05-23-2020, 01:59 PM
The whole filter stuff was refactored:
Now we have filtermode (0, 1, 2) in combination with filterlist_ap (ACCESS POINTs) and filterlist_client (CLIENTs).
That is much faster than filtering ACCESS POINTs and CLIENTs running the same list.
Additional, we have a new and very fast Berkeley Packet Filter as alternative. I suggest to use this in case of protection of ACCESS POINTs and CLIENTs. Usage of Berkeley Packet Filter Code is explained in help menu and here:
https://biot.com/capstats/bpf.html
and here:
https://www.tcpdump.org/manpages/pcap-filter.7.html
and here:
https://www.tcpdump.org/manpages/tcpdump.1.html
To answer your question:
filtering command to receive transmission of ap & client
create Berkeley Packet Filter Code
$ tcpdump -i <interface> wlan addr1 11:22:33:44:55:66 or wlan addr2 11:22:33:44:55:66 -ddd > attack.bpf
than run hcxdumptool --bpfc=attack.bpf
Notice:
It is mandatory to add every ACCESS POINT and every CLIENT here (each for addr1 and addr2)!
Now we have filtermode (0, 1, 2) in combination with filterlist_ap (ACCESS POINTs) and filterlist_client (CLIENTs).
That is much faster than filtering ACCESS POINTs and CLIENTs running the same list.
Additional, we have a new and very fast Berkeley Packet Filter as alternative. I suggest to use this in case of protection of ACCESS POINTs and CLIENTs. Usage of Berkeley Packet Filter Code is explained in help menu and here:
https://biot.com/capstats/bpf.html
and here:
https://www.tcpdump.org/manpages/pcap-filter.7.html
and here:
https://www.tcpdump.org/manpages/tcpdump.1.html
To answer your question:
filtering command to receive transmission of ap & client
create Berkeley Packet Filter Code
$ tcpdump -i <interface> wlan addr1 11:22:33:44:55:66 or wlan addr2 11:22:33:44:55:66 -ddd > attack.bpf
than run hcxdumptool --bpfc=attack.bpf
Notice:
It is mandatory to add every ACCESS POINT and every CLIENT here (each for addr1 and addr2)!