(11-15-2022, 09:58 PM)ZerBea Wrote: hcxdumptool doesn't use network names (because this names are not unique).
Instead it use the BSSID (MAC) of teh AP.
How to get the MAC is descriped in --help:
Code:--filterlist_ap=<file or MAC> : ACCESS POINT MAC or MAC filter list
format: 112233445566, 11:22:33:44:55:66, 11-22-33-44-55-66 # comment
maximum entries 256
run first --do_rcascan to retrieve information about the target
--filtermode=<digit> : user space filter mode for filter list
mandatory in combination with --filterlist_ap and/or --filterlist_client
affected: only outgoing traffic
notice: hcxdumptool act as passive dumper and it will capture the whole traffic on the channel
0: ignore filter list (default)
1: use filter list as protection list
do not interact with ACCESS POINTs and CLIENTs from this list
2: use filter list as target list
only interact with ACCESS POINTs and CLIENTs from this list
not recommended, because some useful frames could be filtered out
using a filter list doesn't have an affect on rca scan
only for testing useful - devices to be protected should be added to BPF
notice: this filter option will let hcxdumptool protect or attack a target - it is neither a capture nor a display filter
add the MAC to a list (e.g. name it filter.list
run hcxdumptool with option --filtermode=2 and --filterlist_ap=filter.list
Additional information is here:
https://www.youtube.com/watch?v=Usw0IlGbkC4
Thank you.
I tried with --filterlist_ap but no luck.
I tried this:
hcxdumptool -i wlp0 --filterlist_ap=XXXXXXXXXXXX -o dump.pcapng --enable_status=31 --filtermode=2
I tried with --filterlist_ap=list.txt too
No luck.
The difference between filter and no filter is that without the --filterlist_ap= hcxdumptool is gathereing everything.
With the hcxdumptool --filterlist_ap= it gathers less targets.
MAC I want to target is on the list but it shows after some time.
This MAC is my home router.