Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: WPA handshake messages clarification
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I need a clarification on which messages of the WPA handshake are necessary to obtain a clean hccap file.
Using the "WPA Clean and Convert Script" I've noticed that when all 4 EAPOL messages are present, only the first two (1/1 and 1/2) are saved to the .cap file in the CleanCaps directory, so I've supposed that only that 2 are the ones required by oclHashcat. Then I've seen that sometimes when the message 2/4 is missing from the original cap file, the script succeed and in the CleanCap file there is only the message 1/2 and 4/4.
So I would like to know which of the four messages are actually necessary to obtain an useful hccap file for oclhashcat.
I've already read that page, but it's still not clear to me. The example cap file on that page contains the following EAPOL messages: 1/4 - 4/4 - 3/4 - 4/4 so the message 2/4 is missing, but the cap is actually valid. In a cap I've used to test oclhashcat, the only messages are the 1/4 - 2/4 (after using the WPA clean script) and I can actually retrieve the password. So what is the message 2/4?

From what I've understand the messages 1/4 and the message 4/4 with the same replay counter number are the only two neccessary, and they are considered valid if they are followed by a message 3/4 (and 4/4) with a replay counter increased by one. Is it right?