Posted by:dragorn
Subject:tracker,dump,netclient,export filters difficutly
Date:16:08:24 06/12/2009

> I only want the traffic for BSSID(00:0D:87:D9:A0:BA) to be recorded in the pcap file.
> Using the four different filters listed:
> filter_tracker, filter_dump,filter_export, or filter_netclient in the kismet.conf file where, for example, filter_tracker=BSSID(00:0D:87:D9:A0:BA), records not just the traffic for example, BSSID(00:0D:87:D9:A0:BA), but a lot of other BSSID's.
> To verify that this was the case, I opened up the kismet pcap-generated file in Wireshark. I was expecting to see only the traffic for BSSID(00:0D:87:D9:A0:BA), but in fact verified that there is a lot of traffic other than BSSID(00:0D:87:D9:A0:BA) being recorded in the that pcap file.

OK, and as I just said - the dump filter stuff shouldn't have remained in the config file as it isn't applied anywhere - so there's your answer. None of the others would have any effect on the dump.

If you really want to throw out packets in your dump file, use tshark w/ their much more complex & complete filtering system and rewrite the pcap.

