Bit of a noob so please bear with me. I have been curious about the digital footprint hcxpcaptool leaves on AP's after reading up on the new PMKID exploit, in regards to the new exploit itself as well as how the tool generally operates.
If I understand the original notes by atom (the guy who discovered this) correctly only a single EOPOL frame is needed to recieve the response from the target(s) AP. Would the hcxpcaptool recognize when it has received a result and stop sending the EOPOL packet to the AP or would someone notice just a flood of them constantly being recieved if they were watching it with something like wireshark?
I also notice the tool can gather things like the normal 4 way handshakes as well which would involve spilling out alot of de-auth packets if the user didnt want to wait for a new device to connect.
I'm doing Google-foo in the background, this was just a specific topic I was curious about.
