Passive sniffing demo: Verify de/re-authentication of target devices

[poser]

The wiki spec currently suggests verifying each targeted device with its own -R "eapol" tshark process...

$ tshark -2 -n -l -i monY -R "eapol" | grep -i "<target_mac>"

...but we could, instead, use application logic to determine--based on the output from a single tshark process--the subset of targeted devices for which we have captured the necessary handshake packets:

$ tshark -2 -n -l -i monY -R "eapol" | grep -i "<ap_mac>"

In either case, we need the other, longer-lived tshark process (or airtun-ng process or whatever it is) to be running before we do so, as that is where the handshake packets will actually be captured and used for decryption.

[poser]

Done (and reflected in the GUI by the padlock color in the corresponding row of the data table)