Posts: 1
Threads: 1
Joined: Jan 2019
please help me. i cant convert a WPA / WPA2 pcap
Zero value timestamps detected in file: in/18893_1495309385.cap.
This prevents correct EAPOL-Key timeout calculation.
Do not use preprocess the capture file with tools such as wpaclean.
Posts: 803
Threads: 135
Joined: Feb 2011
01-16-2019, 06:08 PM
(This post was last modified: 01-16-2019, 06:08 PM by Mem5.)
What's the tool & commandline used?
Posts: 374
Threads: 0
Joined: Nov 2017
(01-16-2019, 06:42 AM)helenharry Wrote: please help me. i cant convert a WPA / WPA2 pcap
Zero value timestamps detected in file: in/18893_1495309385.cap.
This prevents correct EAPOL-Key timeout calculation.
Do not use preprocess the capture file with tools such as wpaclean.
your caps were scrubbed meaning they do not have all the essential information for it to convert the cap.
Posts: 1,044
Threads: 2
Joined: Jun 2017
and if you really need to clean up your cap file: tshark is your friend
for output format pcap (cap2hccapx understand this):
tshark -r raw.cap -R "(wlan.fc.type_subtype == 0x00 || wlan.fc.type_subtype == 0x02 || wlan.fc.type_subtype == 0x04 || wlan.fc.type_subtype == 0x05 || wlan.fc.type_subtype == 0x08 || eapol)" -2 -F pcap -w cleaned.pcap
or new pcapng format (hcxpcaptool understand this):
tshark -r raw.cap -R "(wlan.fc.type_subtype == 0x00 || wlan.fc.type_subtype == 0x02 || wlan.fc.type_subtype == 0x04 || wlan.fc.type_subtype == 0x05 || wlan.fc.type_subtype == 0x08 || eapol)" -2 -F pcapng -w cleaned.pcapng