Kismet Wireless

Kismet Forums

 

Posted by:dragorn
Subject:monitor single MAC address
Date:20:44:48 21/11/2006

> When I do that, it discards all packets to and from that address and logs all others. I'm using a Cisco 350 card with the following source line if that helps any:


Filters are "positive-pass": anything matched by the filter is passed and
all else is excluded.

Filtering can be done on address types (ANY, SOURCE, DEST, and BSSID).

To exclude a network with the BSSID AA:BB:CC:DD:EE:FF, the filter would be:
filter_tracker=BSSID(!AA:BB:CC:DD:EE:FF)

MAC addresses can be masked in the same fashion as IP netmasks. To
match all networks of a certian manufacturer, restrict to the OUI:
filter_tracker=BSSID(AA:BB:CC:00:00:00/FF:FF:FF:00:00:00)

Multiple MAC addresses can be used on the same filter line. To filter
out two known networks from being considered:
filter_tracker=BSSID(!00:11:22:33:44:55,!00:11:22:33:44:66)
Which is to say, all traffic not from 00..55 and not from 00..66 will
be considered.

So to exclude traffic from any network other than 00:00:00:AB:CD:EF

filter_tracker=BSSID(00:00:00:AB:CD:EF)

-m


Reply to this message