Right on. It should be -y IEEE802_11 to see dissociations, though. IEEE802_11_RADIO just gives scan results.
On Fri, Mar 22, 2024 at 4:33 PM Peter Hessler <phess...@theapt.org> wrote: > > pflog does not monitor the RADIO. They are not Layer 3 packets, and are > not seen by pf. > > > On 2024 Mar 22 (Fri) at 16:25:08 +0500 (+0500), ofthecentury wrote: > :Thanks. This does work on an interface, but not on -r /var/log/pflog? > : > :On Fri, Mar 22, 2024 at 3:54 PM Stefan Sperling <s...@stsp.name> wrote: > :> > :> On Fri, Mar 22, 2024 at 03:39:57PM +0500, ofthecentury wrote: > :> > I am getting wireless disassociation attacks. > :> > I wanted to look at the packets via: > :> > `tcpdump -nettt -I -i athn0 -s 256 > :> > type mgt subtype disassoc` > :> > but I get an error: > :> > "tcpdump: type not supported on linktype 0x1" > :> > Should work according to man tcpdump. > :> > > :> > > :> > :> Works only with tcpdump -y IEEE802_11_RADIO > : > > -- > To err is human, to moo bovine.
