Closed dove1413 closed 5 years ago
dove1413
commented
5 years ago More specifically , After decrypted with make_wpa2_decrypter_proxy, Under my handler, I get a bunch of PDU &pdu , which I could write to a pcap file with PacketWriter, And then apply a filter with this pcap so I could get filtered traffics, But I want to process it real-time, Any insight?
mfontanini
commented
5 years ago You can apply a filter but you should make it flexible enough to also consider EAPOL packets. You could also use OfflinePacketFilter to filter packets in memory after they're parsed but you'll need to have them serialized before you can do that.
dove1413
commented
5 years ago OfflinePacketFilter
Thx for replying, Flexible enough filter is impossible since all data are encrypted(my filter mostly aim to the datas frame) :( I'm thinking about serializing the Package to pcap format with PDU,and send to an offline filter , But I'm afraid that takes too much of cpu or memory so the process can't be online, You know the wifi packages may be a lot. So I'm just trying with some codes under handler for simple filtering for testing
hi, I'm using make_wpa2_decrypter_proxy and need to filter the traffic. But the filter set by SnifferConfiguration.set_filter must be none so that this proxy could get the eapol package, So this filter seems useless in this situation. Any easy way I could set a filter to those decrypted traffics?