool <options> *.*
options:
-E <file> : output wordlist (autohex enabled) to use as input wordlist for cracker
-I <file> : output identitylist
: needs to be sorted unique
-P <file> : output possible WPA/WPA2 plainmasterkey list
-T <file> : output management traffic information list
: european date : timestamp : mac_sta : mac_ap : essid
-A <file> : output nonce information list
: european date : timestamp : mac_sta : mac_ap : message : replaycount : nonce
-S <file> : output EAPOL information list
: european date : timestamp : mac_sta : mac_ap : message : replaycount : eapol_len : eapol
-H <file> : output dump raw packets in hex
-h : show this help
-v : show version
bitmask for message:
0001 M1
0010 M2
0100 M3
1000 M4
example:
$ hcxpcaptool test.pcap.gz
decompressing test.pcap.gz to /tmp/test.pcap.gz.tmp
start reading from /tmp/test.pcap.gz.tmp
summary:
--------
file name..............: test.pcap.gz.tmp
file type..............: pcap 2.4
network type...........: DLT_IEEE802_11 (105)
endianess..............: little endian
read errors............: flawless
packets inside.........: 44572
skippedpackets.........: 0
probe requests.........: 3405
probe responses........: 5917
association requests...: 1534
reassociation requests.: 1322
EAPOL packets..........: 30593
EAP packets............: 1731
found..................: EAP type ID
found..................: EAP-TLS Authentication
found..................: EAP-Cisco Wireless Authentication
found..................: EAP-SIM (GSM Subscriber Modules) Authentication
found..................: EAP-TTLS Authentication
found..................: UMTS Authentication and Key Agreement (EAP-AKA)
found..................: PEAP Authentication
Posts: 22
Threads: 2
Joined: Oct 2016
thank you for the continued development