Right on. It should be -y IEEE802_11 to see dissociations, though.
IEEE802_11_RADIO just gives scan results.
On Fri, Mar 22, 2024 at 4:33 PM Peter Hessler wrote:
>
> pflog does not monitor the RADIO. They are not Layer 3 packets, and are
> not seen by pf.
>
>
> On 2024 Mar 22 (Fri) at 16:25:08
On Fri, Mar 22, 2024 at 04:25:08PM +0500, ofthecentury wrote:
> Thanks. This does work on an interface, but not on -r /var/log/pflog?
You cannot log wifi management frames in PF because PF does not operate
at the wifi layer.
There is hostapd(8) which and can do some interesting things with these
pflog does not monitor the RADIO. They are not Layer 3 packets, and are
not seen by pf.
On 2024 Mar 22 (Fri) at 16:25:08 +0500 (+0500), ofthecentury wrote:
:Thanks. This does work on an interface, but not on -r /var/log/pflog?
:
:On Fri, Mar 22, 2024 at 3:54 PM Stefan Sperling wrote:
:>
:> On
Thanks. This does work on an interface, but not on -r /var/log/pflog?
On Fri, Mar 22, 2024 at 3:54 PM Stefan Sperling wrote:
>
> On Fri, Mar 22, 2024 at 03:39:57PM +0500, ofthecentury wrote:
> > I am getting wireless disassociation attacks.
> > I wanted to look at the packets via:
> > `tcpdump
On Fri, Mar 22, 2024 at 03:39:57PM +0500, ofthecentury wrote:
> I am getting wireless disassociation attacks.
> I wanted to look at the packets via:
> `tcpdump -nettt -I -i athn0 -s 256
> type mgt subtype disassoc`
> but I get an error:
> "tcpdump: type not supported on linktype 0x1"
> Should work
I am getting wireless disassociation attacks.
I wanted to look at the packets via:
`tcpdump -nettt -I -i athn0 -s 256
type mgt subtype disassoc`
but I get an error:
"tcpdump: type not supported on linktype 0x1"
Should work according to man tcpdump.
6 matches
Mail list logo
