Posted by:ricardo
Subject:How to monitor a single client
Date:08:52:48 12/06/2009

i managed to get Kismet (2008.05.R1) running under Gentoo Linux - Intel 3945 based card.

Now I would like to filter the traffic of only one single client (incoming and outgoing) whose MAC address I do know. Currently, I use the filter_tracker like so:


While I see *something* from the client - because hes going over the <mac-ap>,
there is drawback, because I see lots of "uninteresting rubbish" from the AP, and definitely not all data from the client. Unfortunately I'm new to Kismet and the README filtering-section is a little bit terse to me. Some more examples wouldn't hurt.

e.g. when I tried to


Kismet didn't even startup telling me this would filter all. I thought it would be a positive-pass SOURCE and DEST for that client. Sigh.

You see, I'm hitting wall after wall for what seems to be a trivial request. Would be thankful if someone could put a little more light to this.

PS: in the Readme, filtering-section, there is also a AND(...) filter mentioned, I assume this is a typo and should be ANY(...)? Again - you see me puzzled

