Mike

Running Linux (Arch), the issue appear, too (latest git head of aircrack-ng): ``` $ ./aircrack-ng Aircrack-ng 1.6 rev 541ab6bd - (C) 2006-2020 Thomas d'Otreppe $ ./aircrack-ng -j test upcwiiifreeePMKID.cap Reading...

I can confirm this. During latest test (latest git head), I encountered the same issue on EAPOL M2M3: ``` $ ./aircrack-ng -j test23 test23.pcap Reading packets, please wait... Opening test23.pcap...

Some additional information. The issue, reported above will cause that aircrack-ng use unrecoverable EAPOL messages instead of the correct one. Attached an example pcap file: [testm1m2m3.pcap.zip](https://github.com/aircrack-ng/aircrack-ng/files/4454739/testm1m2m3.pcap.zip) 1 BEACON 2 undirected...

Looks like aircrack-ng doesn't detect a M2M3 message (M2 = packet 2009, M3 = packet 2011). Instead it looks for an M1M2 combination, which isn't inside this cap file: BTW:...

Thanks for the info. Unfortunately I'm unable to do further going tests of aircrack-ng suite due to a compiler error running gcc 10.1. Arch Linux moved a few days ago...

Hash mode 250x (hccapx) and 1680x are deprecated, now. Since version 6.0.0, hashcat has been offering the new hash mode 22000 as replacement: https://hashcat.net/forum/thread-10253.html

Yes, it is time to retire that old formats. 22000 hash files are much better to handle.

Please consider to add a check wether the PMKID is calculated using a zeroed PMK or not and ignore them, too. Some APs and some CLIENTs doing this on the...

Please notice also: In case of a repeater system you must use the MAC address 3 (address of the origin AP) instead of MAC address 2 to get the PMKID...

Please also notice that injecting too many deauthentications or injecting deauthentications into an AUTHENTICATION sequence will cause that an ACCESS POINT will reset the EAPOL timer (a new AUTHENTICATION sequence...