hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Are you running an old version? That was fixed by this commit on 27th of January 2022:
https://github.com/ZerBea/hcxdumptool/pu...b2d99a1cae
Code:
$ hcxdumptool -h
hcxdumptool 6.2.5-58-g121c620  (C) 2021 ZeroBeat
usage  : hcxdumptool <options>
         press ctrl+c to terminate hcxdumptool
         press GPIO button to terminate hcxdumptool
         hardware modification is necessary, read more:
         https://github.com/ZerBea/hcxdumptool/tree/master/docs
         do not set monitor mode by third party tools (iwconfig, iw, airmon-ng)
         do not run hcxdumptool on logical (NETLINK) interfaces (monx, wlanxmon, prismx, ...) created by airmon-ng and iw
         do not run hcxdumptool on virtual machines or emulators
         do not run hcxdumptool in combination with tools (channel hopper), that take access to the interface (except: tshark, wireshark, tcpdump)
         do not use tools like macchanger, because hcxdumptool runs its own MAC space and will ignore this changes
         stop all services (e.g.: wpa_supplicant.service, NetworkManager.service) that take access to the interface

short options:
...

Please notice that hcxdumptool/hcxlabtool/hcxtools is not suitable for beginners. From README.md:
- knowledge of radio technology
- knowledge of electromagnetic-wave engineering
- detailed knowledge of 802.11 protocol
- detailed knowledge of key derivation functions
- detailed knowledge of Linux

Regarding this, the default settings are less weird. On other tools you have to enable the attack modes, here you have to disable them. By default, hcxdumptool will request EAP frames from the target in a very short time so that it can be terminated after a few minutes.

BTW:
There are (much) better ways to get an EAPOL M2 frame (the most important frame, because it is unencrypted!) from a CLIENT or a PMKID from an ACCESS POINT than injection stupid DEAUTHENTICATION frames. So there is an option to disable this old school attack:
Code:
--disable_deauthentication         : do not send deauthentication or disassociation frames
                                     affected: conntected clients
Additional, you can choose several other options to disable every single attack and/or to use BPF code, so that the behavior will turn from noisy (aggressive as hell) to silent.

If you are interested in this 802.11 stuff and to take a closer look behind the scenes, I recommend to read:
Code:
802.11 Wireless Networks: The Definitive Guide, O'Reilly, April 2002
Chapter "4.4.1 Frames Classes" is very interesting. Often the reaction of an ACCESS POINT is violent after it received an unexpected class 3 frame or class 2 frame outside the actual authentication state. In that case the ACCESS POINT (not hcxdumptool) will disconnect all(!) connected CLIENTs immediately.
Reply