11-16-2018, 11:50 PM
(11-16-2018, 11:42 PM)ZerBea Wrote: [ -> ]No, the pcapng doesn't contain IP addresses. But it contain MAC addresses of access points and clients and network names.
If you run hcapcaptool you will get four PMKIDs (two networks with one client and one network with 2 clients) and two handshakes (one network with 2 clients). The pcapng file is flawless!
$ hcxpcaptool -o test.hccapx -z test.16800 -E essid v1.pcapng
reading from v1.pcapng
summary:
file name....................: v1.pcapng
file type....................: pcapng 1.0
file hardware information....: unknown
file os information..........: unknown
file application information.: unknown
network type.................: DLT_IEEE802_11_RADIO (127)
endianess....................: big endian
read errors..................: flawless
packets inside...............: 286
skipped packets..............: 0
packets with GPS data........: 0
packets with FCS.............: 259
beacons (with ESSID inside)..: 7
probe requests...............: 8
probe responses..............: 10
association requests.........: 7
association responses........: 13
reassociation requests.......: 1
reassociation responses......: 1
authentications (OPEN SYSTEM): 160
authentications (BROADCOM)...: 7
EAPOL packets................: 78
EAPOL PMKIDs.................: 4
best handshakes..............: 2 (ap-less: 0)
2 handshake(s) written to test.hccapx
4 PMKID(s) written to test.16800
Which of the networks network do you assume use the key 123456789?
SHAW-84AA55 (2 handshakes)
Slow Wifi (PMKID)
Birdy (2 PMKIDs)
TELUS3748 (PMKID)
Hmmm I don't actually see the network there... Here is a better file, sorry about that https://www.mediafire.com/?jy2ok3ebrqdzlr...9rz5f275yc Ive been making so many dumps I trying to fix this that I mixed up the file.
The wifi Im targeting is "Shit Wifi" with the password of 123456789
Im thinking the pcap is "flawless" however maby in the conversion process something is getting stuck
EDIT: Here is the new summary is this is a new file
Code:
summary:
--------
file name....................: v2.pcapng
file type....................: pcapng 1.0
file hardware information....: mips
file os information..........: Linux 3.18.84
file application information.: hcxdumptool 5.0.0
network type.................: DLT_IEEE802_11_RADIO (127)
endianess....................: big endian
read errors..................: yes
packets inside...............: 14
skipped packets..............: 0
packets with GPS data........: 0
packets with FCS.............: 13
beacons (with ESSID inside)..: 3
probe requests...............: 1
probe responses..............: 3
authentications (OPEN SYSTEM): 6
authentications (BROADCOM)...: 2