barf
commented
7 years ago Hi @iczman can you please test the commit above, and report if that works for you?
Closed alphabt closed 7 years ago
barf
commented
7 years ago Hi @iczman can you please test the commit above, and report if that works for you?
alphabt
commented
7 years ago @barf yes that seems to fixed it; I was able to convert pcap to hccapx now. Though when I compiled this on macOS I got these warnings below. A binary was still generated.
cc -Wall -W -pipe -O2 -std=c99 -o cap2hccapx.bin cap2hccapx.c
cap2hccapx.c:935:64: warning: use of logical '||' with constant operand [-Wconstant-logical-operand]
else if (pcap_file_header.linktype == DLT_IEEE802_11_RADIO || DLT_PPI)
^ ~~~~~~~
cap2hccapx.c:935:64: note: use '|' for a bitwise operation
else if (pcap_file_header.linktype == DLT_IEEE802_11_RADIO || DLT_PPI)
^~
|Perhaps change to this?
else if (pcap_file_header.linktype == DLT_IEEE802_11_RADIO ||
pcap_file_header.linktype == DLT_PPI)
ChrisLundquist
commented
7 years ago Looks like a patch may already be in master :( See also: https://github.com/hashcat/hashcat-utils/pull/30
jsteube
commented
7 years ago I've merged #30, this should solve the issue, therefore closed. If not, feel free to reopen.
I captured a pcap using Wireshark and feeding it into cap2hccapx resulted in "Unsupported linktype detected".
According to source https://github.com/hashcat/hashcat-utils/blob/b6fe6c5f581f5cea8af8cd4750bd575c52300768/src/cap2hccapx.c#L853 it failed because the linktype in header is not DLT_IEEE802_11, DLT_IEEE802_11_PRISM, nor DLT_IEEE802_11_RADIO.
Hexdump of the pcap header shows linktype = C0000000 (decimal 192, little endian)
http://www.tcpdump.org/linktypes.html shows linktype 192 is DLT_PPI (Per-Packet Information information). I have no idea what this is, but is this a bug or truly unsupported scenario?