Kismet Wireless

Kismet Forums

 

Posted by:dragorn
Subject:Parsing out just clients, unassociated clients, and adding a timestamp
Date:19:07:04 26/03/2017

> I jumped into IRC yesterday but got dropped while my computer sat waiting for a response. If I missed you, sorry.

Yeah you timed out about 20 minutes after I woke up (US east coast)

>
> I'll give the new code a look in a bit - sounds really schnazzy. As for the current code, is this a reasonable assumption?
>
> - Run CLIENT MAC,BSSID
> - Filter lines where MAC=BSSID
> - For all remaining lines, MAC indicates a client and BSSID indicates an AP
>

Yeah - client lists all clients in a BSSID, keyed on BSSID; and an unassociated client is also a BSSID. So you'll need to list them all, filter by mac address, correlate a client in multiple devices.

> Also, I've done a bit of digging through the documentation and forums to find out what some of the fields represent - things like "type," for instance. What do these values mean, and what do they represent? If I can use them to better parse out the data and filter out the MAC addresses, that would be helpful.
>

So part of the problem (and why the new protocol is so much better) is that there is no documentation other than the source code for the old protocol. If you grep CLIENT you'll find all the fields and you can see how they're created - type is a bitset of all types the device has acted as, if I recall, likely defined in nettracker.h.

> Lastly, say I had a device where I wanted to get its MAC address, but I didn't want to dig through menus to find it. Is there a command I could run repeatedly to send out packets, pick these packets up with Kismet based on some signature in the packet, and thereby get the MAC that way? For instance, could I have a system send out ping requests in quick succession so I could detect the device in Kismet? (I hope that makes sense).

Not with anything built into kismet; i guess you could inject packets to a specific MAC (you could maybe even inject as ethernet w/out getting into raw packet injection and look for a data frame to a specific fake MAC).

All of this is way way simpler with the new network model and new API :)


Reply to this message