EAPOL Deauth detection
Detect deauthentication packets near you, when a machine disconnects from an access point, it sends a deauthentication packet to close the connection, deauthentication packets can also be spoofed to disconnect the device and attacker use automatic reconnection to sniff the 4-way handshake, a lot of deauthentication packets are not normal and should be considered as a possible Wi-Fi attack.
This feature also detects nearby pwnagotchi by printing the name and number of pwned network that it get, in this way you can know if you are under attacked.
- Channel : Current Channel
- Mode : Static : Stay on same channel / Auto: Hopping trough all channel
- PPS : Packets Per Second on the channel (if no activities on the channel the PPS could be locked to the last know number of packets because the refresh occur when a packet is reveived)
- H : Numbers of new PCAP created ( at least one EAPOL and beacon frame)
- EAPOL : Numbers of EAPOL packets captures
- DEAUTH : Numbers of Deauth seen
- RSSI : The transmission power (gives an idea of the distance from the transmitter)
If a EAPOL packet is detected, its stored in a pcap file with the mac address of the AP and a beacon frames wih the BSSID. You can crack a Wifi password with a 4-way handshakes or a PMKID with Aircrack-ng or Hashcat.
A python tool to process multiple pcap to hashcat format is provided in utilities.
Based on an original idea from G4lile0 the Wifi-Hash-Monster.
You absolutely must see the original project here from which I took inspiration: