I'm capturing wireless traffic in monitor mode with WireShark. I want to capture traffic only for a certain BSS. While wlan.bssid == xx:xx:xx:xx:xx:xx works well as a display filter, I don't want my data cluttered with useless traffic that I'm not interested in (the air is quite cluttered in every channel).
So the question here:
- Are there some especially useful capture filters for Wireless capture?
- What's the best way to capture traffic to or from an AP only?
Best Answer
Here are some more useful capture filters:
wlan sa (source address):
wlan src XX:XX:XX:XX:XX:XX
wlan da (destination address):
wlan dst XX:XX:XX:XX:XX:XX
wlan ra (receiver address):
wlan addr1 XX:XX:XX:XX:XX:XX
wlan ta (transmitter address):
wlan addr2 XX:XX:XX:XX:XX:XX
wlan host XX:XX:XX:XX:XX:XX
Thanks to Guy Harris.