Kismet Wireless

Kismet Forums

 

Posted by:dragorn
Subject:Kismet detection of clients of an AP
Date:03:58:02 04/09/2007

> Hi,
>
> one question,
> I am developing a wifi-related tool and I noticed Kismet when identifying clients of an AP records as client of an AP only the SRC addr of a packet (e.g.: of a 802.11 data packet), and NOT also the DST addr of a packet. Why is that?
>
> to reduce noise of pkts directed to non-existent dst addr? why? does it matter?
> because it hopes to see responses from dst but this time as the src of a packet? why? I think it is not uncommon to see only one side of the conversation.
>
> or, Am I completely misunderstanding the meaning of the DST addr? :)

(as I said over email to the same message, but since others might care... Generally, you only need to either post here or send me an email):

Technically true, however if there is another client using that mac
address we'll see it at some point when it responds. Tracking dst
addresses would show up a lot of spurious data as well as open us up to
a nice DoS from someone flooding the client table by spoofing
destination addresses. Generally I've never seen a problem using a more
affirmative detection of requiring them to actually transmit before
cataloging them as a client.

-m


Reply to this message