If you got more information on how many VENDORs still using this fields, please keep us in the loop, here.
BTW:
tshark is a powerfull tool to perform several kinds of analysis and to receive the results directly on the command line. Via simple bash scripts, you can evaluate the results of tshark and hcxdumptool/hcxtools in an easy way. Wireshark's default capture format is pcapng, too. So the tools are nearly 100% compatible to each other.
Only one exception:
tshark/Wireshark can't handle foreign binary custom option fields, well.
This are hcxdumptool options codes to "communicate" with hcxpcangtool or multicapconverter (conversion tool):
Code:
pcapng option codes (Custom Block and/or Section Header Block) used by hcxdumptool:
ENTERPRISE NUMBER 0x2a, 0xce, 0x46, 0xa1
MAGIC NUMBER 0x2a, 0xce, 0x46, 0xa1, 0x79, 0xa0, 0x72, 0x33,
0x83, 0x37, 0x27, 0xab, 0x59, 0x33, 0xb3, 0x62,
0x45, 0x37, 0x11, 0x47, 0xa7, 0xcf, 0x32, 0x7f,
0x8d, 0x69, 0x80, 0xc0, 0x89, 0x5e, 0x5e, 0x98
OPTIONCODE_MACMYORIG 0xf29a (6 byte)
OPTIONCODE_MACMYAP 0xf29b (6 byte)
OPTIONCODE_RC 0xf29c (8 byte)
OPTIONCODE_ANONCE 0xf29d (32 byte)
OPTIONCODE_MACMYSTA 0xf29e (6 byte)
OPTIONCODE_SNONCE 0xf29f (32 byte)
OPTIONCODE_WEAKCANDIDATE 0xf2a0 (64 byte) == 63 characters + zero
OPTIONCODE_GPS 0xf2a1 (max 128 byte)
This are hcxpcapngtool messagepair codes to "communicate" with hashcat:
Code:
Bitmask message pair field used by hcxpcapngtool:
0: MP info (https://hashcat.net/wiki/doku.php?id=hccapx#message_pair_table)
1: MP info (https://hashcat.net/wiki/doku.php?id=hccapx#message_pair_table)
2: MP info (https://hashcat.net/wiki/doku.php?id=hccapx#message_pair_table)
3: x unused
4: ap-less attack (set to 1) - no nonce-error-corrections neccessary
5: LE router detected (set to 1) - nonce-error-corrections only for LE necessary
6: BE router detected (set to 1) - nonce-error-corrections only for BE necessary
7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections definitely necessary