Kismet Wireless

Kismet Forums

 

Posted by:dragorn
Subject:How to monitor a single client
Date:21:28:56 13/06/2009

> > There isn't much point to capturing only packets from a single client.
>
> I'm only interested in the traffic between AP and this single client. That's my point.
>
> > You can probably kluge it out of a source and dest filter, but it'll confuse Kismet a fair bit.
>
> Well - I'd call it "this for that".

?

> Right now, Kismet has left me confused more than a fair bit. Honestly. The filtering section in the REDME is very meagre, terse, probably wrong. I can't make any sense of it. At least fixing typos for important keywords ans some more examples would help.

If you followed the SVN commits you'd see that typo was already resolved soon after you mentioned it.

>
> filter_tracker=BSSID(AA::BB:CC:DD:EE:FF)
>
> works somehow/a little bit as expected, at least just this network shows up in the UI, but there's still much data rubbish from other networks showing up. Even if I lock to a specific channel of this AP
>
> filter_tracker=BSSID(!AA::BB:CC:DD:EE:FF)
>
> Does not work as expected, this network shows up in the UI (Why?), just some packets are filtered - I'm willing to assume, these are the packets of this particular AP.

That will filter any packets with that BSSID. Other networks sharing the same SSID are not included.

You have some valid points, however you're trying to do more than the filtering was ever intended to handle, and it is currently impossible to filter a specific client on a specific network. There are no current plans for any major reworking or extensions of the filtering language, it almost didn't go into the new release at all.

Post-processing with wireshark/tshark is the best place to do complex l2/l3 filtering.

-m


Reply to this message