sam_wood

Thanks Honkey, Is there a way to just target one bssid in tcpdump? As this would get rid of the need, in my case, to use airodump?

Hi all, Just to start I am very new to this world so my question may seem a bit on the easy side for most, and I may need any replies explained in single syllabus. So here goes. I currently run airodump-ng through kali Linux on a laptop connected to a alfa card and aerial. I need to monitor specific ap over a long term soak (ie over many hours where I leave the kit) for the mac addresses of the devices that connect to it. Then through wireshark carry out analysis to establish when certain devices connect to it and leave and at what times. so currently I will put in command: airodump-ng -c (channel) --bssid=(mac address) -w (filename) --output-format=pcap mon0 I now have the pineapple V and obviously want to use this (as I can then hopefully use just the pineapple and battery left in situ instead of laptop and aerial). I know I can do a tcpdump to achieve this but it gains too much info of other ap's and all the associated data that i'm not interested in. So looking on the forums I have downloaded 'putty' to make and SSH connection and put in the above command, which seemed to work but was saving to the device memory and obviously this wont be enough to store much data, so I changed directory to /sd (ie cd /sd) then re entered the command in a hope to get the output onto the sd card. The problem with this is I then had to download filezilla to get the saved data off the Pineapple onto my windows desktop to play with it in Wireshark. The bigger problem is that I set the command running but as soon as I shut down putty the Pineapple stops collecting data, therefore putting me back to square one of needing to have the laptop attached . So ladies and gents what I am trying to achieve is obtaining information from a already identified AP of the devices that have associated to it and at what times, I don't need mountains of data (hence when doing it from tcpdump I also include in the command '(type mgt or type ctl) and (not type mgt subtype beacon)' to reduce the data I don't need) here are the questions: Is there an easier way to achieve what I want? If I am to use airodump-ng through putty how do I get it to save specifically to the SD card (or possible a USB memory stick)? If I am to use airodump-ng through putty how do I set the pineapple off running and then disconnect the laptop and come back later to the juicy data? As I have said i'm very much a novice so please be gentle. Sam