02-14-2020, 01:13 PM
I have pcapng file of 5 packets (attachment https://easyupload.io/74zyro). Four of them are handshake EAPOLs and one is beacon. I think it should be enough information for hcxpcaptool to create hash file.
But when I run command "hcxpcaptool -o /root/HS.hash /root/hs_plus_beacon.pcapng"
I get this result:
summary capture file:
---------------------
file name........................: hs_plus_beacon.pcapng
file type........................: pcapng 1.0
file hardware information........: unknown
capture device vendor information: 000000
file os information..............: Linux 5.2.0-kali2-amd64
file application information.....: Mergecap (Wireshark) 3.0.3 (Git v3.0.3 packaged as 3.0.3-1) (no custom options)
network type.....................: DLT_IEEE802_11 (105)
endianness.......................: little endian
read errors......................: flawless
minimum time stamp...............: 11.10.2005 23:07:52 (GMT)
maximum time stamp...............: 11.10.2005 23:07:52 (GMT)
packets inside...................: 5
skipped damaged packets..........: 0
packets with GPS NMEA data.......: 0
packets with GPS data (JSON old).: 0
packets with FCS.................: 0
association requests.............: 1
EAPOL packets (total)............: 4
EAPOL packets (WPA2).............: 4
best handshakes (total)..........: 1 (ap-less: 0)
summary output file(s):
-----------------------
Beacon is not detected, just EAPOLs, and I don't get any output file.
I need to say that, this pcapng file was created with text2pcap and mergecap tools, because I am using raw packets captured by tshark and written to database.
I use this commands:
"text2pcap ap_rawfile ap_raw_file.pcapng -n -l 127"
"text2pcap eapols_rawfile eapols_rawfile.pcapng -n -l 105"
"mergecap ap_raw_file.pcapng eapols_rawfile.pcapng -F pcapng -w hs_plus_beacon.pcapng"
But when I run command "hcxpcaptool -o /root/HS.hash /root/hs_plus_beacon.pcapng"
I get this result:
summary capture file:
---------------------
file name........................: hs_plus_beacon.pcapng
file type........................: pcapng 1.0
file hardware information........: unknown
capture device vendor information: 000000
file os information..............: Linux 5.2.0-kali2-amd64
file application information.....: Mergecap (Wireshark) 3.0.3 (Git v3.0.3 packaged as 3.0.3-1) (no custom options)
network type.....................: DLT_IEEE802_11 (105)
endianness.......................: little endian
read errors......................: flawless
minimum time stamp...............: 11.10.2005 23:07:52 (GMT)
maximum time stamp...............: 11.10.2005 23:07:52 (GMT)
packets inside...................: 5
skipped damaged packets..........: 0
packets with GPS NMEA data.......: 0
packets with GPS data (JSON old).: 0
packets with FCS.................: 0
association requests.............: 1
EAPOL packets (total)............: 4
EAPOL packets (WPA2).............: 4
best handshakes (total)..........: 1 (ap-less: 0)
summary output file(s):
-----------------------
Beacon is not detected, just EAPOLs, and I don't get any output file.
I need to say that, this pcapng file was created with text2pcap and mergecap tools, because I am using raw packets captured by tshark and written to database.
I use this commands:
"text2pcap ap_rawfile ap_raw_file.pcapng -n -l 127"
"text2pcap eapols_rawfile eapols_rawfile.pcapng -n -l 105"
"mergecap ap_raw_file.pcapng eapols_rawfile.pcapng -F pcapng -w hs_plus_beacon.pcapng"