-
Notifications
You must be signed in to change notification settings - Fork 0
/
mm_capture.src
16 lines (16 loc) · 1.26 KB
/
mm_capture.src
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
% ExpPrg holds the args for calling tshark - capture filter is excluding beacons, display filter is excluding no mac addresses.
% wlan[0] != 0x80 is to filter out beacon (Access Point) frames, -Y display filter is to only return rows with all 3 fields
% wlan.sa: Source Mac Address wlan.seq: Sequence Number radiotap.dbm_antsignal: signal strength
{tshark, "tshark -y IEEE802_11_RADIO_AVS -Y \"wlan.sa && wlan.seq && (wlan.dbm_antsignal < -10 && wlan.dbm_antsignal > -108)\" -I -N m -Tfields -E separator=/s -e wlan.sa -e wlan.seq -e wlan.dbm_antsignal -l"}.
% the address of the receiver
{mm_receiver, 'mm@192.168.1.3'}.
% id of the interface to use as the capture device - use ifconfig to find out. thuc is en1, kevin is en0, etc
{interface, <<"en0">>}.
% blacklisted: jason, thuc, juston, andy, kevin's laptop wifi macs - we do not want to capture any packets originating from those addresses
{blacklist, [<<"e4:ce:8f:37:48:d4">>, <<"28:cf:da:df:ef:00">>, <<"dc:a9:71:86:28:ef">>, <<"7c:d1:c3:f0:32:c9">>, <<"14:10:9f:e4:f5:4f">>]}.
% whitelist_enabled only create whitelist if set to true
{whitelist_enabled, false}.
% whitelisted: only capture the below addresses: currently kevin's iphone
{whitelist, [<<"b8:e8:56:b6:dd:22">>]}.
% the identifier of the capture node
{cap, test}.