Posts: 2
Threads: 1
Joined: Oct 2022
Hi,
To run hcxdumptool you need to stop services that access wireless interfaces (like network monitor and wpa supplicant) and so you lose all connectivity to the box.
I was wondering if it is possible to keep a wireless connection alive, using a second wireless interface, while running hcxdumptool.
I tested to restart the services while capturing and it seems to work fine, interface 2 capturing and interface 1 connected. However, if I was remote connected I couldn't restart it, as remote session would be lost when services got stopped.
Any ideas on how to do that?
Thanks in advance
Posts: 1,042
Threads: 2
Joined: Jun 2017
10-20-2022, 10:40 AM
(This post was last modified: 10-20-2022, 10:40 AM by ZerBea.)
Edit NetworkManager config to ignore the device that hcxdumptool use:
https://wiki.archlinux.org/title/NetworkManager
explained in chapter 7.7 Ignore specific devices
use BPF code to ignore the second device which is used for remote control and the router to which it is connected
Code:
--bpfc=<file> : input kernel space Berkeley Packet Filter (BPF) code
affected: incoming and outgoing traffic - that include rca scan
steps to create a BPF (it only has to be done once):
set hcxdumptool monitormode
$ hcxdumptool -m <interface>
create BPF to protect a MAC
$ tcpdump -i <interface> not wlan addr3 11:22:33:44:55:66 and not wlan addr2 11:22:33:44:55:66 -ddd > protect.bpf
where addr3 protect ACCESS POINTs and addr2 protect CLIENTs
recommended to protect own devices
run hcxdumptool (with options --bpfc and -c where you have to exclude the channel of the remote connection) and ignore the warning that NetworkManager is alive.
Posts: 2
Threads: 1
Joined: Oct 2022
(10-20-2022, 10:40 AM)ZerBea Wrote: Edit NetworkManager config to ignore the device that hcxdumptool use:
https://wiki.archlinux.org/title/NetworkManager
explained in chapter 7.7 Ignore specific devices
use BPF code to ignore the second device which is used for remote control and the router to which it is connected
Code:
--bpfc=<file> : input kernel space Berkeley Packet Filter (BPF) code
affected: incoming and outgoing traffic - that include rca scan
steps to create a BPF (it only has to be done once):
set hcxdumptool monitormode
$ hcxdumptool -m <interface>
create BPF to protect a MAC
$ tcpdump -i <interface> not wlan addr3 11:22:33:44:55:66 and not wlan addr2 11:22:33:44:55:66 -ddd > protect.bpf
where addr3 protect ACCESS POINTs and addr2 protect CLIENTs
recommended to protect own devices
run hcxdumptool (with options --bpfc and -c where you have to exclude the channel of the remote connection) and ignore the warning that NetworkManager is alive.
Thanks, for the tool and for the help. It worked!
Posts: 1,042
Threads: 2
Joined: Jun 2017
You're welcome.
BTW:
hcxdumtool (and hcxlabtool series) and hcxtools provide a solution for nearly every purpose, either by cascading the options or by cascading the tools itself or both.