30.05.2019
==========
hcxtools moved to v5.1.6 due to a bug in v5.1.5

hcxpcaptool: added 2 new options to convert raw PMKIDs
-K <file> : output raw PMKID file (hashcat hashmode -m 16801 new format)
-Z <file> : output raw PMKID file (hashcat hashmode -m 16801 old format and john)

use this options if you would like to verify a PMKID and yo don't have an ESSID
read more here:
https://github.com/ZerBea/hcxtools/issues/92#issuecomment-497128717


19.05.2019
==========
added new useful script: hcxgrep.py

Works like grep, but for hccapx/pmkid hashfiles - those are detected
automagically. It also can read from stdin and writes on stdout.

It tries to be as close to grep commandline options, this is -h:

usage: hcxgrep.py [-h] [-f FILE] [-v] [-t {essid,mac_ap,mac_sta}]
                  [PATTERNS] [infile]

Extract records from hccapx/pmkid file based on regexp

positional arguments:
  PATTERNS              RegExp pattern
  infile                hccapx/pmkid file to process

optional arguments:
  -h, --help            show this help message and exit
  -f FILE, --file FILE  Obtain patterns from FILE, one per line.
  -v, --invert-match    Invert the sense of matching, to select non-matching
                        nets
  -t {essid,mac_ap,mac_sta}, --type {essid,mac_ap,mac_sta}
                        Field to apply matching, default essid

By default it greps by essid, but you can choose with -t also to grep
over mac_ap or mac_sta, passed as lowercase hex strings. It also can
read multiple patterns from external file, like those attached. It's
composed from routerkeygen and matches essids with _ or - in them. Of
course this have many false positives and the default PSK can be
changed, but one can easy get those nets he needs to try custom
wordlists or etc.



16.04.2019
==========
finally removed wlanhcx2psk in favor of hcxpsktool


08.04.2019
==========
hcxpcaptool: from now on only PBKDF2 based hashes (EAPOL and PMKID) are converted running options -k -z and -o
             raw option -O will convert all EAPOL handshakes.


02.04.2019
==========
Due to hashcat changes:
"WPA/WPA2 cracking: In the potfile, replace password with PMK in order
to detect already cracked networks across all WPA modes"
https://github.com/hashcat/hashcat/commit/b8d609ba1604f4fed62198ae5000e205dcc87f70
 
hcxpcaptool: added new option -k to convert dumpfile to new hashcat PMKID format

-k <file> : output PMKID file (hashcat hashmode -m 16800 new format)
-z <file> : output PMKID file (hashcat hashmode -m 16800 old format and john)

use hcxhashcattool to convert old 2500 and old 16800 potfile to new hashcat potfile Format:
-p <file> : input old hashcat potfile
            accepted potfiles: 2500 or 16800
-P <file> : output new potfile file (PMK:ESSID:PSK)

hcxhashcattool -p oldhashcat.2500.pot -P newhashcat.potfile 
hcxhashcattool -p oldhashcat.16800.pot -P newhashcat.potfile


30.03.2019
==========
hcxpcaptool: retrieve IMSI from UMTS Authentication and Key Agreement (EAP-AKA)
             and EAP-SIM (GSM Subscriber Modules) Authentication


19.03.2019
==========
wlanhcx2ssid: use systemwide oui.txt (/usr/share/ieee-data/oui.txt), if exist
whoismac: use systemwide oui.txt (/usr/share/ieee-data/oui.txt), if exist


18.03.2019
==========
wlancap2wpasec: added man 1 page
hcxpcaptool: added new option -M to collect IMSI numbers
-M <file> : output unsorted IMSI number list


17.03.2019
==========
hcxpcaptool: added man 1 page
hcxpsktool: added man 1 page
hcxhash2cap: added man 1 page


09.03.2019
==========
hcxtools moved to version 5.1.3 due to change of pcapng comment field


07.03.2019
==========
hcxpcaptool added GPX comment field for GPS time from GPS device 

<?xml version="1.0"?>
<gpx version="1.0" creator="hcxpcaptool"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.topografix.com/GPX/1/0"
xsi:schemaLocation="http://www.topografix.com/GPX/1/0 http://www.topografix.com/GPX/1/0/gpx.xsd">
<name>test3.gpx</name>
<trk>
  <name>dntest.pcapng</name>
  <trkseg>
  <trkpt lat="49.126353" lon="4.626187">
    <ele>129.500000</ele>
    <time>2019-03-06T22:27:45Z</time>
    <name>1af87c9124a3</name>
    <cmt>GPS-TIME:2019-03-06T22:28:00Z</cmt>
  </trkpt>


26.02.2019
==========
hcxtools moved to version 5.1.3 due to several bug fixes


18.02.2019
==========
hcxtools moved to version 5.1.2 due to implementation of serveral new options


14.02.2019
==========
wlancap2wpasec: added new option -e
-e <email address> : set email address, if requiered


13.02.2019
==========
hcxpsktool added full support (option -j) for john
-i <file> : input EAPOL hash file (hashcat)
-j <file> : input EAPOL hash file (john)
-z <file> : input PMKID hash file (hashcat and john)


12.02.2019
==========
hcxpcaptool: added new option -X
-X <file> : output client probelist
          : format: mac_sta:probed ESSID (autohex enabled)


added new tool: hcxwltool
while hcxpsktool is designed to run on hcxpcaptool -o and -z output,
hcxwltool is designed to run on hcapcaptool -E, -I and -U output

$ hcxwltool -h
hcxwltool 5.1.1 (C) 2019 ZeroBeat
usage:
hcxwltool <options>

options:
-i        : input worlist
-o <file> : output wordlist to file
-h        : show this help
-v        : show version

--straight       : output format untouched
--digit          : output format only digits
--xdigit         : output format only xdigits
--lower          : output format only lower
--upper          : output format only upper
--capital        : output format only capital
--length=<digit> : password lenght (8...32)
--help           : show this help
--version        : show version

examples:
hcxwltool -i wordlist --straight | sort | uniq |  | sort | uniq | hashcat -m 2500 hashfile.hccapx
hcxwltool -i wordlist --gigit --length=10 | sort | uniq |  | sort | uniq | hashcat -m 2500 hashfile.hccapx
hcxwltool -i wordlist --digit | sort | uniq | hashcat -m 16800 hashfile.16800
hcxwltool -i wordlist --xdigit | sort | uniq | john --stdin --format=wpapsk-opencl hashfile.16800


11.02.2019
==========
whoismac: added two new options to convert ESSID HEX to ASCII or ESSID ASCII to HEX 
-e <ESSID>    : input ESSID
-x <xdigit>   : input ESSID in hex

example:
$ whoismac -e default
64656661756c74

now search for this essid, running simple bash commands:
cat hashfile.16800 | grep 64656661756c74


02.02.2019
==========
release hcxtools v 5.1.1
removed....: wlanhcx2psk
replaced by: hcxpsktool

removed....: wlanhcx2cap
replaced by: hcxhash2cap
no more libcap dependency!


01.02.2019
==========
hcxhash2cap: added new option to canvert john WPAPSK has file to cap
hcxhash2cap will replace wlanhcx2cap, soon
$ hcxhash2cap -h
hcxhash2cap 5.1.0 (C) 2019 ZeroBeat
usage:
hcxhash2cap <options>

options:
-c <file> : output cap file
            if no cap file is selected, output will be written to single cap files
            format: mac_sta.cap (mac_sta.cap_x)

--pmkid=<file>  : input PMKID hash file
--hccapx=<file> : input hashcat hccapx file
--hccap=<file>  : input hashcat hccap file
--john=<file>   : input John the Ripper WPAPSK hash file
--help          : show this help
--version       : show version


31.01.2019
==========
hcxhash2cap: added new options to convert hccapx to cap and hccap to cap


29.01.2019
==========
aded new tool: hcxhash2cap


22.01.2019
==========
hcxpcaptool: in preparation of hccapx successor, hcxpcaptool now count oversized (>0xff) EAPOLframes
             EAPOL packets (oversized)....: xx
read more here:
https://github.com/hashcat/hashcat/issues/1816


13.12.2018
==========
hcxpcaptool: removed options -x and -X (old hccap format)
hcxpcaptool: added options --hccap-out and --hccap-raw-out (old hccap format)
--hccap-out=<file>                : output old hccap file (hashcat -m 2500)
--hccap-raw-out=<file>            : output raw old hccap file (hashcat -m 2500)


09.12.2018
==========
hcxpcaptool: detect EAPOL GROUP KEYs
hcxpcaptool: move option -H to --hexdump-out
hcxpcaptool: added new options (--eapol-out, --network-out)
--eapol-out=<file>                : output EAPOL packets in hex
                                    format = mac_ap:mac_sta:eapol
--network-out=<file>              : output network information
                                    format = mac_ap:ESSID
--hexdump-out=<file>              : output dump raw packets in hex


05.12.2018
==========
moved to v 5.1.0 (according to hashcat)
hcxpcaptool:  detect EAPOL RC4 KEYs


04.12.2018
==========
hcxpcaptool: fixed bug in FCS on BE systems
hcxpcaptool: detect MESH-IDs


26.11.2018
==========
several big endian fixes
switched to version 5.0.1


19.11.2018
==========
hcxpcaptool: improved detection of ESSID changes in merged capfiles


30.10.2018
==========
hcxtools moved to version 5.0.0

hcxpsktool: added NETGEARxx list
--netgear : include NETGEAR candidates


03.10.2018
==========
hcxpcaptool: use GMT time


30.09.2018
==========
hcxhashcattool: accept 16800 potfiles


29.09.2018
==========
hcxpcaptool: removed option -Z
Allow hashfile for -m 16800 to be used with -m 16801
https://github.com/hashcat/hashcat/commit/1b980cf01000c81dfd0ca085593f8c1d66d43188

added new option -g
-g <file> : output GPS file\n"
            format = GPX (accepted for example by Viking and GPSBabel)\n"


24.09.2018
==========
whoismac new option to get VENDOR information from a hashcat 2500 potfile line
-P <hashline> : input EAPOL hashline from potfile


20.09.2018
==========
prepare new tool (experimental): hcxpsktool (supports hccapx and 16800 hashfile)
hcxpsktool will replace wlanhcx2psk, when all wlanhcx2psk functions are added


15.09.2018
==========
hcxpcaptool: added detection of Cisco Systems, Inc VENDOR information in authentication


06.09.2018
==========
hcxpcaptool: added detection of Netgear VENDOR information in authentication


04.09.2018
==========
hcxpcaptool: try to detect and remove damaged ESSIDs


26.08.2018
==========
whoismac added new option -p to get information about VENDOR and print ESSID in ASCII
"-p <hashline> : input PMKID hashline\n"


17.08.2018
==========
hcxpcaptool skip unknown option (thanks to magnumripper)
hcxpcaptool detect Wilibox Delibrant Group LLC authentication
hcxpcaptool detect NETWORK EAP authentication system


07.08.2018
==========
added communication between hcxdumtool and hcxpcaptool via pcapng option fields:
62108 for REPLAYCOUNT uint64_t
62109 for ANONCE uint8_t[32]


03.08.2018
==========
hcxtools release 4.2.0

Todo:
hcxdumptool 4.2.0 will randomize ap-less attacks.
hcxpcaptool will convert this handshakes correctly, but will not detect them as ap-less attack
This feature will be added in hcxtools 4.2.1


01.08.2018
==========
moved raspberry pi stuff and dumper stuff to hcxdumptool repository
from now on hcxtools only includes conversion tools


25.07.2018
==========
hcxtools moved to 4.2.0 rc1
hcxpcaptool:
added hashmodes -m 16800 and -m 16801
and new options:
-z <file> : output PMKID file (hashcat hashmode -m 16800 - WPA*-PMKID-PBKDF2)
-Z <file> : output PMKID file (hashcat hashmode -m 16801 - WPA*-PMKID-PMK)
use hcxpcaptool as dumper/attacker, convert with hcxpcaptool, retrieve PSK using hashcat

removed wlandump-ng (old scool, deprecated)
removed wlancap2hcx (old scool, deprecated)


17.07.2018
==========
hcxpcaptool:
show detailed file stats on pcapng files - go in sync with (upcomming) hcxdumptool 4.2.0


17.07.2018
==========
hcxpcaptool:
added detection of all EAP types:
EAP_PACKET
EAPOL_START
EAPOL_LOGOFF
EAPOL_KEY
EAPOL_ASF
EAPOL_MKA


15.07.2018
==========
wlanhcx2psk:
added more weak candidates based on OSINT from wpa-sec


07.07.2018
==========
hcxpcaptool:
added detection of BROADCOM specific authentication


01.07.2018
==========
hcxpcaptool:
added detection of FILS authentication algorithm


27.06.2018
==========
hcxpcaptool:
added detection of authentication algorithms


23.06.2018
==========
hcxpcaptool:
added full support for AVS header (DLT_IEEE802_11_RADIO_AVS)


22.06.2018
==========
hcxpcaptool:
added full support for TaZmen Sniffer Protocol (TZSP)


21.06.2018
==========
hcxpcaptool:
added detection of TaZmen Sniffer Protocol (TZSP)


20.06.2018
==========
hcxpcaptool:
added conversion of WDS packets


19.06.2018
==========
hcxpcaptool:
added detection of RADIUS authentication with Ethernet II header


05.05.2018
==========
hcxpcaptool:
improved detection of broken ESSIDs
improved detection of broken EAPOL frames

wlanhcx2ssid (option -F):
improved detection of broken ESSIDs
omproved detection of broken EAPOL frames


12.03.2018
==========
moved to v 4.1.5
added new options wlancap2wpasec
$ wlancap2wpasec -h
wlancap2wpasec 4.1.5 (C) 2018 ZeroBeat
usage: wlancap2wpasec <options> [input.cap] [input.cap] ...
       wlancap2wpasec <options> *.cap
       wlancap2wpasec <options> *.*

options:
-k <key>     : wpa-sec user key
-u <url>     : set user defined URL
               default = https://wpa-sec.stanev.org
-t <seconds> : set connection timeout
               default = 30 seconds
-R           : remove cap if upload was successful
-h           : this help


25.02.2018
==========
split repository!
moved hcxdumptool to https://github.com/ZerBea/hcxdumptool
move pioff to https://github.com/ZerBea/hcxdumptool/hcxpioff
from now on, hcxtools will be the mostly "portable part"


17.02.2018
==========
hcxpcaptool
added nonce fuzzing logic for john and old hashcat (hccap) according to bitmask:
0: MP info
1: MP info
2: MP inf
3: x (unused)
4: ap-less attack (set to 1) - no nonce-error-corrections neccessary
5: LE router detected (set to 1) - nonce-error-corrections only for LE neccessary
6: BE router detected (set to 1) - nonce-error-corrections only for BE neccessary
7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections definitely neccessary


15.02.2018
==========
hcxpcaptool
added detection of router endianess and ap-less attacks:
bitmask for message_pair file:
0: MP info
1: MP info
2: MP inf
3: x (unused)
4: ap-less attack (set to 1) - no nonce-error-corrections neccessary
5: LE router detected (set to 1) - nonce-error-corrections only for LE neccessary
6: BE router detected (set to 1) - nonce-error-corrections only for BE neccessary
7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections definitely neccessary

using bit 4 to 7, hcxtools are able to interact with hascat - that will increase speed for hashcat.


09.02.2018
==========
hcxpcaptool
added full implementation of PPP-CHAP authentication
added detection of RADIUS (UDP destination 1812)
new dependency: libopenssl


07.02.2018
==========
hcxpcaptool
added full implementation of TACACS+
--tacacsplus-out=<file>           : output TACACS+ authentication file (hashcat -m 16100, john tacacs-plus)


05.02.2018
==========
hcxpcaptool
improved help menu
ignore empty usernames
added new option
--md5-john-out=<file>             : output MD5 challenge file (john chap)


04.02.2018
==========
hcxpcaptool
continued implementation of EAP (RADIUS): netNTLMv1, MD5 challenge
added new options
-U <file> : output username list (unsorted)
--netntlm-out=<file>              : output netNTLMv1 file	(hashcat -m 5500, john netntlm)
--md5-out=<file>                  : output MD5 challenge file	(hashcat -m 4800, john chap)


03.02.2018
==========
added hcxphashcattool (calculate PMKs from hashcat -m 2500 potfile)
$ hcxhashcattool -h
hcxhashcattool 4.1.0 (C) 2018 ZeroBeat
usage:
hcxhashcattool <options>

options:
-p <file> : input hashcat -m 2500 potfile
-P <file> : output PMK file (PMK:ESSID:PSK)
-h        : show this help
-v        : show version


01.02.2018
==========
hcxpcaptool
added detection of TCP and UDP network protocol
neccessary for IP based authentications


31.01.2018
==========
hcxtools moved to v 4.1.0
and starts into the 3. generation with
- hcxdumptool (will replace wlandump-ng) and
- hcxpcaptool (will replace wlancap2hcx)


29.01.2018
==========
hcxpcaptool
improved detection of handshakes
removed options -A -S ( will improve them and add them later again)


17.01.2018
==========
hcxpcaptool
added new options
-O <file> : output raw hccapx file
-x <file> : output hccap file
-X <file> : output raw hccap file
-j <file> : output john WPAPSK-PMK file
-J <file> : output raw john WPAPSK-PMK file
--time-error-corrections  : maximum allowed time gap (default: 10000ms)
--nonce-error-corrections : maximum allowed nonce gap (default: 8)
                          : should be the same value as in hashcat
option -O is designed for third party tools which like to strip handshakes by themselves
options -x and -X are designed for use on older systems and old hashcat version


16.01.2018
==========
hcxpcaptool
added new option -o
-o <file> : output hccapx file
convert cap/pcap/pcapng to hccapx


15.01.2018
==========
hcxpcaptool
added new option -V
-V        : verbose (but slow) status output
Running hcxpcaptool without options on cap/pcap/pcapng files
shows only limited stauts output
If you need detailed informations, use -V


14.01.2018
==========
hcxpcaptool
added suport for gzip compressed cap/pcap/pcapng files
new dependency: zlib


14.01.2018
==========
hcxpcaptool
added new options -P -I
-I <file> : output identities list
-P <file> : output possible WPA/WPA2 plainmasterkey list


13.01.2018
==========
hcxpcaptool
added new option
-S <file> : output station EAPOL information list
date::timestamp:mac_sta:mac_ap:epol_len:eapol
moved internal to tv_usec timestamp


12.01.2018
==========
hcxdumptool
added new option
-C <digit>     : comma separated scanlist (1,3,5,7...)
support for scanlist

hcxpcaptool
added new option
-A <file> : output access point anonce information list (forensics purpose)
date:mac_sta:mac_ap:keyver(1=M1, 2=M3, 3=M1+M3):replaycount(in hex):anonce


11.01.2018
==========
hcxpcaptool
added new options
-E <file> : output wordlist (autohex enabled) to use as wordlist
-T <file> : output traffic information list


10.01.2018
==========
hcxpcaptool
added option -H
-H        : dump raw packets in hex


09.01.2018
==========
- move hcxtools to v 4.0.2
- renamed wlandump-rs to hcxdumptool
- removed wlancapinfo -> replaced by hcxpcaptool
  +get rid of libpcap dependency)
  +added full pcapng support

$ hcxpcaptool -h
hcxpcaptool 4.0.2 (C) 2017 ZeroBeat
usage:
hcxpcaptool <options>
hcxpcaptool <options> [input.pcap] [input.pcap] ...
hcxpcaptool <options> *.cap
hcxpcaptool <options> *.*

options:
-h        : show this help
-v        : show version


07.01.2018
==========
wlandump-rs
added option -l
-l             : enable capture of IPv4/IPv6 packets


06.01.2018
==========
wlandump-ng
added option -l
-l             : enable capture of IPv4/IPv6 packets


21.12.2017
==========
wlancap2hcx
removed option -x
now wlancap2hcx looks first for association/re-associationrequests
or for directed proberequests or for proberesponseses
and at last (if no other frames found in the cap) for a beacon


21.12.2017
==========
wlancap2hcx
added new option to remove handshakes that that belong to the same authentication sequence
-D        : remove handshakes that belong to the same authentication sequence
          : you must use nonce-error-corrections on that file!

wlanhcx2ssid
added new option to remove handshakes that that belong to the same authentication sequence
-D <file> : remove handshakes that belong to the same authentication sequence
          : you must use nonce-error-corrections on that file!


17.12.2017
==========
moved to version 4.0.1

added wlandump-rs
- use raw sockets instead of libpcap
- faster and more aggressive than wlandump-ng
- able to capture more handchakes than wlandump-ng
- automatic use channel 14 and 5GHz channels if driver supports this
- improvements on scan engine
- improvements on authentication engine
- use ap blacklist instead of BPF

$ wlandump-rs -h
wlandump-rs 4.0.1 (C) 2017 ZeroBeat
usage: wlandump-rs <options>

options:
-i <interface> : interface
-o <dump file> : output file in pcapformat including radiotap header (LINKTYPE_IEEE802_11_RADIOTAP)
-c <digit>     : set channel (default = channel 1)
-t <seconds>   : stay time on channel before hopping to the next channel
               : default = 5 seconds
-B <file>      : blacklist (do not deauthenticate clients from this hosts - format: xxxxxxxxxxxx)
-I             : show suitable wlan interfaces and quit
-T <maxerrors> : terminate after <xx> maximal errors
               : default: 1000000
-D             : enable to transmit deauthentication- and disassociation-frames
-P             : enable poweroff
-s             : enable status messages
-h             : show this help
-v             : show version


16.12.2017
==========
wlancap2wpasec
-----------
added option to remove cap file if upload was successful
-R           : remove cap if upload was successful


05.12.2017
==========
wlanhcx2ssid
-----------
added option to strip damaged records from hccapx file
-F <file>     : strip bad records and write only flawless records to hccapx file
Detected errors (more follows later):
- bad keytype in EAPOL frame


21.11.2017
==========
wlancap2hcx
-----------
added detection and conversation of TACACS+ Authentication
-t <file> : output TACACS+ file (hashcat -m 16100, john tacacs-plus)


21.11.2017
==========
wlandump-ng
-----------
added new option -P for use with hard coded GPIO switch
-P : terminate program and poweroff raspberry pi by GPIO switch
   : default: terminate program and do not power off


20.11.2017
==========
wlandump-ng
-----------
do not terminate wlandum-ng if channel set failed
instead reset channel back to 1


31.10.2017
==========
wlandump-ng
-----------
improved status: added beacons, proberequests, proberesponses, associationrequests and reassociationrequests
warning in help mennu that driver must support 5GHz


29.10.2017
==========
wlanrcascan
-----------
added option -l (loopcount)

wlandump-ng
-----------
added detection of fast BSS transition (fast roaming)

wlancap2hcx
-----------
added detection of fast BSS transition (fast roaming)


28.10.2017
==========
- added changelog
- merged wlanresponse and wlandump-ng

bash_profile
------------
adapted to new wlandump-ng

wlanresponse
------------
- removed

wlandump-ng
-----------
- waterfall status
- improved deauthentication
  stop when retrieved one complete handshake (M1-M4) from ap <-> client
- improved disassociation
  stop when retrieved one complete handshake (M1-M4) from ap <-> client
- send one undirected proberequest to broadcast after channel change
- improved expanded EAPOL handling
- improved authentication
- improved beaconing on proberequests
- now wlandump-ng is passive by default (only receive) - transmit must be enabled
- changed / new options:
  -R         : enable to respond to all requests
  -D         : enable deauthentications
  -d         : enable disassociations
  -E <digit> : stop deauthentications and disassociations if xx complete handshakes received
             : default = 1 complete handshake (M1-M4)
  -U         : send one undirected proberequest to broadcast after channel change
  -B         : enable beaconing on last proberequest
  "-s        : enable status messages\n"

localtime, channel, mac_ap, mac_sta, information
11:02:52  11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M1M2 handshake (forced)          
11:01:45  11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M1M2 handshake (forced-retransmission)          
11:03:57  11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M1M2 handshake (not verified)          
11:03:57  11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M2M3 handshake (verified)          
11:03:57  11 xxxxxxxxxxxx <-> xxxxxxxxxxxx M3M4 handshake (established) 
16:36:13   1 xxxxxxxxxxxx --> xxxxxxxxxxxx identity request: hello          
16:36:13   1 xxxxxxxxxxxx <-- xxxxxxxxxxxx identity response: WFA-SimpleConfig-Registrar-1-0          
16:36:14   1 xxxxxxxxxxxx --> xxxxxxxxxxxx WPS-M1 message          
16:36:14   1 xxxxxxxxxxxx <-- xxxxxxxxxxxx WPS-M2 message          
16:36:16   1 xxxxxxxxxxxx --> xxxxxxxxxxxx WPS-M3 message          
16:36:16   1 xxxxxxxxxxxx <-- xxxxxxxxxxxx WPS-M4 message          
16:36:16   1 xxxxxxxxxxxx --> xxxxxxxxxxxx WPS-M5 message          
16:36:16   1 xxxxxxxxxxxx <-- xxxxxxxxxxxx WPS-M6 message          
16:36:16   1 xxxxxxxxxxxx --> xxxxxxxxxxxx WPS-M7 message          
16:36:16   1 xxxxxxxxxxxx <-- xxxxxxxxxxxx WPS-M8 message          

