improved help: added simple example to create a BPF via tcpdump high …

…level language without activated monitor mode
ZerBea · Nov 27, 2023 · 320d2ca · 320d2ca
1 parent 23bf263
commit 320d2ca
Showing 1 changed file with 5 additions and 7 deletions.
diff --git a/hcxdumptool.c b/hcxdumptool.c
@@ -4494,7 +4494,7 @@ fprintf(stdout, "%s %s  (C) %s ZeroBeat\n"
 	"stop all services that have access to the interface, e.g.:\n"
 	" $ sudo systemctl stop NetworkManager.service\n"
 	" $ sudo systemctl stop wpa_supplicant.service\n"
-	"run %s - it will set appropriate monitor mode\n"
+	"run %s - it will set an appropriate monitor mode\n"
 	" scan for ACCESS POINTS in range (packets are not stored to tum file, not in combination with attack modes)\n"
 	"  $ %s -i INTERFACENAME -F --rcascan=active\n"
 	" attack target(s) (not in combination with rcascan)\n"
@@ -4558,21 +4558,19 @@ fprintf(stdout, "%s %s  (C) %s ZeroBeat\n"
 	"-I <INTERFACE> : show detailed information about INTERFACE and terminate\n"
 	"--bpf=<file>   : input kernel space Berkeley Packet Filter (BPF) code\n"
 	"                  steps to create a BPF (it only has to be done once):\n"
-	"                  set monitor mode\n"
-	"                   $ %s -m <interface>\n"
 	"                  create BPF to protect MACs (recommended to protect own devices)\n"
-	"                   $ tcpdump -i <INTERFACE> not wlan addr2 11:22:33:44:55:66 -ddd > protect.bpf\n"
+	"                   $ tcpdump -y IEEE802_11_RADIO not wlan addr2 11:22:33:44:55:66 -ddd > protect.bpf\n"
 	"                  create BPF to attack a MAC\n"
-	"                   $ tcpdump -i <INTERFACE> wlan addr1 11:22:33:44:55:66 or wlan addr2 11:22:33:44:55:66 or wlan addr3 11:22:33:44:55:66 -ddd > attack.bpf\n"
+	"                   $ tcpdump -y IEEE802_11_RADIO wlan addr1 11:22:33:44:55:66 or wlan addr2 11:22:33:44:55:66 or wlan addr3 11:22:33:44:55:66 -ddd > attack.bpf\n"
 	"                   it is strongly recommended to allow all PROBEREQUEST frames (wlan_type mgt or wlan_subtype probe-req)\n"
-	"                   $ tcpdump -i <interface> wlan addr1 11:22:33:44:55:66 or wlan addr2 11:22:33:44:55:66 or wlan addr3 11:22:33:44:55:66 or wlan addr3 ff:ff:ff:ff:ff:ff -ddd > attack.bpf\n"
+	"                   $ tcpdump -y IEEE802_11_RADIO wlan addr1 11:22:33:44:55:66 or wlan addr2 11:22:33:44:55:66 or wlan addr3 11:22:33:44:55:66 or wlan addr3 ff:ff:ff:ff:ff:ff -ddd > attack.bpf\n"
 	"                  see man pcap-filter for a list of all filter options\n"
 	"                  add BPF code: \n"
 	"                   $ %s -i <INTERFACE> --bpf=attack.bpf ...\n"
 	"-h             : show this help\n"
 	"-v             : show version\n"
 	"\n",
-	eigenname, VERSION_TAG, VERSION_YEAR, eigenname, eigenname, TIMEHOLD / 1000000000ULL, eigenname, eigenname);
+	eigenname, VERSION_TAG, VERSION_YEAR, eigenname, eigenname, TIMEHOLD / 1000000000ULL, eigenname);
 fprintf(stdout, "less common options:\n--------------------\n"
 	"--disable_beacon          : do not transmit BEACON frames\n"
 	"--disable_deauthentication: do not transmit DEAUTHENTICATION/DISASSOCIATION frames\n"