Comments (3)
ZerBea
commented on July 25, 2024
hcxdumptool is not designed to be a monitoring tool that captures all frame types because this makes hcxdumptool slow.
Other tools (tsahrk/Wireshark) can do this much better.
But it is designed to work in perfect harmony with tshark and/or Wireshark. Both tools are working fine, using hcxdumptools's monitor mode. You can run them in parallel (on the same interface) to hcxdumptool.
A simple example:
$ sudo hcxdumptool -m wlp48s0f4u2u4
$ sudo hcxdumptool -i wlp48s0f4u2u4 -w hcxdumptool.pcapng & tshark -w tshark.pcapng -i wlp48s0f4u2u4
When finished:
$ sudo killall hcxdumptool
$ killall tshark
$ ls *.pcapng
hcxdumptool.pcapng tshark.pcapng
BTW:
It is also possible to use different capture and display filters on hcxdumptool and tshark/Wireshark.
On a dual core system, there is no speed impact.
from hcxdumptool.
ZerBea
commented on July 25, 2024
Suggestion is now shown in help:
$ hcxdumptool --help
hcxdumptool 6.3.2-18-g1266cf2 (C) 2023 ZeroBeat
Additional information:
-----------------------
first stop all services that take access to the interface, e.g.:
$ sudo systemctl stop NetworkManager.service
$ sudo systemctl stop wpa_supplicant.service
run hcxdumptool
press ctrl+c to terminate
press GPIO button to terminate
hardware modification is necessary, read more:
https://github.com/ZerBea/hcxdumptool/tree/master/docs
stop all services (e.g.: wpa_supplicant.service, NetworkManager.service) that take access to the interface
do not set monitor mode by third party tools (iwconfig, iw, airmon-ng)
do not use logical (NETLINK) interfaces (monx, wlanxmon, prismx, ...) created by airmon-ng and iw
do not use virtual machines or emulators
do not run other tools that take access to the interface in parallel (except: tshark, wireshark, tcpdump)
do not use tools to change MAC (like macchanger)
do not merge (pcapng) dump files, because this destroys assigned hash values!
to store entire traffic, run <tshark -i <interface> -w allframes.pcapng> in parallel on the same interface
from hcxdumptool.
ZerBea
commented on July 25, 2024
I checked the list mentioned in your commend.
All this frames types (and some more) are captured and stored by hcxdumptool.
Frame types overview:
https://github.com/ZerBea/hcxdumptool/blob/master/include/ieee80211.h#L11
This 802.11 frames are stored to the pcapng file:
management frames:
0x00 == IEEE80211_STYPE_ASSOC_REQ
0x01 == IEEE80211_STYPE_ASSOC_RESP
0x02 == IEEE80211_STYPE_REASSOC_REQ
0x03 == IEEE80211_STYPE_REASSOC_RESP (not in your list)
0x04 == IEEE80211_STYPE_PROBE_REQ
0x05 == IEEE80211_STYPE_PROBE_RESP
0x08 == IEEE80211_STYPE_BEACON (only on first occurrence)
0x0b == IEEE80211_STYPE_AUTH
0x0d == IEEE80211_STYPE_ACTION (not in your list)
data frames:
0x20 == IEEE80211_STYPE_DATA (filtered by EAP/EAPOL)
0x28 == IEEE80211_STYPE_QOS_DATA (filtered by EAP/EAPOL)
BTW:
It doesn't make sense to handle all data frames during an attack, because it slow down the attack.
To offline decrypt the traffic, it is mandatory that an entire session (handshake and following traffic) is recorded.
That is mostly not the case if hcxdumptool moves to the next channel.
from hcxdumptool.
Related Issues (20)
- hcxdumptool: unrecognized option 'enable_status=15' HOT 2
- Is the problem in the driver or in the operating system? HOT 1
- Add a gpiowait.svg alongside gpiowait.odg HOT 2
- attack behaviors rules HOT 65
- openwrt: Issue finding interfaces HOT 44
- Android build instructions HOT 5
- prevent spoofed beacons from transmitting HOT 3
- How can I delete this tool? HOT 2
- hcxdumptool missing options HOT 2
- What to use it in 2024?
- error using option "-o" to write the dump file.
- Older version HOT 1
- undirected proberequest frames. HOT 1
- rds Usage HOT 1
- Atheros chipset (ERRORs caused by misconfigured KALI) HOT 21
- Arrays explained HOT 1
- Documentation about attack vectors and what options affect them HOT 7
- How to filter (skip) certain access points? HOT 1
- Issues using hcxdumptool in conjuction with ALFA AWUS036ACH HOT 8
- rtw8822ce: hcxdumptool exits on unknown error HOT 15
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hcxdumptool.