Hi RashidMalik.
Nice to hear that.
Q1 What is the difference between these two tools "wlancap2hcx" and "hcxpcaptool"? They seem to have some common functionality? Which one is suitable for which purpose?
It's nearly the same like the difference between wlandump-ng and hcxdumptool:
- wlancap2hcx uses libpcap, hcxpacptool doesn't use it.
- hcxpcaptool supports more formats than wlancap2hcx and the detection of handshakes is much, much better.
(broken ESSIDs, no ESSIDs, broken handshakes...)
- hcxpcaptool has some additional functions
(for example -O to convert all handshakes to hccapx - usefull if an unauthorized client tries some passwords)
- hcxpcaptool is the tool for conversion cap, pcap, pcap-ng, cap.gz to hccapx on wpa-sec
- it will replace wlancap2hcx
Q2 I have switched to hcxdumptool (from wlandump-ng) as you had stated that the later was now outdated.
I have been now using hcxdumptool for about two days and it seems that wlandump tool used to catch more handshakes.
Definitely no. In your case:
hcxdumptool -i wlan1mon -o 14052018-1115am.cap -D -t 15 -s -c 1,2,3,4,5,6,7,8,9,10,11,12,13,14
you disabled attacks against existing connections (-D : do not transmit deauthentications or disassociations)
So you will get only handshakes from AP-less attacks.
Also you can improve your scanlist. Just do a wlanrcascan to see what channels are used in your area (for example 1,6,11). Then create your scanlist: 1,6,11,2,1,6,11,3,1,6,11,4,1,6,11,5,1,6,11,7,1,6,11,8,1,6,11,9,1,6,11,10,1,6,11, 12,1,6,11,13,1,6,11,14,1,6,11
so your commandline could look like this:
hcxdumptool -i wlan1mon -o 14052018-1115am.cap -t 15 -c 1,6,11,2,1,6,11,3,1,6,11,4,1,6,11,5,1,6,11,7,1,6,11,8,1,6,11,9,1,6,11,10,1,6,11, 12,1,6,11,13,1,6,11,14,1,6,11 -s
if you captured enough/all handshakes from APs in your area you can move to:
hcxdumptool -i wlan1mon -o 14052018-1115am.cap -t 15 -c 2,4,6,8,10,12 -s
to attack only new clients on less used channels.
Is it possible that wlandump works better on some platforms (I am on The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)) linux (4.15.0-kali3-amd64)), maybe because it communicates with the system drivers?
Definitely yes - a reason, why I didn't remove it, yet.
Q3 Which linux distribution do you suggest is best for working with hashcat?
That is hard to answer. The recommended distribution is UBUNTU. You get help here in the forum and you can read everything about the installation on the wiki pages.
I prefer arch LINUX. It's not easy to install and even less easy to configure. arch LINUX isn't beginner-friendly.
But ask yourself: I would like to build a cracking system.
-do I need a multimedia distribution?
-do I need an oversized environment (like KDE, Gnome, UNITY) or is LXQT, XFCE better for me?
-do I need all the services started by default (like pulseaudio, networkmanager, wpa-supplicant, and more....)
For example UBUNTU:
https://askubuntu.com/questions/702209/h...untu-15-10
and arch:
systemctl enable acpid.service
systemctl enable avahi-daemon.service
systemctl enable org.cups.cupsd.service
systemctl enable cronie.service
systemctl enable ntpd.service
(no unnecessary services, only what I decided to start)
You can read more here:
https://wiki.archlinux.org/index.php/arc...tributions