12-02-2017, 04:16 PM
Hi DKblue.
You've done the right things. That is the way to make a flawless and clean cap.
The second way is to use the option -p from wlancap2hcx:
-p <file> : output merged pcap file (upload this file to https://wpa-sec.stanev.org)
In that case you get a flawless (uncleaned) cap.
This behavior is normal for capture tools which doesn't take care about "save terminating" or a script that kills the capture tool.
In your case the cap is cutted and you get this message:
pcap read error: invalid packet capture length 1960823124, bigger than maximum of 262144
You will also get this error if you try to read this cap using wireshark.
I should like to point out that the result of minidwep-gtk is very poor comparing to a wlandump-ng (raspberry pi) capture:
$ wlancap2hcx 201711290935.pcap
start reading from 201711290935.pcap
11698 packets processed (11698 wlan, 0 lan, 0 loopback)
total 320 usefull wpa handshakes
found 7 WPA1 RC4 Cipher, HMAC-MD5
found 313 WPA2 AES Cipher, HMAC-SHA1
found 164 valid WPA handshakes (by wlandump-ng/wlanresponse)
nonce-error-corrections is working on that file
found FAST Authentication
By the way:
I power on my raspberry pi. Than I take a walk through the city. After I returned, I power off the raspberry
and copy the cap to the gpu rig and do the conversation to hccapx. Thats all.
And even with a very small wordlist and a simple notebook, I have a hitrate of 8% on that cap:
Session..........: hashcat
Status...........: Exhausted
Hash.Type........: WPA/WPA2
Hash.Target......: test.hccapx
Time.Started.....: Sat Dec 2 15:42:36 2017 (1 min, 24 secs)
Time.Estimated...: Sat Dec 2 15:44:00 2017 (0 secs)
Guess.Base.......: File (wordlist)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 31164 H/s (3.68ms)
Recovered........: 18/225 (8.00%) Digests, 4/70 (5.71%) Salts
Progress.........: 2857610/2857610 (100.00%)
Rejected.........: 0/2857610 (0.00%)
Restore.Point....: 40823/40823 (100.00%)
Candidates.#1....: rsax4337 -> волчонок
HWMon.Dev.#1.....: Temp: 63c Util: 95% Core:1176MHz Mem: 900MHz Bus:4
Started: Sat Dec 2 15:42:28 2017
Stopped: Sat Dec 2 15:44:01 2017
You've done the right things. That is the way to make a flawless and clean cap.
The second way is to use the option -p from wlancap2hcx:
-p <file> : output merged pcap file (upload this file to https://wpa-sec.stanev.org)
In that case you get a flawless (uncleaned) cap.
This behavior is normal for capture tools which doesn't take care about "save terminating" or a script that kills the capture tool.
In your case the cap is cutted and you get this message:
pcap read error: invalid packet capture length 1960823124, bigger than maximum of 262144
You will also get this error if you try to read this cap using wireshark.
I should like to point out that the result of minidwep-gtk is very poor comparing to a wlandump-ng (raspberry pi) capture:
$ wlancap2hcx 201711290935.pcap
start reading from 201711290935.pcap
11698 packets processed (11698 wlan, 0 lan, 0 loopback)
total 320 usefull wpa handshakes
found 7 WPA1 RC4 Cipher, HMAC-MD5
found 313 WPA2 AES Cipher, HMAC-SHA1
found 164 valid WPA handshakes (by wlandump-ng/wlanresponse)
nonce-error-corrections is working on that file
found FAST Authentication
By the way:
I power on my raspberry pi. Than I take a walk through the city. After I returned, I power off the raspberry
and copy the cap to the gpu rig and do the conversation to hccapx. Thats all.
And even with a very small wordlist and a simple notebook, I have a hitrate of 8% on that cap:
Session..........: hashcat
Status...........: Exhausted
Hash.Type........: WPA/WPA2
Hash.Target......: test.hccapx
Time.Started.....: Sat Dec 2 15:42:36 2017 (1 min, 24 secs)
Time.Estimated...: Sat Dec 2 15:44:00 2017 (0 secs)
Guess.Base.......: File (wordlist)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 31164 H/s (3.68ms)
Recovered........: 18/225 (8.00%) Digests, 4/70 (5.71%) Salts
Progress.........: 2857610/2857610 (100.00%)
Rejected.........: 0/2857610 (0.00%)
Restore.Point....: 40823/40823 (100.00%)
Candidates.#1....: rsax4337 -> волчонок
HWMon.Dev.#1.....: Temp: 63c Util: 95% Core:1176MHz Mem: 900MHz Bus:4
Started: Sat Dec 2 15:42:28 2017
Stopped: Sat Dec 2 15:44:01 2017