Plugins 2500/2501 and 16800/16801 are deprecated

[ZerBea]

hcxdumptool use the Berkeley Packet Filter (BPF) to select a target or to protect own devices. Its entire attack behavior can be controlled via this BPF.

If the filter is not applied, hcxdumptool will attack everything in range merciless.
You'll see this warning:

Code:

BPF is unset! Make sure hcxdumptool is running in a 100% controlled environment!

A (very) simple BPF code is explained in -h):

Code:

--bpfc=<filter>: compile Berkeley Packet Filter (BPF) and exit
                  $ hcxdumptool --bpfc="wlan addr3 112233445566" > filter.bpf
                  see man pcap-filter
--bpf=<file>   : input Berkeley Packet Filter (BPF) code (maximum 4096 instructions) in tcpdump decimal numbers format
                  see --help for more information

and --help

Code:

Berkeley Packet Filter:
-----------------------
tcpdump decimal numper format:
example: tcpdump high level compiler:
  $ tcpdump -s 65535 -y IEEE802_11_RADIO wlan addr3 112233445566 -ddd > filter.bpf
  see man pcap-filter
example: bpf_asm low level compiler
  $ bpf_asm filter.asm | tr ',' '\n' > filter.bpf
  see https://www.kernel.org/doc/html/latest/networking/filter.html
example: bpfc low level compiler:
  $ bpfc -f tcpdump -i filter.asm > filter.bpf
  see man bpfc
tcpdump C style format:
example: tcpdump high level compiler:
  $ tcpdump -s 65535 -y IEEE802_11_RADIO wlan addr3 112233445566 -dd > filter.bpf
  see man pcap-filter
example: bpfc low level compiler:
  $ bpfc -f C -i filter.asm > filter.bpf
  see man bpfc

there are several ways to build a BPF:
hcxdumptool's build in high level language compiler
tcpdump's build in high level language compiler
bpfc low level language compiler

To build a BPF, it is mandatory to understand 802.11 protocol (mac frame addr1, addr2 and addr3):
https://en.wikipedia.org/wiki/802.11_Frame_Types