Kismet Wireless

Kismet Forums

 

Posted by:dragorn
Subject:Large number of networks
Date:15:44:19 30/07/2017

>
> Thanks Dragorn,
>
> 2) It's a Qualcom Atheros, QCA6174 so that could be a good part of it. How do I set up the card/monitor to avoid those junk packets? Or how do I filter those out?
> 3) there's not much you can do here, is there? Or can you filter out single occurrences of devices? Possibly cleaning the output JSON files in python before reading them back in?

Unfortunately there's nothing you can do to make an ath10k work properly, currently - as far as I can tell the firmware is spamming junk packets, and stripping the very data we need to validate them in software.

You could definitely filter out singleton devices in some additional processing stage; I'll put it on the list of something to think about going forwards as a possible setting for the server, too. I haven't looked at how often bogus networks duplicate. There will be a LOT of other broken crap in all your network records though that can't be trivially filtered - singleton matching would only catch instances of a corrupted source mac, but will miss all the bogus destination/bssid macs from a valid source.

Unfortunately the ath10k just isn't really usable for monitor in it's current state. I'll try to look at the drivers again and see if there's anything that can be done there, but I'm pretty sure it's in the firmware, which is closed source.


Reply to this message