Wireless Security
Re: differentiating wired and wireless clients in Kismet Jul 30 2009 02:18PM
Robin Wood (dninja gmail com)
2009/7/30 Joshua Wright <jwright (at) hasborg (dot) com [email concealed]>:
> Hash: SHA1
>>> link[1] || 0x03 == 0x01
>> This is getting closer but for some reason the apple macs that I've
>> got in my test environment are never being picked up by this and
>> kismet always shows them as fromds. Is there something odd about the
>> apple wireless drivers that causes this?
> I think you want "link[1] & 0x3 == 1"; this will return all frames where
>  ToDS is set and FromDS is clear.

Ye, I realised that about an hour ago and updated it to

"link[1] & 0x03 == 0x01 || link[1] & 0x03 == 0"

so that it picks up STA to STA as well. But I'm still seeing Apple
Macs sending data over wifi with just the From DS flag set. Wireshark
decoding the packets says this on my laptop as well as the embedded
device and tcpdump.

> Alternatively, you could watch for the type/subtype of management/probe
> request since only clients will send that frame.

So that would be

link[0] == 0x40

I'll give it a try.



[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus